diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php
index 21fb8c590f..4c7b37add3 100644
--- a/phpgwapi/inc/class.accounts_ldap.inc.php
+++ b/phpgwapi/inc/class.accounts_ldap.inc.php
@@ -39,7 +39,6 @@
 		'halt'     => True,
 		'ldap'     => True,
 		'mail'     => True,
-		'nscd'     => True,
 		'news'     => True,
 		'uucp'     => True,
 		'operator' => True,
@@ -72,7 +71,8 @@
 		'pvm'      => True,
 		'squid'    => True,
 		'ident'    => True,
-		'mailnull' => True
+		'mailnull' => True,
+		'cyrus'	  => True
 	);
 
 	class accounts_
@@ -305,41 +305,44 @@
 			}
 		}
 
-		function exists($account_lid)
+		/*
+		 * returns nonzero if $account exists in SQL or LDAP: 0: nowhere 1: SQL, 2: LDAP, 3: SQL+LDAP
+		 * $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by gettype($account) == 'interger')
+		 */
+		function exists($account)
 		{
 			global $phpgw, $phpgw_info;
 
-			if(gettype($account_lid) == 'integer')
+			if(gettype($account) == 'integer')
 			{
-				$account_id = $account_lid;
-				settype($account_lid,'string');
-				$account_lid = $this->id2name($account_id);
+				$sql_name  = 'account_id';
+				$ldap_name = 'uidnumber';
 			}
-
-			$this->db->query("SELECT count(*) FROM phpgw_accounts WHERE account_lid='".$account_lid."'",__LINE__,__FILE__);
+			else
+			{						
+				$sql_name  = 'account_lid';
+				$ldap_name = 'uid';
+			}
+			$this->db->query("SELECT count(*) FROM phpgw_accounts WHERE $sql_name='$account'",__LINE__,__FILE__);
 			$this->db->next_record();
 			if ($this->db->f(0))
 			{
-				$insql = True;
-			}
-			else
-			{
-				$insql = False;
+				$in += 1;
 			}
 
 			$ds = $phpgw->common->ldapConnect();
-			$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=".$account_lid);
+			$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "$ldap_name=$account");
 			$allValues = ldap_get_entries($ds, $sri);
 
-			if ($allValues[0]["dn"]) {
-				$inldap = True;
-			} else {
-				$inldap = False;
+			if ($allValues[0]["dn"]) 
+			{
+				$in += 2;
 			}
-
-			$rtrn = $insql || $inldap;
-			return $rtrn;
+			// echo "<p>class_accounts_ldap->exists('$account') == $in</p>";
+			
+			return $in;
 		}
+		
 
 		function create($account_info)
 		{
@@ -347,7 +350,7 @@
 
 			$ds = $phpgw->common->ldapConnect();
 
-			if (! $account_info['account_id'])
+			if (!($account_id = $account_info['account_id']))
 			{
 				if ($phpgw_info['server']['account_min_id']) { $min = $phpgw_info['server']['account_min_id']; }
 				if ($phpgw_info['server']['account_max_id']) { $max = $phpgw_info['server']['account_max_id']; }
@@ -384,13 +387,12 @@
 				. "','" . $account_info['account_type'] . "','" . md5($account_info['account_passwd']) . "', '" . $account_info['account_firstname']
 				. "','" . $account_info['account_lastname'] . "','" . $account_info['account_status'] . "'," . $account_info['account_expires'] . ")",__LINE__,__FILE__);
 
-			$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'],'uid=' . $account_info['lid']);
+			$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'],'uid=' . $account_info['account_lid']);
 			$allValues = ldap_get_entries($ds, $sri);
 
 			$entry['uidnumber']    = $account_id;
-			$entry['gidnumber']    = $account_id;
 			$entry['uid']          = $account_info['account_lid'];
-			$entry['cn']           = sprintf('%s %s', $account_firstname, $account_info['account_lastname']);
+			$entry['cn']           = sprintf('%s %s', $account_info['account_firstname'], $account_info['account_lastname']);
 			$entry['sn']           = $account_info['account_lastname'];
 			$entry['givenname']    = $account_info['account_firstname'];
 			$entry['userpassword'] = $phpgw->common->encrypt_password($account_info['account_passwd']);
diff --git a/setup/ldap.php b/setup/ldap.php
index b9a3a79655..0bad9ff06d 100644
--- a/setup/ldap.php
+++ b/setup/ldap.php
@@ -68,7 +68,7 @@
 		exit;
 	}
 
-	$sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber'));
+	$sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber','gidnumber'));
 	$info = ldap_get_entries($ldap, $sr);
   
 	for ($i=0; $i<$info['count']; $i++) {
@@ -77,6 +77,7 @@
 			$account_info[$i]['account_lid']       = $info[$i]['uid'][0];
 			$account_info[$i]['account_firstname']  = $info[$i]['givenname'][0];
 			$account_info[$i]['account_lastname'] = $info[$i]['sn'][0];
+			$account_info[$i]['gidnumber'] = $info[$i]['gidnumber'][0];
 		}
 	}
 
@@ -143,13 +144,11 @@
 			}
 			$acl->save_repository();
 
-			while ($account = each($account_info))
+			while (list($nul,$account) = each($account_info))
 			{
 				$id_exist = 0;
-				$thisacctid  = $account[1]['account_id'];
-				$thisacctlid = $account[1]['account_lid'];
-				$thisfirstname = $account[1]['account_firstname'];
-				$thislastname  = $account[1]['account_lastname'];
+				$thisacctid  = $account['account_id'];
+				$thisacctlid = $account['account_lid'];
 
 				// Do some checks before we try to import the data.
 				if (!empty($thisacctid) && !empty($thisacctlid))
@@ -159,21 +158,24 @@
 
 					// Check if the account is already there.
 					// If so, we won't try to create it again.
-					$acct_exist = $acct->name2id($thisacctlid);
-					if ($acct_exist)
-					{
-						$thisacctid = $acct_exist;
+					$acct_exist = $acct->name2id($thisacctlid);	// name2id checks only SQL
+					if ($acct_exist)										// this gives the SQL account_id a preference over LDAP uidnummber
+					{															// this could be fatal if one already has an user with account_lid == uid
+						// $thisacctid = $acct_exist;					// and uses the LDAP uidnumber for an unix account
+						if ($acct_exist != $thisacctid)
+							echo "<p>WARNING: user '$thisacctlid'=$thisacctid already exist in SQL under the account_id=$acct_exist</p>";
 					}
 					$id_exist = $accounts->exists(intval($thisacctid));
-					// If not, create it now.
-					if(!$id_exist)
+					// If the account does not exist in _both_ (== returnvalue < 3) create it
+					if($id_exist < 3)
 					{
 						$thisaccount_info = array(
 							'account_type'      => 'u',
+							'account_id'		  => $thisacctid,
 							'account_lid'       => $thisacctlid,
 							'account_passwd'    => 'x',
-							'account_firstname' => $thisfirstname,
-							'account_lastname'  => $thislastname,
+							'account_firstname' => $account['account_firstname'],
+							'account_lastname'  => $account['account_lastname'],
 							'account_status'    => 'A',
 							'account_expires'   => -1
 						);
@@ -200,6 +202,16 @@
 						}
 					}
 
+					// Check if user has a group assigned in LDAP and this group exists (in SQL)
+					// --> make him member of this group instead of the 'Default' group
+					if (($gid = $account['gidnumber']) && ($gname = $acct->id2name($gid))) 
+					{
+						// echo "<p>putting '$thisacctlid' in Group gid=$gid</p>\n";
+
+						$acl->delete('phpgw_group',$gid,1);
+						$acl->add('phpgw_group',$gid,1);
+					} else 					
+					
 					// Now make them a member of the 'Default' group.
 					// But, only if the current user is not the group itself.
 					if ($defaultgroupid != $thisacctid)