diff --git a/LDAP-authentication.md b/LDAP-authentication.md
index b9c836e..bb694ae 100644
--- a/LDAP-authentication.md
+++ b/LDAP-authentication.md
@@ -11,4 +11,46 @@ Following parameter are available. No default values are provided that means you
 * `ldap_base` The base DN from where the users must be searched for.
 * `ldap_reader_dn` The DN of the LDAP account with read rights to the subtree from ldap_base
 * `ldap_secret` The password of the ldap_reader_dn
-* `ldap_filter` The ldap filter to find the DN of the login user. This filter must contain a python format string with placeholder(s) for the login: (&(objectClass=person)(cn={0}))
\ No newline at end of file
+* `ldap_filter` The ldap filter to find the DN of the login user. This filter must contain a python format string with placeholder(s) for the login: (&(objectClass=person)(cn={0}))
+
+## Using LDAP group membership of users
+There is an additional variable `ldap_load_groups`. Settings this to `True` the `memberOf` LDAP-attributes of the user will be evaluated and can be used for the handling of access rights management and to the access to group calendars.
+The group calendars will not be created automaticaly but you have to create it on demand. After next access to the server the new calender is visible for all member of the group. 
+
+```
+#!/bin/bash
+# create-group-calendar.sh
+# Copyright (c) 2024 Peter Varkoly Nürnberg, Germany.  All rights reserved.
+# Script to create a group calender for Radicale
+#
+if (( $# != 2))
+then
+        echo "Usage $0 'group name' 'Calendar Description'"
+        exit
+fi
+
+name=$1
+description=$2
+base64name=$( echo -n ${name} | base64 )
+color="$(head -c3 </dev/urandom|xxd -p -u )"
+
+mkdir -p /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/.Radicale.cache/sync-token
+echo '{"C:calendar-description": "'${description}'", "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO", "D:displayname": "'${name}'", "ICAL:calendar-color": "#'${color,,}'ff", "ICAL:calendar-order": "2", "tag": "VCALENDAR"}' > /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/.Radicale.props
+
+chown -R radicale /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/
+```
+You can use the group membership also for managing the rights. For examle you want to give everyone read rights to the group calendars in which he is a member and write access to the member of the group administrators. This can you achive with following rules:
+
+```
+[calendarsWriter]
+groups: administrators
+collection: GROUPS/[^/]+
+permissions: rw
+
+[calendarsReader]
+user: .+
+collection: GROUPS/[^/]+
+permissions: r
+```
+
+**Important** The members of the group administrators have only write access to the group calendars in which he is a member.
\ No newline at end of file