Many Thanks Patrick,
I thought about using a SAP reference System where we have to setup Mapping for every user.
I stumbled around LogonTickets with 2 entries many times but I thought we have to setup a optional LDAP field but our AD Administrators do not like this. Did not know that it is also possible to use existing LDAP attributes.
Sounds to me that this is the right solution for me.
Thank you again,
I will try it out the next days.
regards
Christoph