diff --git a/lib/passport.js b/lib/passport.js
index 111f24a1..b1e6b737 100644
--- a/lib/passport.js
+++ b/lib/passport.js
@@ -1,8 +1,11 @@
 'use strict';
 
 let config = require('config');
+let log = require('npmlog');
+
 let passport = require('passport');
 let LocalStrategy = require('passport-local').Strategy;
+let LdapStrategy = require('passport-ldapjs').Strategy;
 let csrf = require('csurf');
 let bodyParser = require('body-parser');
 let users = require('./models/users');
@@ -30,7 +33,7 @@ module.exports.logout = (req, res) => {
 };
 
 module.exports.login = (req, res, next) => {
-    passport.authenticate('local', (err, user, info) => {
+    passport.authenticate(config.ldap.enabled ? 'ldap' : 'local', (err, user, info) => {
         if (err) {
             req.flash('danger', err.message);
             return next(err);
@@ -58,21 +61,66 @@ module.exports.login = (req, res, next) => {
     })(req, res, next);
 };
 
-passport.use(new LocalStrategy((username, password, done) => {
-    users.authenticate(username, password, (err, user) => {
-        if (err) {
-            return done(err);
-        }
+if (config.ldap.enabled) {
+    log.info('Using LDAP auth');
 
-        if (!user) {
-            return done(null, false, {
-                message: 'Incorrect username or password'
-            });
+    var opts = {
+        server: {
+            url: 'ldap://' + config.ldap.host + ':' + config.ldap.port,
+        },
+        base: config.ldap.baseDN,
+        search: {
+            filter: config.ldap.filter,
+            attributes: ['username', 'mail'],
+            scope: 'sub'
         }
+    };
 
-        return done(null, user);
-    });
-}));
+    passport.use(new LdapStrategy(opts, function (profile, done) {
+        users.findByUsername(profile.username, (err, user) => {
+            if (err) {
+                return done(err);
+            }
+
+            if (!user) {
+                // password is empty for ldap
+                users.add(profile.username, '', profile.mail, (err, id) => {
+                    if (err) {
+                        return done(err);
+                    }
+
+                    return done(null, {
+                        id: id,
+                        username: profile.username
+                    });
+                });
+            } else {
+                return done(null, {
+                    id: user.id,
+                    username: user.username
+                });
+            }
+        });
+    }));
+} else {
+    log.info('Using local auth');
+
+    passport.use(new LocalStrategy((username, password, done) => {
+        users.authenticate(username, password, (err, user) => {
+            if (err) {
+                return done(err);
+            }
+
+            if (!user) {
+                return done(null, false, {
+                    message: 'Incorrect username or password'
+                });
+            }
+
+            return done(null, user);
+        });
+    }));
+}
 
 passport.serializeUser((user, done) => {
     done(null, user.id);