diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp
index 682036b..0ddc26a 100644
--- a/ejabberd/manifests/init.pp
+++ b/ejabberd/manifests/init.pp
@@ -36,6 +36,21 @@
 #   $ejabberd_ldap_basedn:
 #       LDAP base dn.
 #
+#   $ejabberd_ldap_encrypt:
+#       LDAP encryption. Defaults to "tls".
+#
+#   $ejabberd_ldap_port:
+#       LDAP port. Defaults to 636.
+#
+#   $ejabberd_ldap_uidattr:
+#       LDAP UID attribute. Defaults to "uid".
+#
+#   $ejabberd_ldap_binddn:
+#       Optional bind DN.
+#
+#   $ejabberd_ldap_bindpw:
+#       Bind DN password.
+#
 class ejabberd {
 
     include user::system
@@ -51,6 +66,16 @@ class ejabberd {
         $ejabberd_auth = "internal"
     }
 
+    if !$ejabberd_ldap_encrypt {
+        $ejabberd_ldap_encrypt = "tls"
+    }
+    if !$ejabberd_ldap_port {
+        $ejabberd_ldap_port = "636"
+    }
+    if !$ejabberd_ldap_uidattr {
+        $ejabberd_ldap_uidattr = "uid"
+    }
+
     case $ejabberd_muclog_format {
         "","html","plaintext": { }
         default: {
diff --git a/ejabberd/templates/ejabberd.cfg.erb b/ejabberd/templates/ejabberd.cfg.erb
index 65aa203..67f7ab4 100644
--- a/ejabberd/templates/ejabberd.cfg.erb
+++ b/ejabberd/templates/ejabberd.cfg.erb
@@ -225,10 +225,14 @@ override_acls.
 <% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
 {ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
 {ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
-{ldap_encrypt, tls}.
-{ldap_port, 636}.
-{ldap_uids, [{"uid", "%u"}]}.
+{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}.
+{ldap_port, <%= @ejabberd_ldap_port %>}.
+{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}.
 {ldap_filter, "(!(loginShell=/sbin/nologin))"}.
+<%   if @ejabberd_ldap_binddn -%>
+{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}.
+{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}.
+<%   end -%>
 <% end -%>
 
 %%