diff --git a/defaults/main.yml b/defaults/main.yml
index 8b31fb6..8f3b00a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -50,6 +50,17 @@ matrix_http_bind_port: 8008
 matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
 matrix_https_bind_port: 8448
 
+matrix_ldap_auth_enabled: False
+matrix_ldap_auth_server: ldaps://ldap.example.com:636
+matrix_ldap_auth_use_starttls: "false"
+matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
+matrix_ldap_auth_uid_attr: "uid"
+matrix_ldap_auth_mail_attr: "email"
+matrix_ldap_auth_name_attr: "cn"
+# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
+# matrix_ldap_auth_bind_password: # defaults to not set
+# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
+
 matrix_postgres_enabled: False
 matrix_postgres_ssl_mode: disable
 matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
diff --git a/tasks/install.yml b/tasks/install.yml
index b6c4b50..832947f 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -33,6 +33,13 @@
         virtualenv: "{{ matrix_base_dir }}/env"
         virtualenv_command: /usr/bin/python3 -m venv
 
+    - name: Install ldap3 auth provider
+      pip:
+        name: "matrix-synapse-ldap3"
+        virtualenv: "{{ matrix_base_dir }}/env"
+        virtualenv_command: /usr/bin/python3 -m venv
+      when: matrix_ldap_auth_enabled
+
     - name: Create signing key
       shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_base_url | urlsplit('hostname')  }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\""
       args:
diff --git a/templates/opt/matrix/config/homeserver.yml.j2 b/templates/opt/matrix/config/homeserver.yml.j2
index 4c654a2..e6e65a7 100644
--- a/templates/opt/matrix/config/homeserver.yml.j2
+++ b/templates/opt/matrix/config/homeserver.yml.j2
@@ -686,7 +686,28 @@ password_config:
 #         #bind_password:
 #         #filter: "(objectClass=posixAccount)"
 
-
+{% if matrix_ldap_auth_enabled %}
+password_providers:
+    - module: "ldap_auth_provider.LdapAuthProvider"
+      config:
+          enabled: true
+          uri: "{{ matrix_ldap_auth_server }}"
+          start_tls: "{{ matrix_ldap_auth_use_starttls }}"
+          base: "{{ matrix_ldap_auth_basedn }}"
+          attributes:
+              uid: "{{ matrix_ldap_auth_uid_attr }}"
+              mail: "{{ matrix_ldap_auth_mail_attr }}"
+              name: "{{ matrix_ldap_auth_name_attr }}"
+          {% if matrix_ldap_auth_binddn is defined %}
+          bind_dn: "{{ matrix_ldap_auth_binddn }}"
+          {% endif %}
+          {% if matrix_ldap_auth_bind_password is defined %}
+          bind_password: "{{ matrix_ldap_auth_bind_password }}"
+          {% endif %}
+          {% if matrix_ldap_auth_filter is defined %}
+          filter: "{{ matrix_ldap_auth_filter }}"
+          {% endif %}
+{% endif %}
 
 # Clients requesting push notifications can either have the body of
 # the message sent in the notification poke along with other details
diff --git a/templates/opt/matrix/config/logging.config.j2 b/templates/opt/matrix/config/logging.config.j2
index 66b3131..c15c263 100644
--- a/templates/opt/matrix/config/logging.config.j2
+++ b/templates/opt/matrix/config/logging.config.j2
@@ -20,6 +20,7 @@ handlers:
         backupCount: 10
         filters: [context]
         encoding: utf8
+        level: DEBUG
     console:
         class: logging.StreamHandler
         formatter: precise
@@ -34,6 +35,14 @@ loggers:
         # information such as access tokens.
         level: INFO
 
+    {% if matrix_ldap_auth_enabled %}
+    ldap3:
+        level: DEBUG
+
+    ldap_auth_provider:
+        level: DEBUG
+    {% endif %}
+
 root:
     level: INFO
     handlers: [file, console]