diff --git a/Gemfile b/Gemfile
index 8ce63ab..035f806 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,6 +25,8 @@ gem 'jbuilder', '~> 2.7'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', '>= 1.4.2', require: false
 
+gem 'net-ldap'
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
diff --git a/Gemfile.lock b/Gemfile.lock
index edd2a3c..8a5f3e2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -99,6 +99,7 @@ GEM
     mini_portile2 (2.4.0)
     minitest (5.14.2)
     msgpack (1.3.3)
+    net-ldap (0.16.3)
     nio4r (2.5.4)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
@@ -214,6 +215,7 @@ DEPENDENCIES
   database_cleaner
   jbuilder (~> 2.7)
   listen (~> 3.2)
+  net-ldap
   puma (~> 4.1)
   rails (~> 6.0.3, >= 6.0.3.4)
   rspec-rails
diff --git a/app/controllers/ldap_users_controller.rb b/app/controllers/ldap_users_controller.rb
new file mode 100644
index 0000000..1c0d7cc
--- /dev/null
+++ b/app/controllers/ldap_users_controller.rb
@@ -0,0 +1,36 @@
+class LdapUsersController < ApplicationController
+  def index
+    attributes = %w{dn cn uid mail admin}
+    filter = Net::LDAP::Filter.eq("uid", "*")
+    if params[:ou]
+      treebase = "ou=#{params[:ou]},cn=users,dc=kosmos,dc=org"
+    else
+      treebase = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
+    end
+
+    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+    entries.sort_by! { |e| e.cn[0] }
+
+    @entries = entries.collect do |e|
+      {
+        uid: e.uid.first,
+        mail: e.try(:mail) ? e.mail.first : nil,
+        admin: e.try(:admin) ? 'admin' : nil
+      }
+    end
+    # ldap_client.get_operation_result
+  end
+
+  private
+
+  def ldap_client
+    ldap_client ||= Net::LDAP.new host: "ldap.kosmos.org",
+      port: 636,
+      encryption: :simple_tls,
+      auth: {
+        method: :simple,
+        username: Rails.application.credentials.ldap[:username],
+        password: Rails.application.credentials.ldap[:password]
+      }
+  end
+end
diff --git a/app/helpers/ldap_users_helper.rb b/app/helpers/ldap_users_helper.rb
new file mode 100644
index 0000000..81e2eff
--- /dev/null
+++ b/app/helpers/ldap_users_helper.rb
@@ -0,0 +1,2 @@
+module LdapUsersHelper
+end
diff --git a/app/views/ldap_users/index.html.erb b/app/views/ldap_users/index.html.erb
new file mode 100644
index 0000000..30ec77d
--- /dev/null
+++ b/app/views/ldap_users/index.html.erb
@@ -0,0 +1,25 @@
+<h1>LDAP users</h1>
+
+<ul>
+  <li><%= link_to 'kosmos.org', ldap_users_path %></li>
+  <li><%= link_to '5apps.com', ldap_users_path(ou: '5apps.com') %></li>
+</ul>
+
+<table>
+  <thead>
+    <tr>
+      <th>UID</th>
+      <th>E-Mail</th>
+      <th>Admin</th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @entries.each do |entry| %>
+    <tr>
+      <td><%= entry[:uid] %></td>
+      <td><%= entry[:mail] %></td>
+      <td><%= entry[:admin] %></td>
+    </tr>
+    <% end %>
+  </tbody>
+</table>
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
index 8efda74..6d3f4e0 100644
--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@@ -1 +1 @@
-8IXKLNKX9y9FiaORo3P7CfQtzgpAo43zzJ8cKuEtb8R2ebH4/ueNL9E11v3UvOtk9SjYygkuCZNOjooyATDLd6bWx4U1NTLaz3WQ1++SKTS/1rRxyxYaTAuJrMr28xbWgo5sfHk7IZTVctTPTI+kjTMEzPNDM6sTsS7aoDTrA8NNCC4pQm/Z96MfyLxDDaOeX2puVOUg7rxRaxU0JpN9a/clXj7ayTEz96GGxLKB4FCMrCpo2sG/tzPb4yxCwMXZBXw40szyKAMRR+Ykmuoa0mW7XGFHdz/Kq4bCs9e3LLip4bojA9BxS5MRz1TDTwpbVRqxLZQad+dixm2BbALA5LuETUE5lENmlpEolU5wWnn/dA+e+Tfc7GWRsMo+qrk5JND4JirPeTC0Z14SHFfQG4NBt3Ks49n7AwDS--nekP4JgmQIVBum6k--A1+e45VTLt8Pylu3B8920A==
\ No newline at end of file
+2Xf7uhBU+61XZL2HMF8Xs9fhVkpOhNfV5PKkHPu4uASpP1zwEJZcRyTJrhBVvJ29Y3m+3hhNAI2OeiYFDPepMDWcocrVjS+am/Gt9DW2tbhYZo0nN9lMU6EymQ5tl9ROgnvcPukwf823/Mrb6zPBysHruOlhdRc7JmW6EXuxL6tUhGsSJmaRfGiMWwiioJsyHCB2VsesKZlSDxItnhuX5d8gBABJyNdzi+Pyepz7MWkWp6ux80jOANq5uljn8bP5CLgUZKoGgveKzZdIs2uNb0wSIohSn+Ckfm+QhMm6mlEocAkHPt+nToiNAmSnx7p/l1sqKNFXslXHJKdkFFr8tx/R45aGPA/nL6R16DOnjtsJ84JXeh13VwR/0ZkyzsM2dQIwCvwo3xjdgBi46HWMwXwm6Y3A+ni6sK5BEvmAT4qu--AoOw35tpM//TeoWI--Uz4fvyRgmc2ewK6d7OFo6A==
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index a5d2ba9..0fb4ed4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,4 +1,5 @@
 Rails.application.routes.draw do
+  get 'ldap_users', to: 'ldap_users#index'
+
   root to: 'welcome#index'
-  # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
 end
diff --git a/spec/helpers/ldap_users_helper_spec.rb b/spec/helpers/ldap_users_helper_spec.rb
new file mode 100644
index 0000000..4d06114
--- /dev/null
+++ b/spec/helpers/ldap_users_helper_spec.rb
@@ -0,0 +1,15 @@
+require 'rails_helper'
+
+# Specs in this file have access to a helper object that includes
+# the LdapUsersHelper. For example:
+#
+# describe LdapUsersHelper do
+#   describe "string concat" do
+#     it "concats two strings with spaces" do
+#       expect(helper.concat_strings("this","that")).to eq("this that")
+#     end
+#   end
+# end
+RSpec.describe LdapUsersHelper, type: :helper do
+  pending "add some examples to (or delete) #{__FILE__}"
+end
diff --git a/spec/views/ldap_users/index.html.erb_spec.rb b/spec/views/ldap_users/index.html.erb_spec.rb
new file mode 100644
index 0000000..2f3ad32
--- /dev/null
+++ b/spec/views/ldap_users/index.html.erb_spec.rb
@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe "ldap_users/index.html.erb", type: :view do
+  pending "add some examples to (or delete) #{__FILE__}"
+end