diff --git a/attributes/default.rb b/attributes/default.rb
index 075391f..962c077 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -6,11 +6,20 @@ node.default['blossom']['group'] = 'blossom'
 node.default['blossom']['port'] = 3000
 node.default['blossom']['host'] = '0.0.0.0'
 node.default['blossom']['domain'] = 'blossom.example.com'
+node.default['blossom']['allow_anonymous_uploads'] = true
 node.default['blossom']['allowed_pubkeys'] = []
 
 node.default['blossom']['storage']['backend'] = 'local'
 node.default['blossom']['storage']['local']['dir'] = "/home/#{node['blossom']['user']}/data/blobs"
 node.default['blossom']['storage']['s3'] = {}
+
+node.default['blossom']['ldap']['enabled'] = false
+node.default['blossom']['ldap']['url'] = nil
+node.default['blossom']['ldap']['bind_dn'] = nil
+node.default['blossom']['ldap']['password'] = nil
+node.default['blossom']['ldap']['search_dn'] = nil
+node.default['blossom']['ldap']['search_filter'] = nil
+
 node.default['blossom']['max_size'] = 104857600
 node.default['blossom']['list']['enabled'] = true
 node.default['blossom']['list']['require_auth'] = true
diff --git a/recipes/default.rb b/recipes/default.rb
index 79ff4d6..5459248 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -58,6 +58,8 @@ template "#{node['blossom']['install_dir']}/config.yml" do
     storage_backend: node['blossom']['storage']['backend'],
     storage_local_dir: node['blossom']['storage']['local']['dir'],
     storage_s3: node['blossom']['storage']['s3'],
+    allow_anonymous_uploads: node['blossom']['allow_anonymous_uploads'],
+    ldap: node['blossom']['ldap'],
     allowed_pubkeys: node['blossom']['allowed_pubkeys'],
     max_size: node['blossom']['max_size'],
     list_enabled: node['blossom']['list']['enabled'],
diff --git a/templates/default/config.yml.erb b/templates/default/config.yml.erb
index c3595a2..b39a346 100644
--- a/templates/default/config.yml.erb
+++ b/templates/default/config.yml.erb
@@ -27,7 +27,14 @@ storage:
 <% @allowed_pubkeys.each do |pk| %>
         - "<%= pk %>"
 <% end %>
-<% else %>
+<% end %>
+<% if @ldap['enabled'] %>
+    - type: "*"
+      expiration: "100 years"
+      ldap:
+        filter: "<%= @ldap['search_filter']%>"
+<% end %>
+<% if @allow_anonymous_uploads %>
     - type: "image/*"
       expiration: 1 month
     - type: "video/*"
@@ -36,10 +43,19 @@ storage:
       expiration: 1 week
 <% end %>
 
+<% if @ldap %>
+ldap:
+  enabled: <%= @ldap['enabled'] %>
+  url: "<%= @ldap['url'] %>"
+  bindDN: "<%= @ldap['bind_dn'] %>"
+  password: "<%= @ldap['password'] %>"
+  searchDN: "<%= @ldap['search_dn'] %>"
+<% end %>
+
 upload:
   enabled: true
-  requireAuth: <%= @allowed_pubkeys && !@allowed_pubkeys.empty? ? 'true' : 'false' %>
-  requirePubkeyInRule: <%= @allowed_pubkeys && !@allowed_pubkeys.empty? ? 'true' : 'false' %>
+  requireAuth: <%= !@allow_anonymous_uploads %>
+  requirePubkeyInRule: <%= !@allow_anonymous_uploads %>
   maxSize: <%= @max_size %>
 
 list: