diff --git a/lam/HISTORY b/lam/HISTORY
index 103c01be..a3821b88 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,4 +1,5 @@
 March 2012 3.7
+  - login: support bind user for login search
   - Fixed bugs:
    -> DHCP: error message not displayed properly (3441975)
    -> Profile loading not possible if required fields are not filled (3444948)
diff --git a/lam/help/help.inc b/lam/help/help.inc
index 79d319bf..e14cb8c3 100644
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@@ -28,6 +28,7 @@ $Id$
  * LDAP Account Manager help entries.
  * 
  * @author Michael Duergner
+ * @author Roland Gruber
  * @package Help
  */
 
@@ -115,6 +116,8 @@ $helpArray = array (
 					"Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")),
 				"223" => array ("Headline" => _("HTTP authentication"),
 					"Text" => _("If enabled then LAM will use user and password that is provided by the web server via HTTP authentication.")),
+				"224" => array ("Headline" => _("Bind user and password"),
+					"Text" => _("Here you can specify the DN and password of the bind user that will be used for the LDAP search. This is required if your LDAP server does not allow anonymous access.")),
 				"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
 					"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
 				"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index 9636644c..5c3a5875 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -254,6 +254,12 @@ class LAMConfig {
 	/** search filter for login */
 	private $loginSearchFilter = 'uid=%USER%';
 	
+	/** bind user for login search */
+	private $loginSearchDN = '';
+	
+	/** bind password for login search */
+	private $loginSearchPassword = '';
+	
 	/** specifies if HTTP authentication should be used */
 	private $httpAuthentication = 'false';
 	
@@ -277,7 +283,7 @@ class LAMConfig {
 		"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
 		"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
 		'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject',
-		'lamProMailText', 'lamProMailIsHTML', 'httpAuthentication');
+		'lamProMailText', 'lamProMailIsHTML', 'httpAuthentication', 'loginSearchDN', 'loginSearchPassword');
 
 
 	/**
@@ -428,6 +434,8 @@ class LAMConfig {
 			if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
 			if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n");
 			if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n");
+			if (!in_array("loginSearchDN", $saved)) array_push($file_array, "\n\n# Bind DN for login search.\n" . "loginSearchDN: " . $this->loginSearchDN . "\n");
+			if (!in_array("loginSearchPassword", $saved)) array_push($file_array, "\n\n# Bind password for login search.\n" . "loginSearchPassword: " . $this->loginSearchPassword . "\n");
 			if (!in_array("httpAuthentication", $saved)) array_push($file_array, "\n\n# HTTP authentication for LAM login.\n" . "httpAuthentication: " . $this->httpAuthentication . "\n");
 			if (!in_array("lamProMailFrom", $saved)) array_push($file_array, "\n\n# Password mail from\n" . "lamProMailFrom: " . $this->lamProMailFrom . "\n");
 			if (!in_array("lamProMailReplyTo", $saved)) array_push($file_array, "\n\n# Password mail reply-to\n" . "lamProMailReplyTo: " . $this->lamProMailReplyTo . "\n");
@@ -1026,24 +1034,6 @@ class LAMConfig {
 		$this->loginSearchFilter = $loginSearchFilter;
 	}
 	
-	/**
-	 * Returns if HTTP authentication should be used.
-	 * 
-	 * @return String $httpAuthentication use HTTP authentication ('true' or 'false')
-	 */
-	public function getHttpAuthentication() {
-		return $this->httpAuthentication;
-	}
-
-	/**
-	 * Specifies if HTTP authentication should be used.
-	 * 
-	 * @param String $httpAuthentication use HTTP authentication ('true' or 'false')
-	 */
-	public function setHttpAuthentication($httpAuthentication) {
-		$this->httpAuthentication = $httpAuthentication;
-	}
-
 	/**
 	 * Returns the login search suffix.
 	 * 
@@ -1062,6 +1052,65 @@ class LAMConfig {
 		$this->loginSearchSuffix = $loginSearchSuffix;
 	}
 	
+	/**
+	 * Sets the DN for the login search bind user.
+	 * 
+	 * @param String $loginSearchDN DN
+	 * @return boolean true if DN is valid
+	 */
+	public function setLoginSearchDN($loginSearchDN) {
+		$this->loginSearchDN = $loginSearchDN;
+		if (($loginSearchDN == '') || get_preg($loginSearchDN, 'dn')) {
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Returns the DN for the login search bind user.
+	 * 
+	 * @return String DN
+	 */
+	public function getLoginSearchDN() {
+		return $this->loginSearchDN;
+	}
+
+	/**
+	 * Sets the password for the login search bind user.
+	 * 
+	 * @param String $loginSearchPassword password
+	 */
+	public function setLoginSearchPassword($loginSearchPassword) {
+		$this->loginSearchPassword = $loginSearchPassword;
+	}
+
+	/**
+	 * Returns the password for the login search bind user.
+	 * 
+	 * @return String password
+	 */
+	public function getLoginSearchPassword() {
+		return $this->loginSearchPassword;
+	}
+
+	/**
+	 * Returns if HTTP authentication should be used.
+	 * 
+	 * @return String $httpAuthentication use HTTP authentication ('true' or 'false')
+	 */
+	public function getHttpAuthentication() {
+		return $this->httpAuthentication;
+	}
+
+	/**
+	 * Specifies if HTTP authentication should be used.
+	 * 
+	 * @param String $httpAuthentication use HTTP authentication ('true' or 'false')
+	 */
+	public function setHttpAuthentication($httpAuthentication) {
+		$this->httpAuthentication = $httpAuthentication;
+	}
+
 	/**
 	 * Returns the sender address for password reset mails.
 	 * 
diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php
index de0ab46a..4f21551f 100644
--- a/lam/templates/config/confmain.php
+++ b/lam/templates/config/confmain.php
@@ -358,6 +358,12 @@ $securitySettingsContent->addElement($searchSuffixInput, true);
 $searchFilterInput = new htmlTableExtendedInputField(_("LDAP filter"), 'loginSearchFilter', $conf->getLoginSearchFilter(), '221');
 $searchFilterInput->setRequired(true);
 $securitySettingsContent->addElement($searchFilterInput, true);
+// login search bind user
+$securitySettingsContent->addElement(new htmlTableExtendedInputField(_("Bind user"), 'loginSearchDN', $conf->getLoginSearchDN(), '224'), true);
+// login search bind password
+$searchPasswordInput = new htmlTableExtendedInputField(_("Bind password"), 'loginSearchPassword', $conf->getLoginSearchPassword(), '224');
+$searchPasswordInput->setIsPassword(true);
+$securitySettingsContent->addElement($searchPasswordInput, true);
 // HTTP authentication
 $securitySettingsContent->addElement(new htmlTableExtendedInputCheckbox('httpAuthentication', ($conf->getHttpAuthentication() == 'true'), _('HTTP authentication'), '223', true), true);
 $securitySettingsContent->addElement(new htmlSpacer(null, '10px'), true);
@@ -445,6 +451,10 @@ function checkInput() {
 	$conf->setLoginMethod($_POST['loginMethod']);
 	$conf->setLoginSearchFilter($_POST['loginSearchFilter']);
 	$conf->setLoginSearchSuffix($_POST['loginSearchSuffix']);
+	if (!$conf->setLoginSearchDN($_POST['loginSearchDN'])) {
+		$errors[] = array("ERROR", _("Please enter a valid bind user."));
+	}
+	$conf->setLoginSearchPassword($_POST['loginSearchPassword']);
 	if (isset($_POST['httpAuthentication']) && ($_POST['httpAuthentication'] == 'on')) {
 		$conf->setHttpAuthentication('true');
 	}
diff --git a/lam/templates/lib/500_lam.js b/lam/templates/lib/500_lam.js
index 0c8d3ea5..81c8028c 100644
--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@@ -157,12 +157,16 @@ function configLoginMethodChanged() {
 		jQuery('textarea[name=admins]').parent().parent().show();
 		jQuery('input[name=loginSearchSuffix]').parent().parent().hide();
 		jQuery('input[name=loginSearchFilter]').parent().parent().hide();
+		jQuery('input[name=loginSearchDN]').parent().parent().hide();
+		jQuery('input[name=loginSearchPassword]').parent().parent().hide();
 		jQuery('input[name=httpAuthentication]').parent().parent().hide();
 	}
 	else {
 		jQuery('textarea[name=admins]').parent().parent().hide();
 		jQuery('input[name=loginSearchSuffix]').parent().parent().show();
 		jQuery('input[name=loginSearchFilter]').parent().parent().show();
+		jQuery('input[name=loginSearchDN]').parent().parent().show();
+		jQuery('input[name=loginSearchPassword]').parent().parent().show();
 		jQuery('input[name=httpAuthentication]').parent().parent().show();
 	}
 }
diff --git a/lam/templates/login.php b/lam/templates/login.php
index e8c0c74f..22a7f279 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -269,7 +269,7 @@ function display_LoginPage($config_object) {
 							<tr>
 								<td style="border-style:none" height="35" align="right"><b>
 									<?php
-									echo _("User name") . ":";
+									echo _("User name");
 									?>
 								</b>&nbsp;&nbsp;</td>
 								<td style="border-style:none" height="35" align="left">
@@ -298,7 +298,7 @@ function display_LoginPage($config_object) {
 							<tr>
 								<td style="border-style:none" height="35" align="right"><b>
 									<?php
-									echo _("Password") . ":";
+									echo _("Password");
 									?>
 								</b>&nbsp;&nbsp;</td>
 								<td style="border-style:none" height="35" align="left">
@@ -315,7 +315,7 @@ function display_LoginPage($config_object) {
 							<tr>
 								<td style="border-style:none" align="right"><b>
 									<?php
-									echo _("Language") . ":";
+									echo _("Language");
 									?>
 								</b>&nbsp;&nbsp;</td>
 								<td style="border-style:none" height="35" align="left">
@@ -370,8 +370,8 @@ function display_LoginPage($config_object) {
 								<td height="30" style="white-space: nowrap">
 									<b>
 									<?php
-									echo _("LDAP server") . ": ";
-									?></b>
+									echo _("LDAP server");
+									?></b>&nbsp;&nbsp;
 								</td>
 								<td width="100%" height="30">
 									<?php echo $config_object->get_ServerURL(); ?>
@@ -381,8 +381,8 @@ function display_LoginPage($config_object) {
 							<td height="30" style="white-space: nowrap">
 								<b>
 								<?php
-								echo _("Server profile") . ": ";
-								?></b>
+								echo _("Server profile");
+								?></b>&nbsp;&nbsp;
 							</td>
 							<td height="30">
 								<select name="profile" size="1" tabindex="5" onchange="loginProfileChanged(this)">
@@ -469,10 +469,16 @@ if(!empty($_POST['checklogin'])) {
 	if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
 		$searchFilter = $_SESSION['config']->getLoginSearchFilter();
 		$searchFilter = str_replace('%USER%', $username ,$searchFilter);
+		$searchDN = '';
+		$searchPassword = '';
+		if (($_SESSION['config']->getLoginSearchDN() != null) && ($_SESSION['config']->getLoginSearchDN() != '')) {
+			$searchDN = $_SESSION['config']->getLoginSearchDN();
+			$searchPassword = $_SESSION['config']->getLoginSearchPassword();
+		}
 		$searchSuccess = true;
 		$searchError = '';
 		$searchLDAP = new Ldap($_SESSION['config']);
-		$searchLDAPResult = $searchLDAP->connect('', '', true);
+		$searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
 		if (! ($searchLDAPResult == 0)) {
 			$searchSuccess = false;
 			$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server());