diff --git a/Gemfile b/Gemfile
index 6fd584d2..fbdeab91 100644
--- a/Gemfile
+++ b/Gemfile
@@ -65,6 +65,7 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'omniauth', '1.3.1'
 gem 'omniauth-twitter', '1.2.1'
 gem 'omniauth-google-oauth2', '0.4.1'
+gem 'omniauth-ldap'
 
 gem 'bigbluebutton-api-ruby'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 4178690f..6779b2fa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -116,6 +116,7 @@ GEM
     multi_json (1.12.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
+    net-ldap (0.16.0)
     nio4r (1.2.1)
     nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
@@ -134,6 +135,11 @@ GEM
       multi_json (~> 1.3)
       omniauth (>= 1.1.1)
       omniauth-oauth2 (>= 1.3.1)
+    omniauth-ldap (1.0.5)
+      net-ldap (~> 0.12)
+      omniauth (~> 1.0)
+      pyu-ruby-sasl (~> 0.0.3.2)
+      rubyntlm (~> 0.3.4)
     omniauth-oauth (1.1.0)
       oauth
       omniauth (~> 1.0)
@@ -151,6 +157,7 @@ GEM
       mimemagic (= 0.3.0)
     pg (0.19.0)
     puma (3.6.0)
+    pyu-ruby-sasl (0.0.3.3)
     rack (2.0.1)
     rack-test (0.6.3)
       rack (>= 1.0)
@@ -184,6 +191,7 @@ GEM
     rb-fsevent (0.9.7)
     rb-inotify (0.9.7)
       ffi (>= 0.5.0)
+    rubyntlm (0.3.4)
     sass (3.4.22)
     sass-rails (5.0.6)
       railties (>= 4.0.0, < 6)
@@ -254,6 +262,7 @@ DEPENDENCIES
   mocha
   omniauth (= 1.3.1)
   omniauth-google-oauth2 (= 0.4.1)
+  omniauth-ldap
   omniauth-twitter (= 1.2.1)
   paperclip (~> 4.2)
   pg
diff --git a/app/assets/images/ldap_icon.png b/app/assets/images/ldap_icon.png
new file mode 100644
index 00000000..74bee5ff
Binary files /dev/null and b/app/assets/images/ldap_icon.png differ
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 01f1f979..75bdbea0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -16,6 +16,8 @@
 
 class SessionsController < ApplicationController
 
+  skip_before_filter :verify_authenticity_token
+
   def new
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index aa51beae..798e24d1 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -47,6 +47,14 @@ class User < ApplicationRecord
     auth_hash['info']['email']
   end
 
+  def self.ldap_username(auth_hash)
+    auth_hash['info']['nickname']
+  end
+  
+  def self.ldap_email(auth_hash)
+    auth_hash['info']['email']
+  end
+
   def set_encrypted_id
     self.encrypted_id = "#{username[0..1]}-#{Digest::SHA1.hexdigest(uid+provider)[0..7]}"
   end
diff --git a/app/views/sessions/new.erb b/app/views/sessions/new.erb
index 5b5694b4..2fbe9b70 100644
--- a/app/views/sessions/new.erb
+++ b/app/views/sessions/new.erb
@@ -49,6 +49,18 @@
                 </div>
               <% end %>
           <% end %>
+          <% if omniauth_providers_configured(:ldap) %>
+              <%= link_to omniauth_login_url(:ldap), class: "signin-link signin-link-ldap" do %>
+                <div class="signin-button center-block">
+                  <div class="signin-icon-wrapper">
+                    <%= image_tag(ENV['LDAP_ICON'].present? ? ENV['LDAP_ICON'] : 'ldap_icon.png', alt: "L", class: "signin-icon") %>
+                  </div>
+                  <div class="signin-text-wrapper text-center">
+                    <span class="signin-text"><%= t('signin_text', provider: ENV['LDAP_NAME'].present? ? ENV['LDAP_NAME'] : 'LDAP') %></span>
+                  </div>
+                </div>
+              <% end %>
+          <% end %>
         </div>
       <% end %>
     </div>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index b5b3be0a..45584723 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,11 +1,22 @@
-Rails.application.config.providers = [:google, :twitter]
+Rails.application.config.providers = [:google, :twitter, :ldap]
 
 Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present?
 
 Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present?
 
+Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present?
+
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
   provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
     scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google'
+  provider :ldap,
+    host: ENV['LDAP_SERVER'],
+    port: ENV['LDAP_PORT'],
+    method: :plain,
+    allow_username_or_email_login: true,
+    uid: ENV['LDAP_UID'],
+    base: ENV['LDAP_BASE'],
+    bind_dn: ENV['LDAP_BIND_DN'],
+    password: ENV['LDAP_PASSWORD']
 end
diff --git a/env b/env
index ba0ad89f..764187e6 100644
--- a/env
+++ b/env
@@ -36,6 +36,20 @@ TWITTER_SECRET=
 GOOGLE_OAUTH2_ID=
 GOOGLE_OAUTH2_SECRET=
 
+# LDAP Login Provider (optional)
+#
+#   You can enable LDAP authentication by providing values for LDAP_SERVER and LDAP_PORT.
+#   For information about setting up LDAP, see: (LINK TO LDAP DOCS).
+#
+LDAP_SERVER=
+LDAP_PORT=
+LDAP_UID=
+LDAP_BASE=
+LDAP_BIND_DN=
+LDAP_PASSWORD=
+LDAP_ICON=
+LDAP_NAME=
+
 # If "true", GreenLight will register a webhook callback for each meeting
 # created. This callback is called for all events that happen in the meeting,
 # including the processing of its recording. These events are used to update