Index: modules/config/ldap.nix
===================================================================
--- modules/config/ldap.nix	(revision 28845)
+++ modules/config/ldap.nix	(working copy)
@@ -39,6 +39,26 @@
           ";
         };
 
+        bindAnonymously = mkOption {
+          default = true;
+          description = "
+            If disabled, bind to the LDAP server with a specific distinguished name.
+          ";
+        };
+
+        binddn = mkOption {
+          example = "cn=admin,dc=example,dc=com";
+          description = "
+            The distinguished name to bind to the server with.
+          ";
+        };
+
+        bindpw = mkOption {
+          description = "
+            The credentials to bind with.
+          ";
+        };
+
       };
     };
   };
@@ -62,6 +82,11 @@
             uri ${config.users.ldap.server}
             base ${config.users.ldap.base}
 
+            ${if !config.users.ldap.bindAnonymously then '' 
+              binddn ${config.users.ldap.binddn}
+              bindpw ${config.users.ldap.bindpw}
+            '' else ""}
+
             ${if config.users.ldap.useTLS then ''
               ssl start_tls
               tls_checkpeer no