diff --git a/config-templates/ldapmulti.php b/config-templates/ldapmulti.php
index df80ef030445656f3f831027bde773f5e2597b8a..f8210b49f2df4149a7caf140f5c3b16937454dd0 100644
--- a/config-templates/ldapmulti.php
+++ b/config-templates/ldapmulti.php
@@ -1,27 +1,34 @@
 <?php
+
 /* 
- * The configuration of simpleSAMLphp
- * 
+ * Configuration for the multi-DN LDAP authentication module.
  * 
+ * $Id$
  */
 
 $ldapmulti = array (
 
 	'feide.no' => array(
-		'description'	=> 'Feide',
-		'dnpattern'		=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'Feide',
+		/* for a description of options see equivalent options in ldap.php starting with auth.ldap. */
+		'dnpattern'			=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
+		'enable_tls'		=> FALSE,
+		'search.enable'		=> FALSE,
+		'search.base'		=> NULL,
+		'search.attributes'	=> NULL,
+		'search.username'	=> NULL,
+		'search.password'	=> NULL,
 	),
+
 	'uninett.no' => array(
-		'description'	=> 'UNINETT',
-		'dnpattern'		=> 'uid=%username%,ou=people,dc=uninett,dc=no',
-		'hostname'		=> 'ldap.uninett.no',
-		'attributes'	=> 'objectclass=*',
+		'description'		=> 'UNINETT',
+		'dnpattern'			=> 'uid=%username%,ou=people,dc=uninett,dc=no',
+		'hostname'			=> 'ldap.uninett.no',
+		'attributes'		=> NULL,
 	)
 	
 );
 
-
-
-?>
\ No newline at end of file
+?>
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 5f2461fb4290388e308db42a52c4a3bc5a001c12..147152d2f70ecad12b8553172676f7b14259be01 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -31,10 +31,16 @@ if (isset($_POST['username'])) {
 	try {
 	
 		$ldapconfig = $ldapmulti[$_POST['org']];
+
+		if ($ldapconfig['search.enable'] === TRUE) {
+			if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
+				throw new Exception('Error authenticating using search username & password.');
+			}
+			$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
+		} else {
+			$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+		}
 		
-		
-	
-		$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
 		$pwd = $_POST['password'];
 	
 		$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);