diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml
index 3a7d287..f2d6be7 100644
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@@ -32,7 +32,8 @@ nginx_use_ldap_pam_auth: False
 nginx_pam_svc_name: nginx
 nginx_ldap_uri: "ldap://ldap.example.org"
 nginx_ldap_base_dn: "dc=example,dc=org"
-
+# nginx_ldap_login_attribute: uid
+# nginx_ldap_pam_groupdn:
 nginx_letsencrypt_managed: True
 
 # Virtualhost example
diff --git a/nginx/templates/ldap.conf.j2 b/nginx/templates/ldap.conf.j2
index fba620a..b748f41 100644
--- a/nginx/templates/ldap.conf.j2
+++ b/nginx/templates/ldap.conf.j2
@@ -3,7 +3,12 @@ base {{ nginx_ldap_base_dn }}
 
 # Another way to specify your LDAP server is to provide an
 uri {{ nginx_ldap_uri }}
-
+if {% nginx_ldap_login_attribute is defined %}
+pam_login_attribute {{ nginx_ldap_login_attribute }}
+{% endif %}
+if {% nginx_ldap_pam_groupdn is defined %}
+pam_groupdn
+{% endif %}
 # The LDAP version to use (defaults to 3
 # if supported by client library)
 ldap_version 3