diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81a411b7d7d13c765d062794c659b032984fe22b..918680707df05f0ed0a97229f7bf02ce6548a93e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   Script for moving files (change their path) in the internal file system based
   on a two-column tsv file (with columns "from" and "to"). See
   [README.md](misc/move_files/README.md).
+- LDAP server may now be given and may be different from LDAP domain. See
+  `misc/pam_authentication/ldap.conf`
 
 ### Changed
 
diff --git a/misc/pam_authentication/ldap.conf b/misc/pam_authentication/ldap.conf
index 117d1074915e3cacd9a97b83b5a2e83e3c50d451..664dd7c97524242fdb1ea7015bbc0e26c087b062 100644
--- a/misc/pam_authentication/ldap.conf
+++ b/misc/pam_authentication/ldap.conf
@@ -1,7 +1,8 @@
 # This file is sourced by the LDAP authentication script
 
-
-# Set the ldap server here.  This is also used to generate a fully qualified
-# user name: <USER>@$LDAP_SERVER
-
+# Set the ldap server here.
 # LDAP_SERVER="example.com"
+
+# Set the ldap domain here. This is used to generate a fully qualified
+# user name: <USER>@$LDAP_DOMAIN
+# LDAP_DOMAIN="example.com"
diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
index f887bf99f47c827fd712d2189a5ca89ec2981e6c..1b86b8e1783399e2c43b92981a43789accb21e7d 100755
--- a/misc/pam_authentication/ldap_authentication.sh
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -35,7 +35,7 @@ exe_dir=$(dirname $0)
 
 # If the second argument is empty or "-", take password from stdin, else use the argument as a file.
 testpw() {
-    username="${1}@${LDAP_SERVER}"
+    username="${1}@${LDAP_DOMAIN}"
     pwfile="$2"
     pwargs=("-w" "$pwfile")
     if [[ $pwfile == "-" ]] ; then