diff --git a/conf/core/usersources.ini.template b/conf/core/usersources.ini.template
index df221ef5f87033444138f2e9e9d3fe6886c696a3..9f821e2c045d045b957d46a7de517eae3fb6c1ba 100644
--- a/conf/core/usersources.ini.template
+++ b/conf/core/usersources.ini.template
@@ -25,6 +25,7 @@ defaultRealm = PAM
 
 [PAM]
 class = caosdb.server.accessControl.Pam
+; pam_script = "./misc/pam_authentication/pam_authentication.sh"
 default_status = ACTIVE
 ;include.user = [uncomment and put your users here]
 ;include.group = [uncomment and put your groups here]
diff --git a/misc/pam_authentication/ldap.conf b/misc/pam_authentication/ldap.conf
new file mode 100644
index 0000000000000000000000000000000000000000..aca5b0491bc937997f7e70efae09d92c55564e67
--- /dev/null
+++ b/misc/pam_authentication/ldap.conf
@@ -0,0 +1,7 @@
+# This file is sourced by the LDAP authentication script
+
+
+# Set the ldap server here.  This is also used to generate a fully qualified
+# user name.
+
+# LDAP_SERVER="example.com"
diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
new file mode 100644
index 0000000000000000000000000000000000000000..3b64a295fa94c266fe89410b0c13f1c253aee7b2
--- /dev/null
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (c) 2020 IndiScale GmbH
+# Copyright (c) 2020 Daniel Hornung <d.hornung@indiscale.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+
+# Try to authenticate a user ($1) with a password ($2) via LDAP
+
+# set LDAP_SERVER here
+# e.g. `LDAP_SERVER=example.com`
+. ldap.conf
+
+username="${1}@${LDAP_SERVER}"
+pw="$2"
+
+if ldapwhoami -x -H "ldap://$LDAP_SERVER" -D "$username" -w "$pw" ; then
+    echo "[OK]"
+    exit 0
+else
+    echo "[FAILED]"
+    exit 1
+fi
+
+
+