diff --git a/config.py.example b/config.py.example
index 6dc234e3c34afdfbf50fb23bea26e140ee158129..186b638439da3da382799862eb27ab9d449e4038 100644
--- a/config.py.example
+++ b/config.py.example
@@ -25,6 +25,7 @@ SQLITE_INIT_DATA = True
 
 #LDAP_HOST = 'rumo.fsmpi.rwth-aachen.de'
 LDAP_PORT = 636
+LDAP_GROUPS = ['users']
 #ICAL_URL = 'https://user:password@mail.fsmpi.rwth-aachen.de/SOGo/....ics'
 ERROR_PAGE = 'static/500.html'
 RWTH_IP_RANGES = ['134.130.0.0/16', '137.226.0.0/16', '134.61.0.0/16', '192.35.229.0/24', '2a00:8a60::/32']
diff --git a/db.py b/db.py
index a4cac848bd6421e307d0b408f1039191a03b4a70..866d3d1d77e280931912085d680c9f39954a6c39 100644
--- a/db.py
+++ b/db.py
@@ -152,24 +152,14 @@ if 'LDAP_HOST' in config:
 	def ldapauth(user, password):
 		user = LDAP_USERRE.sub(r'', user.lower())
 		try:
-			conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), 'uid=%s,ou=users,dc=fsmpi,dc=rwth-aachen,dc=de'%user, password, auto_bind=True)
-			groups = []
-			if conn.search("ou=groups,dc=fsmpi,dc=rwth-aachen,dc=de", "(&(cn=*)(memberUid=%s))"%user, attributes=['cn']):
-				groups = [e['attributes']['cn'][0] for e in conn.response]
-			conn.unbind()
-			return user, groups
-		except ldap3.core.exceptions.LDAPExceptionError:
-			return None, []
-
-	def ldapget(user):
-		user = LDAP_USERRE.sub(r'', user.lower())
-		conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), auto_bind=True)
-		conn.search("ou=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(uid=%s)"%user,
-				attributes=ldap3.ALL_ATTRIBUTES)
-		if not conn.response:
-			return {}
-		e = conn.response[0]
-		return {'uid': user, 'givenName': e['attributes']['givenName'][0], 'sn':e['attributes']['sn'][0]}
+			conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), 'fsmpi\\%s'%user, password, auto_bind=True, check_names=False)
+		except ldap3.core.exceptions.LDAPBindError:
+			return {}, []
+		conn.search("cn=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(cn=%s)"%user, attributes=['memberOf', 'givenName', 'sn'])
+		info = {'uid': user, 'givenName': conn.response[0]['attributes']['givenName'][0], 'sn': conn.response[0]['attributes']['sn'][0]}
+		groups = [g.split(',')[0].split('=')[-1] for g in conn.response[0]['attributes']['memberOf']]
+		conn.unbind()
+		return info, groups
 
 else:
 	notldap = {
@@ -180,9 +170,5 @@ else:
 	def ldapauth(user, password):
 		user = LDAP_USERRE.sub(r'', user.lower())
 		if config.get('DEBUG') and user in notldap and password == notldap[user][0]:
-			return user, notldap[user][1]
-		return None, []
-
-	def ldapget(user):
-		user = LDAP_USERRE.sub(r'', user.lower())
-		return notldap[user][2]
+			return notldap[user][2], notldap[user][1]
+		return {}, []
diff --git a/server.py b/server.py
index 860e9699c7aa99e88f8ed93f99e006a0431c4954..1631071f941a81499b1444d25fe8ccda7d9f8d9f 100644
--- a/server.py
+++ b/server.py
@@ -72,7 +72,7 @@ app.jinja_env.globals['gitversion'] = { 'hash': output[1], 'longhash': output[0]
 if not config.get('SECRET_KEY', None):
 	config['SECRET_KEY'] = os.urandom(24)
 
-from db import query, modify, show, searchquery, ldapauth, ldapget
+from db import query, modify, show, searchquery, ldapauth
 
 mod_endpoints = []
 
@@ -502,17 +502,23 @@ def search():
 	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
 
 def check_mod(user, groups):
-	return user and 'users' in groups
+	if not user:
+		return False
+	for group in config['LDAP_GROUPS']:
+		if group in groups:
+			return True
+	return False
 
 @app.route('/internal/login', methods=['GET', 'POST'])
 def login():
 	if request.method == 'GET':
 		return render_template('login.html')
-	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
+	userinfo, groups = ldapauth(request.form.get('user'), request.form.get('password'))
+	user = userinfo.get('uid')
 	if not check_mod(user, groups):
 		flash('Login fehlgeschlagen!')
 		return render_template('login.html')
-	session['user'] = ldapget(user)
+	session['user'] = userinfo
 	dbuser = query('SELECT * FROM users WHERE name = ?', user)
 	if not dbuser:
 		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)