diff --git a/type/__netbox/files/ldap_config.py.sh b/type/__netbox/files/ldap_config.py.sh
index 88af4b9..901d6f5 100755
--- a/type/__netbox/files/ldap_config.py.sh
+++ b/type/__netbox/files/ldap_config.py.sh
@@ -6,7 +6,7 @@ cat << EOF
 ##############################
 
 import ldap
-from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import LDAPSearch, PosixGroupType
 
 # Server URI
 AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
@@ -15,8 +15,10 @@ AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
 AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
 AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
 
-# If a user's DN is producible from their username, we don't need to search.
-AUTH_LDAP_USER_DN_TEMPLATE = "$LDAP_USER_DN_TEMPLATE"
+# Search for user entry.
+AUTH_LDAP_USER_SEARCH = LDAPSearch("$LDAP_USER_BASE",
+                                    ldap.SCOPE_SUBTREE,
+                                    "(uid=%(user)s)")
 
 # You can map user attributes to Django attributes as so.
 AUTH_LDAP_USER_ATTR_MAP = {
@@ -25,3 +27,35 @@ AUTH_LDAP_USER_ATTR_MAP = {
     "email": "mail"
 }
 EOF
+
+if [ "$LDAP_GROUP_BASE" != "" ]; then
+	cat << EOF
+
+# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
+# hierarchy.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("$LDAP_GROUP_BASE", ldap.SCOPE_SUBTREE,
+                                    "(objectClass=posixGroup)")
+AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+
+# Mirror LDAP group assignments.
+AUTH_LDAP_MIRROR_GROUPS = True
+EOF
+
+	if [ "$LDAP_REQUIRE_GROUP" != "" ]; then
+		cat << EOF
+
+# Define a group required to login.
+AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP"
+EOF
+	fi
+
+	if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then
+		cat << EOF
+
+# Define special user types using groups. Exercise great caution when assigning superuser status.
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_superuser": "$LDAP_SUPERUSER_GROUP",
+}
+EOF
+	fi
+fi
diff --git a/type/__netbox/manifest b/type/__netbox/manifest
index 2976686..32c85e3 100644
--- a/type/__netbox/manifest
+++ b/type/__netbox/manifest
@@ -40,8 +40,20 @@ if [ -f "$__object/parameter/ldap-bind-password" ]; then
 	export LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
 fi
 
-if [ -f "$__object/parameter/ldap-user-dn-template" ]; then
-	export LDAP_USER_DN_TEMPLATE=$(cat "$__object/parameter/ldap-user-dn-template")
+if [ -f "$__object/parameter/ldap-user-base" ]; then
+	export LDAP_USER_BASE=$(cat "$__object/parameter/ldap-user-base")
+fi
+
+if [ -f "$__object/parameter/ldap-group-base" ]; then
+	export LDAP_GROUP_BASE=$(cat "$__object/parameter/ldap-group-base")
+fi
+
+if [ -f "$__object/parameter/ldap-require-group" ]; then
+	export LDAP_REQUIRE_GROUP=$(cat "$__object/parameter/ldap-require-group")
+fi
+
+if [ -f "$__object/parameter/ldap-superuser-group" ]; then
+	export LDAP_SUPERUSER_GROUP=$(cat "$__object/parameter/ldap-superuser-group")
 fi
 
 # Create system user used to run netbox.
diff --git a/type/__netbox/parameter/optional b/type/__netbox/parameter/optional
index c946d73..290c98b 100644
--- a/type/__netbox/parameter/optional
+++ b/type/__netbox/parameter/optional
@@ -1,4 +1,7 @@
 ldap-server
 ldap-bind-dn
 ldap-bind-password
-ldap-user-dn-template
+ldap-user-base
+ldap-group-base
+ldap-require-group
+ldap-superuser-group