diff --git a/config/config.php.example b/config/config.php.example
index 6f2d5d9..e375d27 100644
--- a/config/config.php.example
+++ b/config/config.php.example
@@ -400,6 +400,12 @@ $servers->setValue('server','name','My LDAP Server');
    setup. */
 // $servers->setValue('login','class',array());
 
+/* If login_attr was set to 'dn', it is possible to specify a template string to
+   build the DN from. Use '%s' where user input should be inserted. A user may
+   still enter the complete DN. In this case the template will not be used. */
+// $servers->setValue('login','bind_dn_template',null);
+#  $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
+
 /* If you specified something different from 'dn', for example 'uid', as the
    login_attr above, you can optionally specify here to fall back to
    authentication with dn.
diff --git a/htdocs/login_form.php b/htdocs/login_form.php
index 91c252c..b6a36b9 100644
--- a/htdocs/login_form.php
+++ b/htdocs/login_form.php
@@ -80,7 +80,7 @@ if ($app['server']->getAuthType() == 'http') {
 
 	printf('<tr><td><b>%s:</b></td></tr>',
 		$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
-			($app['server']->getValue('login','attr') == 'dn' ? _('Login DN') : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
+			($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
 
 	printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
 		$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
diff --git a/lib/ds.php b/lib/ds.php
index e7f4589..4b27227 100644
--- a/lib/ds.php
+++ b/lib/ds.php
@@ -574,6 +574,10 @@ class Datastore {
 			'desc'=>'User Login ID to bind to this DS',
 			'default'=>null);
 
+		$this->default->login['bind_dn_template'] = array(
+			'desc'=>'Template string for user login DN to bind to this DS. Use \'%s\' where user input should be inserted.',
+			'default'=>null);
+
 		$this->default->login['bind_pass'] = array(
 			'desc'=>'User Login Password to bind to this DS',
 			'default'=>null);
diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
index de80066..4352414 100644
--- a/lib/ds_ldap.php
+++ b/lib/ds_ldap.php
@@ -255,7 +255,7 @@ class ldap extends DS {
 		if (! is_null($user)) {
 			# If login,attr is set to DN, then user should be a DN
 			if (($this->getValue('login','attr') == 'dn') || $method != 'user')
-				$userDN = $user;
+				$userDN = $this->getValue('login', 'bind_dn_template') ? $this->fillDNTemplate($user) : $user;
 			else
 				$userDN = $this->getLoginID($user,'login');
 
@@ -512,6 +512,15 @@ class ldap extends DS {
 			return $this->getBaseDN();
 	}
 
+	private function fillDNTemplate($user) {
+		foreach($this->getLoginBaseDN() as $base)
+			if(substr_compare($user, $base, -strlen($base)) === 0)
+				return $user; // $user already passed as DN
+
+		// fill template
+		return sprintf($this->getValue('login', 'bind_dn_template'), preg_replace('/([,\\\\#+<>;"=])/', '\\\\$1', $user));
+	}
+
 	/**
 	 * Return the login classes that a user must have to login
 	 */
diff --git a/locale/de_DE/LC_MESSAGES/messages.mo b/locale/de_DE/LC_MESSAGES/messages.mo
index c683d73..0ae7fc2 100644
Binary files a/locale/de_DE/LC_MESSAGES/messages.mo and b/locale/de_DE/LC_MESSAGES/messages.mo differ