diff --git a/.env b/.env
index 8f4acf671..e0cacb988 100644
--- a/.env
+++ b/.env
@@ -21,3 +21,19 @@ APP_ENV=dev
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN=^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$
 ###< nelmio/cors-bundle ###
+
+###> AUTH_TYPE ###
+AUTH_TYPE=native
+###< LDAP CONFIG ###
+
+###> LDAP CONFIG ###
+LDAP_HOST=''
+LDAP_PORT=389
+LDAP_ENCRYPTION=tls
+LDAP_PROTOCOL_VERSION=3
+LDAP_REFERRALS=false
+LDAP_DN_STRING=''
+LDAP_QUERY_STRING=''
+LDAP_SEARCH_DN=''
+LDAP_SEARCH_PASSWORD=''
+###< LDAP CONFIG ###
diff --git a/config/packages/security.php b/config/packages/security.php
new file mode 100644
index 000000000..ee41c5d8d
--- /dev/null
+++ b/config/packages/security.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * SuiteCRM is a customer relationship management program developed by SalesAgility Ltd.
+ * Copyright (C) 2022 SalesAgility Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License version 3 as published by the
+ * Free Software Foundation with the addition of the following permission added
+ * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
+ * IN WHICH THE COPYRIGHT IS OWNED BY SALESAGILITY, SALESAGILITY DISCLAIMS THE
+ * WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In accordance with Section 7(b) of the GNU Affero General Public License
+ * version 3, these Appropriate Legal Notices must retain the display of the
+ * "Supercharged by SuiteCRM" logo. If the display of the logos is not reasonably
+ * feasible for technical reasons, the Appropriate Legal Notices must display
+ * the words "Supercharged by SuiteCRM".
+ */
+
+namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+use App\Security\UserChecker;
+use Symfony\Component\DependencyInjection\Container;
+use Symfony\Component\Ldap\Ldap;
+
+/** @var $container Container */
+if (!isset($container)) {
+    return;
+}
+
+return static function (ContainerConfigurator $containerConfig) {
+
+    $env = $_ENV ?? [];
+    $authType = $env['AUTH_TYPE'] ?? 'native';
+
+    $baseFirewall = [
+        'dev' => [
+            'pattern' => '^/(_(profiler|wdt)|css|images|js)/',
+            'user_checker' => UserChecker::class,
+            'security' => false
+        ],
+        'main' => [
+            'lazy' => true,
+            'logout' => [
+                'path' => 'app_logout'
+            ]
+        ]
+    ];
+
+    if ($authType === 'native') {
+        $containerConfig->extension('security', [
+            'firewalls' => array_merge_recursive($baseFirewall, [
+                'main' => [
+                    'json_login' => [
+                        'check_path' => 'app_login',
+                    ],
+                ],
+            ])
+        ]);
+
+        return;
+    }
+
+    if ($authType === 'ldap') {
+        $containerConfig->extension('security', [
+            'firewalls' => array_merge_recursive($baseFirewall, [
+                'main' => [
+                    'json_login_ldap' => [
+                        'check_path' => 'app_login',
+                        'service' => Ldap::class,
+                        'dn_string' => '%env(LDAP_DN_STRING)%',
+                        'query_string' => '%env(LDAP_QUERY_STRING)%',
+                        'search_dn' => '%env(LDAP_SEARCH_DN)%',
+                        'search_password' => '%env(LDAP_SEARCH_PASSWORD)%',
+                    ],
+                ],
+            ])
+        ]);
+    }
+
+};
+
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index d7adc607c..73b164ad9 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -12,23 +12,6 @@ security:
       entity:
         class: App\Module\Users\Entity\User
 
-  firewalls:
-    dev:
-      pattern: ^/(_(profiler|wdt)|css|images|js)/
-      user_checker: App\Security\UserChecker
-      security: false
-    main:
-      anonymous: true
-      lazy: true
-      user_checker: App\Security\UserChecker
-      guard:
-        authenticators:
-          - App\Security\LoginFormAuthenticator
-      json_login:
-        check_path: app_login
-      logout:
-        path: app_logout
-
   # Note: Only the *first* access control that matches will be used
   access_control:
     - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
diff --git a/config/services.yaml b/config/services.yaml
index d06919830..b2451e093 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -8,6 +8,22 @@ parameters:
   legacy.path: '/legacy'
   legacy.session_name: 'LEGACYSESSID'
   default_session_name: 'PHPSESSID'
+  auth_type: '%env(AUTH_TYPE)%'
+
+services:
+  Symfony\Component\Ldap\Ldap:
+    arguments: [ '@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter' ]
+    tags:
+      - ldap
+  Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
+    arguments:
+      - host: '%env(LDAP_HOST)%'
+        port: '%env(LDAP_PORT)%'
+        encryption: '%env(LDAP_ENCRYPTION)%'
+        options:
+          protocol_version: '%env(LDAP_PROTOCOL_VERSION)%'
+          referrals: '%env(LDAP_REFERRALS)%'
+
 
 imports:
   - { resource: services/**/*.yaml }