diff --git a/rhodecode/controllers/admin/ldap_settings.py b/rhodecode/controllers/admin/ldap_settings.py
--- a/rhodecode/controllers/admin/ldap_settings.py
+++ b/rhodecode/controllers/admin/ldap_settings.py
@@ -4,10 +4,10 @@
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
     ldap controller for RhodeCode
-    
+
     :created_on: Nov 26, 2010
     :author: marcink
-    :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>    
+    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
@@ -32,29 +32,61 @@ from pylons import request, response, se
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 
+from sqlalchemy.exc import DatabaseError
+
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
-from rhodecode.lib.auth_ldap import LdapImportError
-from rhodecode.model.settings import SettingsModel
+from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.model.forms import LdapSettingsForm
-from sqlalchemy.exc import DatabaseError
+from rhodecode.model.db import RhodeCodeSettings
 
 log = logging.getLogger(__name__)
 
 
+class LdapSettingsController(BaseController):
 
-class LdapSettingsController(BaseController):
+    search_scope_choices = [('BASE', _('BASE'),),
+                            ('ONELEVEL', _('ONELEVEL'),),
+                            ('SUBTREE', _('SUBTREE'),),
+                            ]
+    search_scope_default = 'SUBTREE'
+
+    tls_reqcert_choices = [('NEVER', _('NEVER'),),
+                           ('ALLOW', _('ALLOW'),),
+                           ('TRY', _('TRY'),),
+                           ('DEMAND', _('DEMAND'),),
+                           ('HARD', _('HARD'),),
+                           ]
+    tls_reqcert_default = 'DEMAND'
+
+    tls_kind_choices = [('PLAIN', _('No encryption'),),
+                        ('LDAPS', _('LDAPS connection'),),
+                        ('START_TLS', _('START_TLS on LDAP connection'),)
+                        ]
+
+    tls_kind_default = 'PLAIN'
 
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
+        c.search_scope_choices = self.search_scope_choices
+        c.tls_reqcert_choices = self.tls_reqcert_choices
+        c.tls_kind_choices = self.tls_kind_choices
+
+        c.search_scope_cur = self.search_scope_default
+        c.tls_reqcert_cur = self.tls_reqcert_default
+        c.tls_kind_cur = self.tls_kind_default
+
         super(LdapSettingsController, self).__before__()
 
     def index(self):
-        defaults = SettingsModel().get_ldap_settings()
+        defaults = RhodeCodeSettings.get_ldap_settings()
+        c.search_scope_cur = defaults.get('ldap_search_scope')
+        c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')
+        c.tls_kind_cur = defaults.get('ldap_tls_kind')
 
         return htmlfill.render(
                     render('admin/ldap/ldap.html'),
@@ -65,17 +97,17 @@ class LdapSettingsController(BaseControl
     def ldap_settings(self):
         """POST ldap create and store ldap settings"""
 
-        settings_model = SettingsModel()
-        post_data = dict(request.POST)
-        _form = LdapSettingsForm(post_data.get('ldap_active'))()
+        _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],
+                                 [x[0] for x in self.search_scope_choices],
+                                 [x[0] for x in self.tls_kind_choices])()
 
         try:
-            form_result = _form.to_python(post_data)
+            form_result = _form.to_python(dict(request.POST))
             try:
 
                 for k, v in form_result.items():
                     if k.startswith('ldap_'):
-                        setting = settings_model.get(k)
+                        setting = RhodeCodeSettings.get_by_name(k)
                         setting.app_settings_value = v
                         self.sa.add(setting)
 
@@ -89,11 +121,12 @@ class LdapSettingsController(BaseControl
                       'is missing.'), category='warning')
 
         except formencode.Invalid, errors:
+            e = errors.error_dict or {}
 
             return htmlfill.render(
                 render('admin/ldap/ldap.html'),
                 defaults=errors.value,
-                errors=errors.error_dict or {},
+                errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception: