diff --git a/config.cfg.sample b/config.cfg.sample
index 28c7109..a57985e 100644
--- a/config.cfg.sample
+++ b/config.cfg.sample
@@ -12,6 +12,5 @@ DEBUG = True
 
 LDAP_HOST = "aw2clouddc01.hpcloud.ms"
 LDAP_DOMAIN = "hpcloud.ms"
-LDAP_BASE = "CN=Users,DC=hpcloud,DC=ms"
 
 BACKDOOR_AUTH = True
diff --git a/ephemeral_ca/__init__.py b/ephemeral_ca/__init__.py
index 911cee6..c3b9403 100644
--- a/ephemeral_ca/__init__.py
+++ b/ephemeral_ca/__init__.py
@@ -10,19 +10,30 @@ import sys
 import time
 import uuid
 import yaml
+import ldap
 
 from flask import Flask, request, redirect, Response
-from flask.ext.ldap import LDAP
 
 app = Flask(__name__)
 app.config.from_pyfile(os.environ.get('EPHEMERAL_CA_SETTINGS', 'config.cfg'))
-ldap = LDAP(app)
+
+
+def ldap_login(user, secret):
+    ldo = ldap.initialize("ldap://%s" % (app.config['LDAP_HOST'],))
+    ldo.set_option(ldap.OPT_REFERRALS, 0)
+    try:
+        ldo.simple_bind_s("%s@%s" % (user, app.config['LDAP_DOMAIN']), secret)
+        return True
+    except ldap.INVALID_CREDENTIALS:
+        return False
+
 
 def auth(user, secret):
     if app.config['BACKDOOR_AUTH']:
-        return secret=='woot' and user=='woot'
+        if secret=='woot' and user=='woot':
+            return True
 
-    return ldap.ldap_login(user, secret)
+    return ldap_login(user, secret)
 
 
 def sign(csr,encoding):
diff --git a/setup.py b/setup.py
index c0d55c9..3f54c8a 100755
--- a/setup.py
+++ b/setup.py
@@ -10,7 +10,7 @@ setup(
     install_requires=[
         'm2crypto',
         'flask',
-        'flask-ldap',
+        'python-ldap',
         'setuptools>=1.0',
     ],
     setup_requires=[