diff --git a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
index dc9e0d6..eb88997 100644
--- a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
+++ b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
@@ -29,6 +29,18 @@ class plugin_ldap::controller {
   $user_allow_update      = false
   $user_allow_delete      = false
 
+  $group_tree_dn          = $::fuel_settings['ldap']['group_tree_dn']
+  $group_filter           = $::fuel_settings['ldap']['group_filter']
+  $group_objectclass      = $::fuel_settings['ldap']['group_objectclass']
+  $group_id_attribute     = $::fuel_settings['ldap']['group_id_attribute']
+  $group_name_attribute   = $::fuel_settings['ldap']['group_name_attribute']
+  $group_member_attribute = $::fuel_settings['ldap']['group_member_attribute']
+  $group_desc_attribute   = $::fuel_settings['ldap']['group_desc_attribute']
+
+  $group_allow_create     = false
+  $group_allow_update     = false
+  $group_allow_delete     = false
+
   $domain                 = $::fuel_settings['ldap']['domain']
 
   file { '/etc/keystone/domains':
@@ -65,6 +77,16 @@ class plugin_ldap::controller {
     "${domain}/ldap/user_allow_create":      value => $user_allow_create;
     "${domain}/ldap/user_allow_update":      value => $user_allow_update;
     "${domain}/ldap/user_allow_delete":      value => $user_allow_delete;
+    "${domain}/ldap/group_tree_dn":          value => $group_tree_dn;
+    "${domain}/ldap/group_filter":           value => $group_filter;
+    "${domain}/ldap/group_objectclass":      value => $group_objectclass;
+    "${domain}/ldap/group_id_attribute":     value => $group_id_attribute;
+    "${domain}/ldap/group_name_attribute":   value => $group_name_attribute;
+    "${domain}/ldap/group_member_attribute": value => $group_member_attribute;
+    "${domain}/ldap/group_desc_attribute":   value => $group_desc_attribute;
+    "${domain}/ldap/group_allow_create":     value => $group_allow_create;
+    "${domain}/ldap/group_allow_update":     value => $group_allow_update;
+    "${domain}/ldap/group_allow_delete":     value => $group_allow_delete;
   } ~>
   service { 'httpd':
     name     => "$apache::params::service_name",
diff --git a/environment_config.yaml b/environment_config.yaml
index efeb136..2faa4f6 100644
--- a/environment_config.yaml
+++ b/environment_config.yaml
@@ -86,3 +86,45 @@ attributes:
     description: 'LDAP attribute mapped to enabled/disabled.'
     weight: 66
     type: "text"
+  group_tree_dn:
+    value: 'ou=Groups,dc=example,dc=com'
+    label: 'Groups Tree DN'
+    description: 'Search base for groups.'
+    weight: 75
+    type: "text"
+  group_filter:
+    value: ''
+    label: 'Group Filter'
+    description: 'LDAP search filter for groups.'
+    weight: 80
+    type: "text"
+  group_objectclass:
+    value: 'groupOfNames'
+    label: 'Group Object Class'
+    description: 'LDAP objectclass for groups.'
+    weight: 85
+    type: "text"
+  group_id_attribute:
+    value: 'cn'
+    label: 'Group ID Attribute'
+    description: 'LDAP attribute mapped to group id.'
+    weight: 90
+    type: "text"
+  group_name_attribute:
+    value: 'ou'
+    label: 'Group Name Attribute'
+    description: 'LDAP attribute mapped to group name.'
+    weight: 95
+    type: "text"
+  group_member_attribute:
+    value: 'member'
+    label: 'Group Member Attribute'
+    description: 'LDAP attribute that maps user to group.'
+    weight: 100
+    type: "text"
+  group_desc_attribute:
+    value: 'description'
+    label: 'Group description Attribute'
+    description: 'LDAP attribute mapped to description.'
+    weight: 105
+    type: "text"