diff --git a/files/gitlab-ldap-sync.py b/files/gitlab-ldap-sync.py
index 8f8c0fcab53e00b34e93e7f70a8d548ef4cb97ba..e3b3f47952e25c799b1b5b9b645dcf1555a27766 100644
--- a/files/gitlab-ldap-sync.py
+++ b/files/gitlab-ldap-sync.py
@@ -42,9 +42,14 @@ import ldap3
 import gitlab
 from systemd.journal import JournalHandler
 
-def connect_ldap(host, port, ca_file, bind_dn, bind_passwd):
-	tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file)
-	server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls)
+def connect_ldap(host, port, encryption, ca_file, bind_dn, bind_passwd):
+	if encryption == 'simple_tls':
+		tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file)
+		server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls)
+	elif encryption == 'plain':
+		server = ldap3.Server(host, port=port, get_info=ldap3.ALL)
+	else:
+		raise Exception('Invalid encryption parameter "{}"'.format(encryption))
 	conn = ldap3.Connection(server, bind_dn, bind_passwd, auto_bind=True)
 	old_search = conn.search
 	def search(*args, **kwargs):
@@ -166,7 +171,8 @@ def main(config_path, dry_run=True):
 	config = load_config(config_path)
 	gl = gitlab.Gitlab(config['ldap_sync']['api_url'], config['ldap_sync']['api_token'], ssl_verify=True)
 	conn = connect_ldap(host=config['ldap']['main']['host'], port=config['ldap']['main']['port'],
-	                    ca_file=config['ldap']['main']['ca_file'],
+	                    encryption=config['ldap']['main']['encryption'],
+	                    ca_file=config['ldap']['main'].get('ca_file'),
 	                    bind_dn=config['ldap']['main']['bind_dn'],
 	                    bind_passwd=config['ldap']['main']['password'])
 	logging.info('Starting user synchronization')