diff --git a/README.md b/README.md
index ae2d3b6914932223b9dc98d9158c35aeb6a730d6..b4f76346c15d409fbd67c64c0be488c28c3e85c1 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,22 @@ ldap:
   enabled: 'false'
   servers: {}
 
+# configure smtp server for outgoing mail
+smtp:
+  enabled: false
+  server: ~
+  port: 465
+  user: ~
+  password: ~
+  domain: ~
+  authentication: 'login' # Can be: 'login', 'plain'
+  starttls: true
+  tls: false
+  verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+  #ca_path: '/etc/ssl/certs'
+  #ca_file: '/etc/ssl/certs/ca-certificates.crt'
+
+
 # array of groups to create
 groups: []
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index 85730082bf2f0c69debdc2113fc53eb0e67d2514..f4a96b062e9fe25d8b8794b2b32f76216d350b50 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,6 +28,20 @@ gitlab:
     auto_link_ldap_user: 'true'
     providers: []
   upload_size_max: 128M
-  mail:
-    from: ~
-    reply_to: ~
+  mail: {}
+    #from: 'git@domain'
+    #reply_to: 'git@domain'
+  smtp:
+    enabled: false
+    server: ~
+    port: 465
+    user: ~
+    password: ~
+    domain: ~
+    authentication: 'login' # Can be: 'login', 'plain'
+    starttls: true
+    tls: false
+    verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+    ca_path: ~ # eg '/etc/ssl/certs'
+    ca_file: ~ # eg '/etc/ssl/certs/ca-certificates.crt'
+>>>>>>> 6437b6d42cd6f19b8ff220e02319088c9819bd70
diff --git a/files/gitlab-ldap-sync.py b/files/gitlab-ldap-sync.py
index e3b3f47952e25c799b1b5b9b645dcf1555a27766..943a6d7ae0acfb82803680461b39596ef62b92da 100644
--- a/files/gitlab-ldap-sync.py
+++ b/files/gitlab-ldap-sync.py
@@ -54,7 +54,11 @@ def connect_ldap(host, port, encryption, ca_file, bind_dn, bind_passwd):
 	old_search = conn.search
 	def search(*args, **kwargs):
 		kwargs.update({'attributes': [ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES]})
-		return old_search(*args, **kwargs)
+		ret = old_search(*args, **kwargs)
+		result_code = conn.result['result']
+		if result_code != 0:
+			raise Exception(f'LDAP SEARCH failed with result code {result_code}')
+		return ret
 	conn.search = search
 	return conn
 
diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2
index 0e8506a463b8e71b3156ad690a9aadacfe6ef70c..a40dc8ba5934023579c9bdaf3af998c2e790a754 100644
--- a/templates/gitlab.rb.j2
+++ b/templates/gitlab.rb.j2
@@ -628,22 +628,30 @@ gitlab_rails['initial_root_password'] = "{{ gitlab.initial_root_password }}"
 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
 ###! **Use smtp instead of sendmail/postfix.**
 
-# gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
-# gitlab_rails['smtp_port'] = 465
-# gitlab_rails['smtp_user_name'] = "smtp user"
-# gitlab_rails['smtp_password'] = "smtp password"
-# gitlab_rails['smtp_domain'] = "example.com"
-# gitlab_rails['smtp_authentication'] = "login"
-# gitlab_rails['smtp_enable_starttls_auto'] = true
-# gitlab_rails['smtp_tls'] = false
+{% if gitlab.smtp.enabled %}
+gitlab_rails['smtp_enable'] = {{ gitlab.smtp.enabled|to_json }}
+gitlab_rails['smtp_address'] = "{{ gitlab.smtp.server }}"
+gitlab_rails['smtp_port'] = {{ gitlab.smtp.port }}
+gitlab_rails['smtp_user_name'] = "{{ gitlab.smtp.user }}"
+gitlab_rails['smtp_password'] = "{{ gitlab.smtp.password }}"
+{% if gitlab.smtp.domain %}
+gitlab_rails['smtp_domain'] = "{{ gitlab.smtp.domain }}"
+{% endif %}
+gitlab_rails['smtp_authentication'] = "{{ gitlab.smtp.authentication }}"
+gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab.smtp.starttls|to_json }}
+gitlab_rails['smtp_tls'] = {{ gitlab.smtp.tls|to_json }}
 
 ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
 ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab.smtp.verify_ssl }}'
 
-# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
-# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
+{% if gitlab.smtp.ca_path %}
+gitlab_rails['smtp_ca_path'] = "{{ gitlab.smtp.ca_path }}"
+{% endif %}
+{% if gitlab.smtp.ca_file %}
+gitlab_rails['smtp_ca_file'] = "{{ gitlab.smtp.ca_file }}"
+{% endif %}
+{% endif %}
 
 ################################################################################
 ## Container Registry settings