diff --git a/config b/config
index 7c77f5f9..d16b5e9d 100644
--- a/config
+++ b/config
@@ -15,7 +15,7 @@
 # IPv4 syntax: address:port
 # IPv6 syntax: [address]:port
 # For example: 0.0.0.0:9999, [::]:9999
-#hosts = localhost:5232
+hosts = 0.0.0.0:5232
 
 # Max parallel connections
 #max_connections = 8
@@ -53,7 +53,22 @@
 
 # Authentication method
 # Value: none | htpasswd | remote_user | http_x_remote_user
-#type = none
+type = ldap
+
+# URI to the LDAP server
+ldap_uri = ldap://localhost
+
+# The base DN of the LDAP server
+ldap_base = ##BASE_DN##
+
+# The reader DN of the LDAP server
+ldap_reader_dn = CN=ossreader,CN=Users,##BASE_DN##
+
+# Password of the reader DN
+ldap_secret = ossreader
+
+# If the ldap groups of the user need to be loaded
+ldap_load_groups = True
 
 # Htpasswd filename
 #htpasswd_filename = /etc/radicale/users
@@ -77,7 +92,7 @@
 #type = owner_only
 
 # File for rights management from_file
-#file = /etc/radicale/rights
+file = /etc/radicale/rights
 
 
 [storage]
diff --git a/rights b/rights
index 1425003e..03a05e80 100644
--- a/rights
+++ b/rights
@@ -1,5 +1,34 @@
-# -*- mode: conf -*-
-# vim:ft=cfg
+# Allow all rights for the Administrator
+[root]
+user: Administrator
+collection: .*
+permissions: RW
+
+# Allow reading principal collection (same as username)
+[principal]
+user: .+
+collection: {user}
+permissions: R
+
+# Allow reading and writing private collection (same as username)
+[private]
+user: .+
+collection: {user}/private/
+permissions: RW
+
+# Allow reading and writing calendars and address books that are direct
+# children of the principal collection for the member of some groups
+[calendarsWriter]
+groups: sysadmins,teachers,administration,administrators
+collection: {user}/[^/]+
+permissions: rw
+
+# Allow reading calendars and address books that are direct
+# children of the principal collection for other users
+[calendarsReader]
+user: .+
+collection: {user}/[^/]+
+permissions: r
 
 # Rights management file for Radicale - A simple calendar server
 #