diff --git a/README.md b/README.md
index 133681c..87622eb 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,17 @@ Body
 }
 ```
 
+Add an ldap user
+
+Body
+```
+{
+    "userName": "Ldap User", 
+    "groupName": "Users",
+    "ldapUser": true
+}
+```
+
 Registering a user requires specifying the group to which the user will belong. There are 2 built-in groups, with groupName of 'Administrators' or 'Users' and corresponding groupId of 1 and 2 respectively. Available groups can be retrieved via the `/api/admin/groups/list`
 
 This operation can only be performed by a user that is a member of a group with the admin flag enabled, or a user who has the admin flag enabled individually on their database record.
diff --git a/controllers/auth.go b/controllers/auth.go
index 0226be8..8ca6a63 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -17,9 +17,10 @@ import (
 
 type AddUserInput struct {
 	UserName  string `json:"userName" binding:"required"`
-	Password  string `json:"password" binding:"required"`
+	Password  string `json:"password"`
 	GroupId   int    `json:"groupId"`
 	GroupName string `json:"groupName"`
+	LdapUser  bool   `json:"ldapUser"`
 	//RoleId   int    `json:"roleid"`
 }
 
@@ -99,12 +100,17 @@ func AddUser(c *gin.Context) {
 	}
 
 	if len(input.UserName) == 0 {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "no username specified"})
+		c.JSON(http.StatusBadRequest, gin.H{"error": "username must be specified"})
 		return
 	}
 
-	if len(input.Password) == 0 {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "no password specified"})
+	if len(input.Password) == 0 && !input.LdapUser {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "password must be specified for non-ldap user"})
+		return
+	}
+
+	if input.LdapUser && len(input.Password) > 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "password should not be specified for ldap user"})
 		return
 	}
 
@@ -161,18 +167,20 @@ func AddUser(c *gin.Context) {
 		return
 	}
 
-	//turn password into hash
-	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(u.Password), bcrypt.DefaultCost)
-	if err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"Error hashing password": err.Error()})
-		return
-	} else {
-		//log.Printf("Register generated hashed password value '%s' from '%s'\n", string(hashedPassword), input.Password)
-		log.Printf("Register generated hashed password value '%s'\n", string(hashedPassword))
+	//turn password into hash if defined
+	if len(input.Password) > 0 {
+		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(u.Password), bcrypt.DefaultCost)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"Error hashing password": err.Error()})
+			return
+		} else {
+			//log.Printf("Register generated hashed password value '%s' from '%s'\n", string(hashedPassword), input.Password)
+			log.Printf("Register generated hashed password value '%s'\n", string(hashedPassword))
+		}
+		u.Password = string(hashedPassword)
 	}
-	u.Password = string(hashedPassword)
 
-	_, err = u.SaveUser()
+	_, err := u.SaveUser()
 
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"Error saving user": err.Error()})