diff --git a/addons/users_ldap/__openerp__.py b/addons/users_ldap/__openerp__.py
index fad6f7fbe7e..adab3ff892c 100644
--- a/addons/users_ldap/__openerp__.py
+++ b/addons/users_ldap/__openerp__.py
@@ -50,6 +50,13 @@ anonymous authentication for users, it is only for the master
 LDAP account that is used to verify if a user exists before
 attempting to authenticate it.
 
+Securing the connection with STARTTLS is available for LDAP
+servers supporting it, by enabling the TLS option in the LDAP
+configuration.
+
+For further options configuring the LDAP settings, refer to the
+ldap.conf manpage :manpage:`ldap.conf(5)`.
+
 Security Considerations
 +++++++++++++++++++++++
 Users' LDAP passwords are never stored in the OpenERP database,
@@ -78,6 +85,9 @@ OpenERP database (which means no access), the first step
 always fails and the LDAP server is queried to do the
 authentication.
 
+Enabling STARTTLS ensures that the authentication query to the
+LDAP server is encrypted.
+
 User Template
 +++++++++++++
 In the LDAP configuration on the Company form, it is possible to
diff --git a/addons/users_ldap/users_ldap.py b/addons/users_ldap/users_ldap.py
index 5d77985d250..1ad1b2df104 100644
--- a/addons/users_ldap/users_ldap.py
+++ b/addons/users_ldap/users_ldap.py
@@ -52,7 +52,8 @@ class CompanyLDAP(osv.osv):
             args = []
         cr.execute("""
             SELECT id, company, ldap_server, ldap_server_port, ldap_binddn,
-                   ldap_password, ldap_filter, ldap_base, "user", create_user
+                   ldap_password, ldap_filter, ldap_base, "user", create_user,
+                   ldap_tls
             FROM res_company_ldap
             WHERE ldap_server != '' """ + id_clause + """ ORDER BY sequence
         """, args)
@@ -69,7 +70,11 @@ class CompanyLDAP(osv.osv):
 
         uri = 'ldap://%s:%d' % (conf['ldap_server'],
                                 conf['ldap_server_port'])
-        return ldap.initialize(uri)
+
+        connection = ldap.initialize(uri)
+        if conf['ldap_tls']:
+            connection.start_tls_s()
+        return connection
 
     def authenticate(self, conf, login, password):
         """
@@ -213,6 +218,10 @@ class CompanyLDAP(osv.osv):
             help="Model used for user creation"),
         'create_user': fields.boolean('Create user',
             help="Create the user if not in database"),
+        'ldap_tls': fields.boolean('Use TLS',
+            help="Request secure TLS/SSL encryption when connecting to the LDAP server. "
+                 "This option requires a server with STARTTLS enabled, "
+                 "otherwise all authentication attempts will fail."),
     }
     _defaults = {
         'ldap_server': '127.0.0.1',
diff --git a/addons/users_ldap/users_ldap_view.xml b/addons/users_ldap/users_ldap_view.xml
index b055ef2938d..caece7efe8f 100644
--- a/addons/users_ldap/users_ldap_view.xml
+++ b/addons/users_ldap/users_ldap_view.xml
@@ -20,6 +20,7 @@
                             <field name="user"/>
                             <newline/>
                             <field name="sequence"/>
+                            <field name="ldap_tls"/>
                         </form>
                         <tree string="LDAP Configuration">
                             <field name="sequence"/>