diff --git a/ChangeLog b/ChangeLog
index a0e21f2d6e196ecfca157c0c6afa0c3095467960..5eab33313fbb2898a7434b7c04417ae252bd9e6b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -68,6 +68,7 @@ version 0.9.4 -- unreleased
 	 . Removed warning about vserver not running (thanks anarcat)
 	ldap:
 	 . Compress now happens in-line to save some disk space (Closes: #370778)
+	 . ldaphost and tls options added for ldapsearch method (Closes: #362027)
 	makecd:
 	 . Added nicelevel option (thanks rhatto)
     lib changes
diff --git a/examples/example.ldap b/examples/example.ldap
index adc1fcd039affb78a9f13db3a4ff372d8e165f0b..ee7c57d42f438fe8764aea93daa1e4dfec0bbb85 100644
--- a/examples/example.ldap
+++ b/examples/example.ldap
@@ -43,3 +43,9 @@
 ## to, not needed for slapcat
 # binddn =
 
+## ldaphost (no default): set this to your ldap host if it is not local
+# ldaphost =
+
+## tls (default yes): if set to 'yes' then TLS connection will be
+## attempted to your ldaphost by using the URI base ldaps: otherwise ldap: will be used
+# tls = yes
\ No newline at end of file
diff --git a/handlers/ldap b/handlers/ldap
index ee46831092d10688be9d67d09401c7329346aeb5..ba3d78a0d0f351de1c1e42ed49581afb080de822 100644
--- a/handlers/ldap
+++ b/handlers/ldap
@@ -12,6 +12,14 @@ getconf restart no
 getconf method ldapsearch
 getconf passwordfile
 getconf binddn
+getconf ldaphost
+getconf tls yes
+
+if [ $tls = 'yes' ] 
+   URLBASE="ldaps"
+else
+   URLBASE="ldap"
+fi
 
 status="ok"
 
@@ -54,9 +62,17 @@ if [ "$ldif" == "yes" ]; then
          debug "$execstr"
       else
          if [ "$compress" == "yes" ]; then
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            fi
          else
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            fi
          fi
          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
          debug "$execstr"