diff --git a/conf/config-dist.php b/conf/config-dist.php
index 3355c57..511bc3f 100644
--- a/conf/config-dist.php
+++ b/conf/config-dist.php
@@ -81,7 +81,7 @@ Setting('DISABLE_AUTH', false);
 
 // Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
 // or any class that implements Grocy\Middleware\AuthMiddleware
-Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
+Setting('AUTH_CLASS', 'Grocy\Middleware\LdapAuthMiddleware');
 
 // Options when using ReverseProxyAuthMiddleware
 Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER'); // The name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
@@ -92,8 +92,8 @@ Setting('LDAP_ADDRESS', 'ldap://127.0.0.1:389'); // Example value "ldap://vm-dc2
 Setting('LDAP_BASE_DN', 'ou=users,dc=yunohost,dc=org'); // Example value "DC=local,DC=berrnd,DC=net"
 Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
 Setting('LDAP_BIND_PW', ''); // Password for the above account
-Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
-Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
+Setting('LDAP_USER_FILTER', '(&(|(objectclass=posixAccount))(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))'); // Example value "(OU=grocy_users)"
+Setting('LDAP_UID_ATTR', 'uid'); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
 
 // Default permissions for new users
 // the array needs to contain the technical/constant names