diff --git a/auth.cfg.dist b/auth.cfg.dist
index 238393e..329d75b 100644
--- a/auth.cfg.dist
+++ b/auth.cfg.dist
@@ -4,3 +4,7 @@ DN_STRING = 'uid=%s,ou=People,dc=hackerspace,dc=pl'
 FAIL_DELAY = 0.5 
 IRC_BASEDN = 'ou=People,dc=hackerspace,dc=pl'
 IRC_LDAP_FILTER = '(&(objectClass=hsMember)(ircNick=%s))'
+IRC_MIFARE_FILTER = '(&(objectClass=hsMember)(mifareIDHash=%s))'
+
+LDAP_BIND_DN = 'cn=auth,ou=Services,dc=hackerspace,dc=pl'
+LDAP_BIND_PASSWORD = 'insert password here'
diff --git a/auth.py b/auth.py
index c164790..f740bb7 100644
--- a/auth.py
+++ b/auth.py
@@ -6,14 +6,18 @@ app = Flask('auth')
 app.config.from_object(__name__)
 app.config.from_pyfile('auth.cfg')
 
+def connect_to_ldap():
+    conn = ldap.initialize(app.config['LDAP_URL'])
+    conn.start_tls_s()
+    conn.simple_bind(app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PASSWORD'])
+
 @app.route('/', methods=['GET'])
 def form():
     return render_template('login.html')
 
 @app.route('/', methods=['POST'])
 def login():
-    conn = ldap.initialize(app.config['LDAP_URL'])
-    conn.start_tls_s()
+    conn = connect_to_ldap()
     res,code = 'OK', 200
     try:
         conn.simple_bind_s(app.config['DN_STRING'] % request.form['login'],
@@ -29,8 +33,7 @@ def irc_form():
 
 @app.route('/irc', methods=['POST'])
 def irc_nick():
-    conn = ldap.initialize(app.config['LDAP_URL'])
-    conn.start_tls_s()
+    conn = connect_to_ldap()
     login,code = '', 401
     try:
         nick = re.sub(app.config['STRIP_RE'], '', request.form['nick'])
@@ -44,5 +47,21 @@ def irc_nick():
         code = 500
     return make_response(login, code, { 'Content-Type': 'text/plain' })
 
+@app.route('/mifare', methods=['POST'])
+def mifare():
+    conn = connect_to_ldap()
+    login,code = '', 401
+    try:
+        h = re.sub(app.config['STRIP_RE'], '', request.form['hash'])
+        res = conn.search_s(app.config['MIFARE_BASEDN'], ldap.SCOPE_SUBTREE, 
+                app.config['MIFARE_LDAP_FILTER'] % h)
+        if len(res) == 1:
+            login = res[0][1]['uid'][0]
+            code = 200
+    except ldap.LDAPError as e:
+        print e
+        code = 500
+    return make_response(login, code, { 'Content-Type': 'text/plain' })
+
 if __name__ == '__main__':
     app.run('0.0.0.0', 8082, debug=True)