diff --git a/data_safe_haven/infrastructure/stacks/declarative_sre.py b/data_safe_haven/infrastructure/stacks/declarative_sre.py
index 8a044a9854..4fb4891bfd 100644
--- a/data_safe_haven/infrastructure/stacks/declarative_sre.py
+++ b/data_safe_haven/infrastructure/stacks/declarative_sre.py
@@ -72,9 +72,6 @@ def run(self) -> None:
         ldap_group_search_base = f"OU=groups,{ldap_root_dn}"
         ldap_user_search_base = f"OU=users,{ldap_root_dn}"
         ldap_search_password = self.pulumi_opts.require("password-domain-ldap-searcher")
-        ldap_server_ip = self.pulumi_opts.require(
-            "shm-domain_controllers-ldap_server_ip"
-        )
         ldap_base_group_name = f"Data Safe Haven SRE {self.sre_name}"
         ldap_admin_group_name = f"{ldap_base_group_name} Administrators"
         ldap_privileged_user_group_name = f"{ldap_base_group_name} Privileged Users"
@@ -328,7 +325,9 @@ def run(self) -> None:
                 ldap_bind_dn=ldap_bind_dn,
                 ldap_root_dn=ldap_root_dn,
                 ldap_search_password=ldap_search_password,
-                ldap_server_ip=ldap_server_ip,
+                ldap_server_ip=identity.ip_address,
+                ldap_server_port=identity.server_port,
+                ldap_user_filter=ldap_user_filter,
                 ldap_user_group_name=ldap_user_group_name,
                 ldap_user_search_base=ldap_user_search_base,
                 location=self.cfg.azure.location,
diff --git a/data_safe_haven/infrastructure/stacks/sre/gitea_server.py b/data_safe_haven/infrastructure/stacks/sre/gitea_server.py
index 35c35b50d8..c6ae7d260c 100644
--- a/data_safe_haven/infrastructure/stacks/sre/gitea_server.py
+++ b/data_safe_haven/infrastructure/stacks/sre/gitea_server.py
@@ -28,12 +28,10 @@ def __init__(
         database_subnet_id: Input[str],
         dns_resource_group_name: Input[str],
         dns_server_ip: Input[str],
-        ldap_bind_dn: Input[str],
-        ldap_root_dn: Input[str],
-        ldap_search_password: Input[str],
         ldap_server_ip: Input[str],
+        ldap_server_port: Input[int],
+        ldap_user_filter: Input[str],
         ldap_user_search_base: Input[str],
-        ldap_user_group_name: Input[str],
         location: Input[str],
         networking_resource_group_name: Input[str],
         sre_fqdn: Input[str],
@@ -52,12 +50,10 @@ def __init__(
         )
         self.dns_resource_group_name = dns_resource_group_name
         self.dns_server_ip = dns_server_ip
-        self.ldap_bind_dn = ldap_bind_dn
-        self.ldap_root_dn = ldap_root_dn
-        self.ldap_search_password = ldap_search_password
         self.ldap_server_ip = ldap_server_ip
+        self.ldap_server_port = ldap_server_port
+        self.ldap_user_filter = ldap_user_filter
         self.ldap_user_search_base = ldap_user_search_base
-        self.ldap_user_group_name = ldap_user_group_name
         self.location = location
         self.networking_resource_group_name = networking_resource_group_name
         self.sre_fqdn = sre_fqdn
@@ -130,11 +126,10 @@ def __init__(
         gitea_configure_sh = Output.all(
             admin_email="dshadmin@example.com",
             admin_username="dshadmin",
-            ldap_bind_dn=props.ldap_bind_dn,
-            ldap_root_dn=props.ldap_root_dn,
-            ldap_search_password=props.ldap_search_password,
-            ldap_user_group_name=props.ldap_user_group_name,
+            ldap_username_attribute="uid",
+            ldap_user_filter=props.ldap_user_filter,
             ldap_server_ip=props.ldap_server_ip,
+            ldap_server_port=props.ldap_server_port,
             ldap_user_search_base=props.ldap_user_search_base,
         ).apply(
             lambda mustache_values: gitea_configure_sh_reader.file_contents(
diff --git a/data_safe_haven/infrastructure/stacks/sre/user_services.py b/data_safe_haven/infrastructure/stacks/sre/user_services.py
index 331d07b7e7..7d7d48de4f 100644
--- a/data_safe_haven/infrastructure/stacks/sre/user_services.py
+++ b/data_safe_haven/infrastructure/stacks/sre/user_services.py
@@ -31,8 +31,10 @@ def __init__(
         ldap_root_dn: Input[str],
         ldap_search_password: Input[str],
         ldap_server_ip: Input[str],
-        ldap_user_search_base: Input[str],
+        ldap_server_port: Input[int],
+        ldap_user_filter: Input[str],
         ldap_user_group_name: Input[str],
+        ldap_user_search_base: Input[str],
         location: Input[str],
         networking_resource_group_name: Input[str],
         nexus_admin_password: Input[str],
@@ -42,8 +44,8 @@ def __init__(
         storage_account_key: Input[str],
         storage_account_name: Input[str],
         storage_account_resource_group_name: Input[str],
-        subnet_containers: Input[network.GetSubnetResult],
         subnet_containers_support: Input[network.GetSubnetResult],
+        subnet_containers: Input[network.GetSubnetResult],
         subnet_databases: Input[network.GetSubnetResult],
         subnet_software_repositories: Input[network.GetSubnetResult],
     ) -> None:
@@ -58,8 +60,10 @@ def __init__(
         self.ldap_root_dn = ldap_root_dn
         self.ldap_search_password = ldap_search_password
         self.ldap_server_ip = ldap_server_ip
-        self.ldap_user_search_base = ldap_user_search_base
+        self.ldap_server_port = ldap_server_port
+        self.ldap_user_filter = ldap_user_filter
         self.ldap_user_group_name = ldap_user_group_name
+        self.ldap_user_search_base = ldap_user_search_base
         self.location = location
         self.networking_resource_group_name = networking_resource_group_name
         self.nexus_admin_password = Output.secret(nexus_admin_password)
@@ -117,11 +121,9 @@ def __init__(
                 database_password=props.gitea_database_password,
                 dns_resource_group_name=props.dns_resource_group_name,
                 dns_server_ip=props.dns_server_ip,
-                ldap_bind_dn=props.ldap_bind_dn,
-                ldap_root_dn=props.ldap_root_dn,
-                ldap_search_password=props.ldap_search_password,
                 ldap_server_ip=props.ldap_server_ip,
-                ldap_user_group_name=props.ldap_user_group_name,
+                ldap_server_port=props.ldap_server_port,
+                ldap_user_filter=props.ldap_user_filter,
                 ldap_user_search_base=props.ldap_user_search_base,
                 location=props.location,
                 networking_resource_group_name=props.networking_resource_group_name,
diff --git a/data_safe_haven/resources/gitea/gitea/configure.mustache.sh b/data_safe_haven/resources/gitea/gitea/configure.mustache.sh
index f88cd59475..7f4f2a404f 100644
--- a/data_safe_haven/resources/gitea/gitea/configure.mustache.sh
+++ b/data_safe_haven/resources/gitea/gitea/configure.mustache.sh
@@ -12,13 +12,11 @@ until su-exec "$USER" /usr/local/bin/gitea admin auth list | grep "DataSafeHaven
     echo "$(date -Iseconds) Attempting to register LDAP authentication..." | tee -a /var/log/configuration
     su-exec "$USER" /usr/local/bin/gitea admin auth add-ldap \
         --name DataSafeHavenLDAP \
-        --bind-dn "{{ldap_bind_dn}}" \
-        --bind-password "{{ldap_search_password}}" \
         --security-protocol "unencrypted" \
         --host "{{ldap_server_ip}}" \
-        --port "389" \
+        --port "{{ldap_server_port}}" \
         --user-search-base "{{ldap_user_search_base}}" \
-        --user-filter "(&(objectClass=user)(memberOf=CN={{ldap_user_security_group_name}},OU=Data Safe Haven Security Groups,{{ldap_root_dn}})(sAMAccountName=%[1]s))" \
+        --user-filter "(&{{{ldap_user_filter}}}({{ldap_username_attribute}}=%[1]s))" \
         --email-attribute "mail"
     sleep 1
 done