diff --git a/actions/ikiwiki b/actions/ikiwiki
index ea50df038..29382ee1d 100755
--- a/actions/ikiwiki
+++ b/actions/ikiwiki
@@ -157,6 +157,7 @@ def setup():
         os.makedirs(SITE_PATH)
 
     subprocess.check_call(['a2enmod', 'cgi'])
+    subprocess.check_call(['a2enmod', 'authnz_ldap'])
     subprocess.check_call(['a2enconf', 'ikiwiki-plinth'])
     subprocess.check_call(['service', 'apache2', 'restart'])
 
diff --git a/data/etc/apache2/conf-available/ikiwiki-plinth.conf b/data/etc/apache2/conf-available/ikiwiki-plinth.conf
index ba417eede..5127ce162 100644
--- a/data/etc/apache2/conf-available/ikiwiki-plinth.conf
+++ b/data/etc/apache2/conf-available/ikiwiki-plinth.conf
@@ -1,6 +1,17 @@
 Alias /ikiwiki /var/www/ikiwiki
+Alias /ikiwiki-auth /var/www/ikiwiki
 AddHandler cgi-script .cgi
 
-<Directory /var/www/ikiwiki>
+<Location /ikiwiki>
     Options +ExecCGI
-</Directory>
+</Location>
+
+<Location /ikiwiki-auth>
+    Options +ExecCGI
+
+    AuthType basic
+    AuthName "login required"
+    AuthBasicProvider ldap
+    AuthLDAPURL "ldap:///ou=users,dc=thisbox?uid"
+    Require valid-user
+</Location>
diff --git a/data/etc/ikiwiki/plinth-blog.setup b/data/etc/ikiwiki/plinth-blog.setup
index c64bbc4c0..795c3334b 100644
--- a/data/etc/ikiwiki/plinth-blog.setup
+++ b/data/etc/ikiwiki/plinth-blog.setup
@@ -22,6 +22,7 @@ IkiWiki::Setup::Automator->import(
     dumpsetup => "/var/lib/ikiwiki/$wikiname_short.setup",
     url => "/ikiwiki/$wikiname_short",
     cgiurl => "/ikiwiki/$wikiname_short/ikiwiki.cgi",
+    cgiauthurl => "/ikiwiki-auth/$wikiname_short/ikiwiki.cgi",
     cgi_wrapper => "/var/www/ikiwiki/$wikiname_short/ikiwiki.cgi",
     add_plugins => [qw{goodstuff websetup comments calendar sidebar trail httpauth}],
     rss => 1,
diff --git a/data/etc/ikiwiki/plinth-wiki.setup b/data/etc/ikiwiki/plinth-wiki.setup
index 9d564a8c2..889b6c93c 100644
--- a/data/etc/ikiwiki/plinth-wiki.setup
+++ b/data/etc/ikiwiki/plinth-wiki.setup
@@ -22,6 +22,7 @@ IkiWiki::Setup::Automator->import(
     dumpsetup => "/var/lib/ikiwiki/$wikiname_short.setup",
     url => "/ikiwiki/$wikiname_short",
     cgiurl => "/ikiwiki/$wikiname_short/ikiwiki.cgi",
+    cgiauthurl => "/ikiwiki-auth/$wikiname_short/ikiwiki.cgi",
     cgi_wrapper => "/var/www/ikiwiki/$wikiname_short/ikiwiki.cgi",
     add_plugins => [qw{goodstuff websetup httpauth}],
     rss => 1,