diff --git a/config/example-config.php b/config/example-config.php
index 4b076568..d69537e8 100644
--- a/config/example-config.php
+++ b/config/example-config.php
@@ -169,14 +169,16 @@ $c->admin_email ='calendar-admin@example.com';
 //$c->authenticate_hook['call'] = 'LDAP_check';
 //$c->authenticate_hook['config'] = array(
 //    'host' => 'www.tennaxia.net', //host name of your LDAP Server
-//    'port' => '389', //port
+//    'port' => '389',              //port
 
        /* For the initial bind to be anonymous leave bindDN and passDN
           commented out */
-//    'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net', //DN to bind to this server enabling to perform request
-//    'passDN'=> 'xxxxxxxx', //Password of the previous bindDN to bind to this server enabling to perform request
+// DN to bind to this server enabling to perform request
+//    'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net', 
+// Password of the previous bindDN to bind to this server enabling to perform request
+//    'passDN'=> 'xxxxxxxx', 
 
-//    'protocolVersion' => '3',  //Version of LDAP protocol to use
+//    'protocolVersion' => '3', //Version of LDAP protocol to use
 //    'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user
 //    'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets
 //    'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM
@@ -191,7 +193,15 @@ $c->admin_email ='calendar-admin@example.com';
 //    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
        /** foreach key set start and length in the string provided by ldap
            example for openLDAP timestamp : 20070503162215Z **/
-//    'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))
+//    'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
+//    'startTLS' => 'yes',  // Require that TLS is used for LDAP?
+             // If ldap_start_tls is not working, it is probably
+             // because php wants to validate the server's
+             // certificate. Try adding "TLS_REQCERT never" to the
+             // ldap configuration file that php uses (e.g. /etc/ldap.conf
+             // or /etc/ldap/ldap.conf). Of course, this lessens security! 
+//     'scope' => 'subtree', // Search scope to use, defaults to subtree.
+//                           // Allowed values: base, onelevel, subtree.
 //
 //    );
 //
diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php
index ba7be4cc..451fd0d1 100644
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@@ -66,6 +66,37 @@ class ldapDrivers
       //Set LDAP protocol version
       if (isset($config['protocolVersion'])) ldap_set_option($this->connect,LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
 
+      // Start TLS if desired (requires protocol version 3)
+      if (isset($config['startTLS'])) {
+        if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+          $c->messages[] = sprintf(i18n( "drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported") );
+          $this->valid=false;
+          return;
+        }
+        if (!ldap_start_tls($this->connect)) {
+          $c->messages[] = sprintf(i18n( "drivers_ldap : Could not start TLS: ldap_start_tls() failed") );
+          $this->valid=false;
+          return;
+        }
+      }
+
+      //Set the search scope to be used, default to subtree.
+      if (!isset($config['scope'])) $config['scope'] = 'subtree';
+      switch (strtolower($config['scope'])) {
+      case "base":
+        $this->ldap_query_one = ldap_read;
+        $this->ldap_query_all = ldap_read;
+        break;
+      case "onelevel":
+        $this->ldap_query_one = ldap_list;
+        $this->ldap_query_all = ldap_list;
+        break;
+      default:
+        $this->ldap_query_one = ldap_search;
+        $this->ldap_query_all = ldap_list;
+        break;
+      }
+
       //connect as root
       if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
           $bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
@@ -88,7 +119,9 @@ class ldapDrivers
   */
   function getAllUsers($attributes){
     global $c;
-    $entry = ldap_list($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
+
+    $query = $this->ldap_query_all;
+    $entry = $query($this->connect,$this->baseDNUsers,$this->filterUsers,$attributes);
     if (!ldap_first_entry($this->connect,$entry))
             $c->messages[] = sprintf(i18n("Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<"),$this->filterUsers,join(', ',$attributes), $this->baseDNUsers);
     for($i=ldap_first_entry($this->connect,$entry);
@@ -116,7 +149,8 @@ class ldapDrivers
 
     $entry=NULL;
     // We get the DN of the USER
-    $entry = ldap_search($this->connect, $this->baseDNUsers, $filter,$attributes);
+    $query = $this->ldap_query_one;
+    $entry = $query($this->connect, $this->baseDNUsers, $filter,$attributes);
     if ( !ldap_first_entry($this->connect, $entry) ){
       dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
       return false;
@@ -268,6 +302,10 @@ function sync_LDAP(){
     $mapping = $c->authenticate_hook['config']['mapping_field'];
     $attributes = array_values($mapping);
     $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
+
+    if ( sizeof($ldap_users_tmp) == 0 )
+      return;
+
     foreach($ldap_users_tmp as $key => $ldap_user){
       $ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
       unset($ldap_users_tmp[$key]);
@@ -315,7 +353,7 @@ function sync_LDAP(){
           $usr_in .= ', ' . qpg($v);
       }
       $usr_in = substr($usr_in,1);
-      $c->messages[] = sprintf(i18n('- deactivating users : %s'),$usr_in);
+      $c->messages[] = sprintf(i18n('- deactivating users : %s'),join(', ',$users_to_deactivate));
       $qry = new PgQuery( "UPDATE usr SET active = FALSE WHERE lower(username) IN ($usr_in)");
       $qry->Exec('sync_LDAP',__LINE__,__FILE__);
     }
@@ -326,6 +364,9 @@ function sync_LDAP(){
         $valid=$ldap_users_info[$username];
         $ldap_timestamp = $valid[$mapping["updated"]];
 
+        $valid["user_no"] = $db_users_info[$username]["user_no"];
+        $mapping["user_no"] = "user_no";
+
         /**
         * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
         */
@@ -343,9 +384,10 @@ function sync_LDAP(){
           $users_nothing_done[] = $username;
         }
       }
-      $c->messages[] = sprintf(i18n('- updating user record %s'),join(', ',$users_to_update));
+      if ( sizeof($users_to_update) )
+        $c->messages[] = sprintf(i18n('- updating user records : %s'),join(', ',$users_to_update));
       if ( sizeof($users_nothing_done) )
-        $c->messages[] = sprintf(i18n('- nothing done on %s'),join(', ', $users_nothing_done));
+        $c->messages[] = sprintf(i18n('- nothing done on : %s'),join(', ', $users_nothing_done));
     }
   }
 }