diff --git a/CHANGES.rst b/CHANGES.rst
index 371f26eb6eb358e0da14d983c89f6e6df281658e..1ce58632b8121b57560f675606b180922e49cfc4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,16 @@
+Changes in synapse v0.18.3 (2016-11-08)
+=======================================
+
+SECURITY UPDATE
+
+Explicitly require authentication when using LDAP3. This is the default on
+versions of ``ldap3`` above 1.0, but some distributions will package an older
+version.
+
+If you are using LDAP3 login and have a version of ``ldap3`` older than 1.0 it
+is **CRITICAL to updgrade**.
+
+
 Changes in synapse v0.18.2 (2016-11-01)
 =======================================
 
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 4e2a592d3d93eecd7e9c05765faef85510b05f1b..d366b69daba6e14cd88d064f63d8f3294fca5f40 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.2"
+__version__ = "0.18.3"
diff --git a/synapse/util/ldap_auth_provider.py b/synapse/util/ldap_auth_provider.py
index f852e9b03774760b7f40bdc56c246cb6d516421b..1b989248fb1814f590e2c0f9457523e9a13ba9b3 100644
--- a/synapse/util/ldap_auth_provider.py
+++ b/synapse/util/ldap_auth_provider.py
@@ -236,7 +236,8 @@ class LdapAuthProvider(object):
                 value=localpart,
                 base=self.ldap_base
             )
-            conn = ldap3.Connection(server, bind_dn, password)
+            conn = ldap3.Connection(server, bind_dn, password,
+                                    authentication=ldap3.AUTH_SIMPLE)
             logger.debug(
                 "Established LDAP connection in simple bind mode: %s",
                 conn