diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml
index f67c1426cfe09d5595c50e4745ff97bf8e9dd5d6..75ffba40e75de49b59590c5b269ef423d3184de4 100644
--- a/webserver/docker_hackmd/tasks/main.yml
+++ b/webserver/docker_hackmd/tasks/main.yml
@@ -5,7 +5,7 @@
    - { path: /srv/hackmd/mysql_root_pass,  length: 24 }
    - { path: /srv/hackmd/mysql_user_pass,  length: 12 }
    - { path: /srv/hackmd/hackmd_session_secret,  length: 32 }
-   - { path: /srv/ldap/secret/ldap_readonly_pass,  length: -1 }
+   - { path: /srv/hackmd/oauth_client_secret,  length: 32 }
 
 
 - name: create folder struct for hackmd
diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml
index 95eebbc540927b1932ffb738e21269e5bc6141ee..3eb21555a195925a71eb7138fc26f3bb7165d48b 100644
--- a/webserver/docker_hackmd/templates/docker-compose.yml
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
@@ -15,15 +15,17 @@ services:
       CMD_ALLOW_ANONYMOUS_EDITS: "true"
       CMD_DEFAULT_PERMISSION: "freely"
       CMD_ALLOW_FREEURL: "true"
-      CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
-      CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
-      CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
-      CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
-      CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
-      CMD_LDAP_SEARCHATTRIBUTES: "uid"
-      CMD_LDAP_USERIDFIELD: "uid"
-      CMD_LDAP_USERNAMEFIELD: "uid"
       CMD_EMAIL: "false"
+      CMD_OAUTH2_USER_PROFILE_URL: "{{ oauth_global.userinfo_url }}"
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
+      CMD_OAUTH2_TOKEN_URL: "{{ oauth_global.token_url }}"
+      CMD_OAUTH2_AUTHORIZATION_URL: "{{ oauth_global.authorize_url }}"
+      CMD_OAUTH2_CLIENT_ID: "hackmd"
+      CMD_OAUTH2_CLIENT_SECRET: "{{ oauth_client_secret }}"
+      CMD_OAUTH2_PROVIDERNAME: "Login with uffd"
+      CMD_OAUTH2_SCOPE: "openid email profile"
     labels:
       - traefik.enable=true
       - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)