diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index 201ed7b..b9412b1 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -2,7 +2,7 @@
 
 import ssl
 from ldap3.utils.hashed import hashed
-from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
+from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from flask import current_app as app
 from flask_ldapconn import LDAPConn
@@ -83,8 +83,8 @@ class AuthLDAP(AuthPlugin):
                 'uidNumber': uidNumber
 
             }
-            test = ldap_conn.add(dn, object_class, attributes)
-            print(test)
+            ldap_conn.add(dn, object_class, attributes)
+            self.set_roles(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
         except Exception as e:
@@ -116,7 +116,23 @@ class AuthLDAP(AuthPlugin):
             groups.append(data["attributes"]["cn"][0])
         return groups
 
-    def modify_user(self, user: User, password, new_password=None):
+    def set_roles(self, user: User):
+        try:
+            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
+            ldap_roles = self.ldap.response()
+            for ldap_role in ldap_roles:
+                if ldap_role["attributes"]["cn"][0] in user.roles:
+                    modify = {'memberUid': [(MODIFY_ADD, [user.userid])]}
+                else:
+                    modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]}
+                test = ldap_conn.modify(ldap_role["dn"], modify)
+
+        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+            raise BadRequest
+
+
+    def modify_user(self, user: User, password=None, new_password=None):
         try:
             dn = user.get_attribute("DN")
             if password:
@@ -137,5 +153,6 @@ class AuthLDAP(AuthPlugin):
                 salted_password = hashed(HASHED_SALTED_MD5, new_password)
                 modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
             ldap_conn.modify(dn, modifier)
+            self.set_roles(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest