diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index 56d139b..2f76498 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -20,34 +20,38 @@ from flaschengeist.plugins import AuthPlugin, before_role_updated
 
 class AuthLDAP(AuthPlugin):
     def load(self):
+        self.config = config.get("auth_ldap", None)
+        if self.config is None:
+            logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True)
+            raise InternalServerError
         app.config.update(
-            LDAP_SERVER=config.get("host", "localhost"),
-            LDAP_PORT=config.get("port", 389),
-            LDAP_BINDDN=config.get("bind_dn", None),
-            LDAP_SECRET=config.get("secret", None),
-            LDAP_USE_SSL=config.get("use_ssl", False),
+            LDAP_SERVER=self.config.get("host", "localhost"),
+            LDAP_PORT=self.config.get("port", 389),
+            LDAP_BINDDN=self.config.get("bind_dn", None),
+            LDAP_SECRET=self.config.get("secret", None),
+            LDAP_USE_SSL=self.config.get("use_ssl", False),
             # That's not TLS, its dirty StartTLS on unencrypted LDAP
             LDAP_USE_TLS=False,
             LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
             FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
         )
         if "ca_cert" in config:
-            app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
+            app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"]
         else:
             # Default is CERT_REQUIRED
             app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
         self.ldap = LDAPConn(app)
-        self.base_dn = config["base_dn"]
-        self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
-        self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
-        self.password_hash = config.get("password_hash", "SSHA").upper()
-        self.object_classes = config.get("object_classes", ["inetOrgPerson"])
-        self.user_attributes: dict = config.get("user_attributes", {})
-        self.dn_template = config.get("dn_template")
+        self.base_dn = self.config["base_dn"]
+        self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
+        self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
+        self.password_hash = self.config.get("password_hash", "SSHA").upper()
+        self.object_classes = self.config.get("object_classes", ["inetOrgPerson"])
+        self.user_attributes: dict = self.config.get("user_attributes", {})
+        self.dn_template = self.config.get("dn_template")
 
         # TODO: might not be set if modify is called
-        self.root_dn = config.get("root_dn", None)
-        self.root_secret = config.get("root_secret", None)
+        self.root_dn = self.config.get("root_dn", None)
+        self.root_secret = self.config.get("root_secret", None)
 
         @before_role_updated
         def _role_updated(role, new_name):