diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
index 4f62f4f..53c562a 100644
--- a/CHANGELOG.adoc
+++ b/CHANGELOG.adoc
@@ -5,6 +5,11 @@
 :tags: {repo-uri}/releases/tag
 
 
+== Unreleased
+
+* Update for ldap3 2.x.
+
+
 == link:{tags}/v1.0.0[1.0.0] (2017-06-06)
 
 * First stable release.
diff --git a/README.adoc b/README.adoc
index b77d75f..cb3cda5 100644
--- a/README.adoc
+++ b/README.adoc
@@ -25,7 +25,7 @@
 
 * Python 3.x
 * {pypi-url}/bottle/[bottle]
-* {pypi-url}/ldap3[ldap3]
+* {pypi-url}/ldap3[ldap3] 2.x
 
 
 == Configuration
diff --git a/app.py b/app.py
index ff119dd..3086212 100755
--- a/app.py
+++ b/app.py
@@ -4,9 +4,10 @@
 from bottle import get, post, static_file, request, route, template
 from bottle import SimpleTemplate
 from configparser import ConfigParser
-from ldap3 import Connection, LDAPBindError, LDAPInvalidCredentialsResult, Server
-from ldap3 import AUTH_SIMPLE, SUBTREE
-from ldap3.core.exceptions import LDAPConstraintViolationResult, LDAPUserNameIsMandatoryError
+from ldap3 import Connection, Server
+from ldap3 import SIMPLE, SUBTREE
+from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
+    LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError
 import os
 from os import path
 
@@ -50,7 +51,7 @@
 
 
 def connect_ldap(**kwargs):
-    server = Server(CONF['ldap']['host'],
+    server = Server(host=CONF['ldap']['host'],
                     port=CONF['ldap'].getint('port', None),
                     use_ssl=CONF['ldap'].getboolean('use_ssl', False),
                     connect_timeout=5)
@@ -79,7 +80,7 @@
         user_dn = find_user_dn(c, username)
 
     # Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
-    with connect_ldap(authentication=AUTH_SIMPLE, user=user_dn, password=old_pass) as c:
+    with connect_ldap(authentication=SIMPLE, user=user_dn, password=old_pass) as c:
         c.bind()
         c.extend.standard.modify_password(user_dn, old_pass, new_pass)
 
@@ -87,7 +88,7 @@
 def change_password_ad(username, old_pass, new_pass):
     user = username + '@' + CONF['ldap']['ad_domain']
 
-    with connect_ldap(authentication=AUTH_SIMPLE, user=user, password=old_pass) as c:
+    with connect_ldap(authentication=SIMPLE, user=user, password=old_pass) as c:
         c.bind()
         user_dn = find_user_dn(c, username)
         c.extend.microsoft.modify_password(user_dn, new_pass, old_pass)
@@ -95,7 +96,7 @@
 
 def find_user_dn(conn, uid):
     search_filter = CONF['ldap']['search_filter'].replace('{uid}', uid)
-    conn.search(CONF['ldap']['base'], "(%s)" % search_filter, SUBTREE, attributes=['dn'])
+    conn.search(CONF['ldap']['base'], "(%s)" % search_filter, SUBTREE)
 
     return conn.response[0]['dn'] if conn.response else None
 
diff --git a/requirements.txt b/requirements.txt
index fdff77b..6f846bb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,3 @@
 bottle >= 0.12.8
-ldap3 >= 0.9, < 2.0
+ldap3 >= 2.0, < 3.0
 configparser; python_version < '3.3'