diff --git a/plugins/ldap/lib/ext/environment.rb b/plugins/ldap/lib/ext/environment.rb
index 4651b8a..87529e9 100644
--- a/plugins/ldap/lib/ext/environment.rb
+++ b/plugins/ldap/lib/ext/environment.rb
@@ -6,7 +6,7 @@ class Environment
 
   validates_presence_of :ldap_plugin_host, :if => lambda {|env| !env.ldap_plugin.blank? }
 
-  attr_accessible :ldap_plugin_host, :ldap_plugin_port, :ldap_plugin_tls, :ldap_plugin_onthefly_register, :ldap_plugin_account, :ldap_plugin_account_password, :ldap_plugin_filter, :ldap_plugin_base_dn, :ldap_plugin_attr_mail, :ldap_plugin_attr_login, :ldap_plugin_attr_fullname
+  attr_accessible :ldap_plugin_host, :ldap_plugin_port, :ldap_plugin_tls, :ldap_plugin_onthefly_register, :ldap_plugin_account, :ldap_plugin_account_password, :ldap_plugin_filter, :ldap_plugin_base_dn, :ldap_plugin_attr_mail, :ldap_plugin_attr_login, :ldap_plugin_attr_fullname, :ldap_plugin_allow_password_recovery
 
   def ldap_plugin_attributes
     self.ldap_plugin || {}
@@ -113,4 +113,13 @@ class Environment
     self.ldap_plugin['tls'] = (value.to_s == '1') ? true : false
   end
 
+  def ldap_plugin_allow_password_recovery
+    self.ldap_plugin['allow_password_recovery'] ||= false
+  end
+
+  def ldap_plugin_allow_password_recovery= value
+    self.ldap_plugin = {} if self.ldap_plugin.blank?
+    self.ldap_plugin['allow_password_recovery'] = (value.to_i == 1)
+  end
+
 end
diff --git a/plugins/ldap/lib/ldap_plugin.rb b/plugins/ldap/lib/ldap_plugin.rb
index 9dade30..2193c65 100644
--- a/plugins/ldap/lib/ldap_plugin.rb
+++ b/plugins/ldap/lib/ldap_plugin.rb
@@ -36,7 +36,7 @@ class LdapPlugin < Noosfero::Plugin
   end
 
   def allow_password_recovery
-    false
+    context.environment.ldap_plugin['allow_password_recovery']
   end
 
   def alternative_authentication
diff --git a/plugins/ldap/test/unit/ldap_plugin_test.rb b/plugins/ldap/test/unit/ldap_plugin_test.rb
index aa1d3c3..01b55a9 100644
--- a/plugins/ldap/test/unit/ldap_plugin_test.rb
+++ b/plugins/ldap/test/unit/ldap_plugin_test.rb
@@ -9,6 +9,8 @@ class LdapPluginTest < ActiveSupport::TestCase
 
   should "not allow password recovery" do
     plugin = LdapPlugin.new
+    plugin.context = mock
+    plugin.context.expects(:environment).returns(Environment.default)
     refute plugin.allow_password_recovery
   end
 
diff --git a/plugins/ldap/views/ldap_plugin_admin/index.html.erb b/plugins/ldap/views/ldap_plugin_admin/index.html.erb
index 0f5dafc..2f7f7e0 100644
--- a/plugins/ldap/views/ldap_plugin_admin/index.html.erb
+++ b/plugins/ldap/views/ldap_plugin_admin/index.html.erb
@@ -4,7 +4,7 @@
 
 <table>
   <tr>
-    <th><%= c_('Configuration') %></th>
+    <th><%= _('LDAP Configuration') %></th>
     <th><%= _('Value') %></th>
   </tr>
   <tr>
@@ -43,7 +43,8 @@
 
 <table>
   <tr>
-    <th colspan='2'> <%= _('Attributes') %> </th>
+    <th><%= _('Attributes') %></th>
+    <th><%= _('LDAP Field') %></th>
   </tr>
   <tr>
     <td><%= c_('Login') %></td>
@@ -59,6 +60,18 @@
   </tr>
 </table>
 
+<table>
+  <tr>
+    <th><%= _('Behaviour Configuration') %></th>
+  </tr>
+  <tr>
+    <td><label>
+      <%= check_box :environment, :ldap_plugin_allow_password_recovery, {}, '1', '0' %>
+      <%= _('Allow password recovery') %>
+    </label></td>
+  </tr>
+</table>
+
 <div>
   <% button_bar do %>
     <%= submit_button('save', c_('Save changes')) %>
--
libgit2 0.21.2