diff --git a/etebase_server/settings.py b/etebase_server/settings.py
index 2e3568d..1fef2c8 100644
--- a/etebase_server/settings.py
+++ b/etebase_server/settings.py
@@ -173,6 +173,7 @@ if any(os.path.isfile(x) for x in config_locations):
         LDAP_BIND_DN = ldap.get("bind_dn", "")
         LDAP_BIND_PW = ldap.get("bind_pw", "")
         LDAP_BIND_PW_FILE = ldap.get("bind_pw_file", "")
+        LDAP_CACHE_TTL = ldap.get("cache_ttl", "")
 
         # Configure EteBase to use LDAP
         ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
diff --git a/myauth/ldap.py b/myauth/ldap.py
index 1112001..0075fab 100644
--- a/myauth/ldap.py
+++ b/myauth/ldap.py
@@ -36,6 +36,13 @@ class LDAPConnection:
         self.__LDAP_FILTER = ldap_setting("FILTER", "")
         self.__LDAP_SEARCH_BASE = ldap_setting("SEARCH_BASE", "")
 
+        # The time a cache entry is valid (in hours)
+        try:
+            self.__LDAP_CACHE_TTL = int(ldap_setting("CACHE_TTL", ""))
+        except ValueError:
+            logging.error("Invalid value for cache_ttl. Defaulting to 1 hour")
+            self.__LDAP_CACHE_TTL = 1
+
         password = ldap_setting("BIND_PW", "")
         if not password:
             pwfile = ldap_setting("BIND_PW_FILE", "")
@@ -84,7 +91,7 @@ class LDAPConnection:
             return False
 
         if len(result) == 1:
-            self.__user_cache[username] = timezone.now() + timezone.timedelta(hours=1)
+            self.__user_cache[username] = timezone.now() + timezone.timedelta(hours=self.__LDAP_CACHE_TTL)
             return True
         return False