diff --git a/changelog/unreleased/add-ldap-usertype-attribute.md b/changelog/unreleased/add-ldap-usertype-attribute.md
new file mode 100644
index 0000000000..641a2a4b40
--- /dev/null
+++ b/changelog/unreleased/add-ldap-usertype-attribute.md
@@ -0,0 +1,5 @@
+Enhancement: Add LDAP user type attribute
+
+Adding an LDAP attribute so that we can distinguish between member and guest users.
+
+https://github.com/cs3org/reva/pull/3744
diff --git a/pkg/auth/manager/ldap/ldap.go b/pkg/auth/manager/ldap/ldap.go
index 8b81620981..f7fae2f5d2 100644
--- a/pkg/auth/manager/ldap/ldap.go
+++ b/pkg/auth/manager/ldap/ldap.go
@@ -144,7 +144,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 	userID := &user.UserId{
 		Idp:      am.c.Idp,
 		OpaqueId: uid,
-		Type:     user.UserType_USER_TYPE_PRIMARY, // TODO: assign the appropriate user type
+		Type:     am.c.LDAPIdentity.GetUserType(userEntry),
 	}
 	gwc, err := pool.GetGatewayServiceClient(am.c.GatewaySvc)
 	if err != nil {
diff --git a/pkg/user/manager/ldap/ldap.go b/pkg/user/manager/ldap/ldap.go
index d254b367fd..6b8eeb66cd 100644
--- a/pkg/user/manager/ldap/ldap.go
+++ b/pkg/user/manager/ldap/ldap.go
@@ -261,6 +261,6 @@ func (m *manager) ldapEntryToUserID(entry *ldap.Entry) (*userpb.UserId, error) {
 	return &userpb.UserId{
 		Idp:      m.c.Idp,
 		OpaqueId: uid,
-		Type:     userpb.UserType_USER_TYPE_PRIMARY,
+		Type:     m.c.LDAPIdentity.GetUserType(entry),
 	}, nil
 }
diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go
index 5fe746c476..83a66739a9 100644
--- a/pkg/utils/ldap/identity.go
+++ b/pkg/utils/ldap/identity.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"strings"
 
+	identityUser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/errtypes"
 	"github.com/go-ldap/ldap/v3"
 	"github.com/google/uuid"
@@ -43,6 +44,7 @@ type userConfig struct {
 	Objectclass         string     `mapstructure:"user_objectclass"`
 	DisableMechanism    string     `mapstructure:"user_disable_mechanism"`
 	EnabledProperty     string     `mapstructure:"user_enabled_property"`
+	UserTypeProperty    string     `mapstructure:"user_type_property"`
 	Schema              userSchema `mapstructure:"user_schema"`
 	SubstringFilterType string     `mapstructure:"user_substring_filter_type"`
 	substringFilterVal  int
@@ -207,6 +209,8 @@ func (i *Identity) GetLDAPUserByFilter(log *zerolog.Logger, lc ldap.Client, filt
 			i.User.Schema.Username,
 			i.User.Schema.UIDNumber,
 			i.User.Schema.GIDNumber,
+			i.User.EnabledProperty,
+			i.User.UserTypeProperty,
 		},
 		nil,
 	)
@@ -246,6 +250,7 @@ func (i *Identity) GetLDAPUserByDN(log *zerolog.Logger, lc ldap.Client, dn strin
 			i.User.Schema.Username,
 			i.User.Schema.UIDNumber,
 			i.User.Schema.GIDNumber,
+			i.User.EnabledProperty,
 		},
 		nil,
 	)
@@ -277,6 +282,8 @@ func (i *Identity) GetLDAPUsers(log *zerolog.Logger, lc ldap.Client, query strin
 			i.User.Schema.DisplayName,
 			i.User.Schema.UIDNumber,
 			i.User.Schema.GIDNumber,
+			i.User.EnabledProperty,
+			i.User.UserTypeProperty,
 		},
 		nil,
 	)
@@ -685,3 +692,16 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err
 		value,
 	), nil
 }
+
+// GetUserType is used to get the proper UserType from ldap entry string
+func (i *Identity) GetUserType(userEntry *ldap.Entry) identityUser.UserType {
+	userTypeString := userEntry.GetEqualFoldAttributeValue(i.User.UserTypeProperty)
+	switch strings.ToLower(userTypeString) {
+	case "member":
+		return identityUser.UserType_USER_TYPE_PRIMARY
+	case "guest":
+		return identityUser.UserType_USER_TYPE_GUEST
+	default:
+		return identityUser.UserType_USER_TYPE_PRIMARY
+	}
+}