diff --git a/auth/ldap/ldap.go b/auth/ldap/ldap.go
index 7c13367..368ae94 100644
--- a/auth/ldap/ldap.go
+++ b/auth/ldap/ldap.go
@@ -4,11 +4,12 @@ package ldap
 import (
 	"github.com/go-ldap/ldap/v3"
 	"log"
+	"strings"
 )
 
 // Options holds package configuration
 type Options struct {
-	Aliases map[string]string
+	Aliases map[string]map[string]string
 	URI     string
 	UserDn  string
 }
@@ -22,17 +23,33 @@ type LDAP struct {
 // Login tries to bind to LDAP
 // Returns (true, nil) if success
 func (a LDAP) Login(username string, password string) (bool, error) {
-	// Resolve stream alias if necessary
-	for aliasFor, ok := a.Cfg.Aliases[username]; ok; aliasFor, ok = a.Cfg.Aliases[username] {
-		log.Printf("[LDAP] Use stream alias %s for username %s", username, aliasFor)
-		username = aliasFor
+	aliasSplit := strings.SplitN(username, "__", 2)
+	potentialUsernames := []string{username}
+
+	for len(aliasSplit) == 2 {
+		alias := aliasSplit[0]
+		trueUsername := aliasSplit[1]
+		// Resolve stream alias if necessary
+		if aliases, ok := a.Cfg.Aliases[alias]; ok {
+			if _, ok := aliases[trueUsername]; ok {
+				log.Printf("[LDAP] Use stream alias %s for username %s", alias, trueUsername)
+				potentialUsernames = append(potentialUsernames, trueUsername)
+			}
+		}
 	}
 
-	// Try to bind as user
-	bindDn := "cn=" + username + "," + a.Cfg.UserDn
-	err := a.Conn.Bind(bindDn, password)
+	var err error = nil
+	for _, username := range potentialUsernames {
+		// Try to bind as user
+		bindDn := "cn=" + username + "," + a.Cfg.UserDn
+		err = a.Conn.Bind(bindDn, password)
+		if err == nil {
+			// Login succeeded if no error
+			return true, nil
+		}
+	}
 
-	// Login succeeded if no error
+	// Unable to log in
 	return err == nil, err
 }
 
diff --git a/docs/ghostream.example.yml b/docs/ghostream.example.yml
index 27c7ee4..32ddaad 100644
--- a/docs/ghostream.example.yml
+++ b/docs/ghostream.example.yml
@@ -36,8 +36,10 @@ auth:
   #  userdn: cn=users,dc=example,dc=com
   #
   #  # You can define aliases, to stream on stream.example.com/example with the credentials of the demo account.
+  #  # You will have to use the streamid example__demo:password
   #  aliases:
-  #    example: demo
+  #    example:
+  #      demo: ignored
   #
 
 ## Stream forwarding ##
diff --git a/internal/config/config.go b/internal/config/config.go
index a16fa75..0b3b6a7 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -42,7 +42,7 @@ func New() *Config {
 				Credentials: make(map[string]string),
 			},
 			LDAP: ldap.Options{
-				Aliases: make(map[string]string),
+				Aliases: make(map[string]map[string]string),
 				URI:     "ldap://127.0.0.1:389",
 				UserDn:  "cn=users,dc=example,dc=com",
 			},