diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3e7873..bd90ddf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+### 3.13.0
+
+- Add service[managed] option to disable managing of the Splunk service
+- Add ldap_port option
+
 ### 3.12.4
 
 - Fix missing $ in $package_source variable
diff --git a/README.md b/README.md
index 149c4d9..9c4a2b6 100644
--- a/README.md
+++ b/README.md
@@ -769,11 +769,12 @@ This is a hash with the following members:
 - `saml_entityid` (defaults to $fqdn, override in search head clustering setups to make every search head use the same Relaying Party Trust in ADFS)
 - `saml_fqdn` (not present by default, override in search head clustering setups to have ADFS redirect to this URL which should normally be the URL handled by a load balancer. If you omit this, ADFS will redirect to the individual search head that make de SAML request which isn't what you want in SHC)
 - `ldap_host`
+- `ldap_port`: optional if you use a non-standard port
 - `ldap_binddn`
 - `ldap_binddnpassword`
 - `ldap_userbasedn`
 - `ldap_groupbasedn`
-- `ldap_sslenabled`
+- `ldap_sslenabled`: default
 - `ldap_usernameattribute`
 - `ldap_groupmemberattribute`
 - `ldap_groupnameattribute`
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index a361d80..3d7f9a4 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -417,6 +417,21 @@
     it { should contain_class('splunk::installed') }
     it { should contain_package('splunk') }
     it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/bindDN = CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld/) }
+    it { should_not contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/port = /) }
+  end
+
+  context 'with ldap auth on different port' do
+    let(:params) { 
+      {
+        :auth  => { 'authtype' => 'LDAP', 'ldap_host' => 'dc01.internal.corp.example', 'ldap_binddn' => 'CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld', 'ldap_binddnpassword' => 'changeme', 'ldap_port' => 12345},
+        :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
+        :dontruncmds => true,
+      }
+    }
+    it { should contain_class('splunk::installed') }
+    it { should contain_package('splunk') }
+    it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/bindDN = CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld/) }
+    it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/port = 12345/) }
   end
 
   context 'with ldap auth and nestedgroups enabled' do
diff --git a/templates/puppet_common_auth_ldap_base/local/authentication.conf b/templates/puppet_common_auth_ldap_base/local/authentication.conf
index 5a0c632..c21ce72 100644
--- a/templates/puppet_common_auth_ldap_base/local/authentication.conf
+++ b/templates/puppet_common_auth_ldap_base/local/authentication.conf
@@ -27,7 +27,9 @@ groupNameAttribute = <%= @auth_defaults['ldap_groupnameattribute'] %>
 groupNameAttribute = <%= @auth['ldap_groupnameattribute'] %>
 <% end -%>
 host = <%= @auth['ldap_host'] %>
+<% if not @auth['ldap_port'].nil? -%>
 port = <%= @auth['ldap_port'] %>
+<% end -%>
 <% if not @auth['ldap_nestedgroups'].nil? -%>
 nestedGroups = <%= @auth['ldap_nestedgroups'] %>
 <% end -%>