diff --git a/ChangeLog b/ChangeLog
index 3f985b20..ad64ab78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,8 @@ ver. 0.9.5 (2016/XX/XXX) - wanna-be-released
 - New Features:
    * New Actions:
      - action.d/firewallcmd-rich-rules and action.d/firewallcmd-rich-logging (gh-1367)
+   * New filters:
+     - slapd - ban hosts, that were failed to connect with invalid credentials: error code 49
 
 - Enhancements:
    * Extreme speedup of all sqlite database operations (gh-1436),
diff --git a/config/filter.d/slapd.conf b/config/filter.d/slapd.conf
new file mode 100644
index 00000000..9a4e14c5
--- /dev/null
+++ b/config/filter.d/slapd.conf
@@ -0,0 +1,17 @@
+# slapd (Stand-alone LDAP Daemon) openldap daemon filter
+#
+# Detecting invalid credentials: error code 49
+# http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49)
+
+[Definition]
+
+failregex = ^.* conn=(?P<pid>\d+) fd=\d+ ACCEPT from IP=<HOST>\:\d+ .+$<SKIPLINES>^.+ conn=(?P=pid) .* RESULT .* err=49 .*$
+
+ignoreregex =
+
+[Init]
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 20
+
+# Author: Andrii Melnyk
diff --git a/config/jail.conf b/config/jail.conf
index 941737ff..41d8d3b8 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -840,3 +840,8 @@ logencoding = utf-8
 # See "haproxy-http-auth" filter for a brief cautionary note when setting
 # maxretry and findtime.
 logpath  = /var/log/haproxy.log
+
+[slapd]
+port    = ldap,ldaps
+filter  = slapd
+logpath = /var/log/slapd.log