diff --git a/README.md b/README.md
index 97cf5f1..7c71945 100644
--- a/README.md
+++ b/README.md
@@ -135,10 +135,6 @@ These settings should only be changed if you're trying to make the user manager
    
 * `LDAP_GROUP_MEMBERSHIP_ATTRIBUTE` (default: *memberUID* or *uniqueMember*):  The attribute used when adding a user's account to a group.  When the `groupOfMembers` objectClass is detected `FORCE_RFC2307BIS` is `TRUE` it defaults to `uniqueMember`, otherwise it'll default to `memberUID`. Explicitly setting this variable will override any default.
 
-* `LDAP_GROUP_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an group.  See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
-
-* `LDAP_GROUP_ADDITIONAL_ATTRIBUTE` (no default): A comma-separated list of extra attributes to display when creating an group.  See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
-
 * `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an account.  See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
 
 * `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` (no default): A comma-separated list of extra attributes to display when creating an account.  See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
@@ -317,12 +313,12 @@ If `EMAIL_DOMAIN` is set then the email address field will be automatically upda
 
 ## Extra objectClasses and attributes
 
-If you need to use this user manager with an existing LDAP directory and your account records need additional objectClasses and attributes then you can add them via `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` and `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES`.   
+If you need to use this user manager with an existing LDAP directory and your account records need additional objectClasses and attributes then you can add them via `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` and `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES`.
 
 `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record.  For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`.   
 
-`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management pages.    
-By default these fields will be empty, with the field named for the attribute, but you can set the field labels and optionally the default values by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.   
+`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management page.    
+By default these fields will be empty, with the field named for the attribute, but you can set the field labels (and optionally the default values) by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.   
 Multiple attributes are separated by commas, so you can define the label and default values for several attributes as follows:  `attribute1:label1:default_value1,attribute2:label2:default_value2,attribute3:label3`.   
 
 As an example, to set a mailbox name and quota for the `couriermailaccount` schema you can pass these variables to the container:   
@@ -330,10 +326,21 @@ As an example, to set a mailbox name and quota for the `couriermailaccount` sche
 LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=couriermailaccount
 LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES="mailbox:Mailbox:domain.com,quota:Mail quota:20"
 ```
-   
-ObjectClasses often have attributes that must have a value, so you'll need to set a default for those attributes otherwise you'll get errors if you forget to fill in the fields.   
 
-This is advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in.  It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
+_Note_: ObjectClasses often have attributes that _must_ have a value, so you should set a default value for these attributes, otherwise if you forget to add a value when filling in the form an error will be thrown on submission.
+
+    
+### Multi-value attributes
+
+If you have an attribute that could have several values, you can add a `+` to end of the attribute name.  This will modify the form so you can add or remove extra values for that attribute.  For example, if you want to have multiple email aliases when using the _PostfixBookMailAccount_ schema then you can pass these variables to the container:   
+```
+LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount" \
+LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailAlias+:Email aliases"
+```
+
+### Caveat
+
+These settings are advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in.  It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
 
 ***
 
diff --git a/www/account_manager/new_user.php b/www/account_manager/new_user.php
index 0a6e961..c604e79 100644
--- a/www/account_manager/new_user.php
+++ b/www/account_manager/new_user.php
@@ -39,45 +39,72 @@ $invalid_email = FALSE;
 $disabled_email_tickbox = TRUE;
 $invalid_cn = FALSE;
 $invalid_account_identifier = FALSE;
+$account_attribute = $LDAP['account_attribute'];
 
 $new_account_r = array();
 
 foreach ($attribute_map as $attribute => $attr_r) {
- if (isset($_POST[$attribute])) {
-  $$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
- }
- elseif (isset($attr_r['default'])) {
-  $$attribute = $attr_r['default'];
- }
- if (isset($$attribute)) { $new_account_r[$attribute] = $$attribute; }
+
+  if (isset($_POST[$attribute])) {
+
+    $this_attribute = array();
+
+    if (is_array($_POST[$attribute])) {
+      $this_attribute['count'] = count($_POST[$attribute]);
+      foreach($_POST[$attribute] as $key => $value) {
+        $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      }
+    }
+    else {
+      $this_attribute['count'] = 1;
+      $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    }
+
+    $$attribute = $this_attribute;
+
+  }
+
+  if (!isset($$attribute) and isset($attr_r['default'])) {
+    $$attribute['count'] = 1;
+    $$attribute[0] = $attr_r['default'];
+  }
+
+  if (isset($$attribute)) {
+    $new_account_r[$attribute] = $$attribute;
+    unset($new_account_r[$attribute]['count']);
+  }
+
 }
 
 ##
 
 if (isset($_GET['account_request'])) {
 
-  $givenname=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+  $givenname[0]=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
   $new_account_r['givenname'] = $givenname;
+  $givenname['count'] = 1;
 
-  $sn=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-  $new_account_r['sn'] = $sn;
+  $sn[0]=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+  $new_account_r['sn'][0] = $sn;
+  $sn['count'] = 1;
 
-  $uid = generate_username($givenname,$sn);
-  $new_account_r['uid'] = $uid;
+  $uid[0] = generate_username($givenname,$sn);
+  $new_account_r['uid'][0] = $uid;
+  $uid['count'] = 1;
 
   if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {
-    $cn = "$givenname$sn";
+    $cn[0] = "$givenname$sn";
   }
   else {
-    $cn = "$givenname $sn";
+    $cn[0] = "$givenname $sn";
   }
-
   $new_account_r['cn'] = $cn;
+  $cn['count'] = 1;
 
-  $mail=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);
-  if ($mail == "") {
+  $mail[0]=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);
+  if ($mail[0] == "") {
     if (isset($EMAIL_DOMAIN)) {
-      $mail = $uid . "@" . $EMAIL_DOMAIN;
+      $mail[0] = $uid . "@" . $EMAIL_DOMAIN;
       $disabled_email_tickbox = FALSE;
     }
   }
@@ -85,27 +112,34 @@ if (isset($_GET['account_request'])) {
     $disabled_email_tickbox = FALSE;
   }
   $new_account_r['mail'] = $mail;
+  $mail['count'] = 1;
 
 }
 
 if (isset($_POST['create_account'])) {
 
  $password  = $_POST['password'];
- $new_account_r['password'] = $password;
- $account_identifier = $new_account_r[$LDAP["account_attribute"]];
+ $new_account_r['password'][0] = $password;
+ $account_identifier = $new_account_r[$account_attribute][0];
 
- if (!isset($cn) or $cn == "") { $invalid_cn = TRUE; }
+ $this_cn=$cn[0];
+ $this_mail=$mail[0];
+ $this_givenname=$givenname[0];
+ $this_sn=$sn[0];
+ $this_password=$password[0];
+
+ if (!isset($this_cn) or $this_cn == "") { $invalid_cn = TRUE; }
  if ((!isset($account_identifier) or $account_identifier == "") and $invalid_cn != TRUE) { $invalid_account_identifier = TRUE; }
  if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $weak_password = TRUE; }
- if (isset($mail) and !is_valid_email($mail)) { $invalid_email = TRUE; }
+ if (isset($this_mail) and !is_valid_email($this_mail)) { $invalid_email = TRUE; }
  if (preg_match("/\"|'/",$password)) { $invalid_password = TRUE; }
  if ($password != $_POST['password_match']) { $mismatched_passwords = TRUE; }
  if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$account_identifier)) { $invalid_account_identifier = TRUE; }
  if (isset($_POST['send_email']) and isset($mail) and $EMAIL_SENDING_ENABLED == TRUE) { $send_user_email = TRUE; }
 
- if (     isset($givenname)
-      and isset($sn)
-      and isset($password)
+ if (     isset($this_givenname)
+      and isset($this_sn)
+      and isset($this_password)
       and !$mismatched_passwords
       and !$weak_password
       and !$invalid_password
@@ -124,13 +158,13 @@ if (isset($_POST['create_account'])) {
 
       include_once "mail_functions.inc.php";
 
-      $mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $givenname, $sn);
-      $mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $givenname, $sn);
+      $mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $this_givenname, $this_sn);
+      $mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $this_givenname, $this_sn);
 
-      $sent_email = send_email($mail,"$givenname $sn",$mail_subject,$mail_body);
+      $sent_email = send_email($this_mail,"$this_givenname $this_sn",$mail_subject,$mail_body);
       $creation_message = "The account was created";
       if ($sent_email) {
-        $creation_message .= " and an email sent to $mail.";
+        $creation_message .= " and an email sent to $this_mail.";
       }
       else {
         $creation_message .= " but unfortunately the email wasn't sent.<br>More information will be available in the logs.";
@@ -189,7 +223,7 @@ if (isset($_POST['create_account'])) {
 
 $errors="";
 if ($invalid_cn) { $errors.="<li>The Common Name is required</li>\n"; }
-if ($invalid_account_identifier) {  $errors.="<li>The account identifier (" . $attribute_map[$LDAP['account_attribute']]['label'] . ") is invalid.</li>\n"; }
+if ($invalid_account_identifier) {  $errors.="<li>The account identifier (" . $attribute_map[$account_attribute]['label'] . ") is invalid.</li>\n"; }
 if ($weak_password) { $errors.="<li>The password is too weak</li>\n"; }
 if ($invalid_password) { $errors.="<li>The password contained invalid characters</li>\n"; }
 if ($invalid_email) { $errors.="<li>The email address is invalid</li>\n"; }
@@ -273,6 +307,8 @@ $tabindex=1;
 
 </script>
 
+<?php render_dynamic_field_js(); ?>
+
 <div class="container">
  <div class="col-sm-8">
 
@@ -288,21 +324,14 @@ $tabindex=1;
 
 
 <?php
-
   foreach ($attribute_map as $attribute => $attr_r) {
-    $label   = $attr_r['label'];
-    $onkeyup = $attr_r['onkeyup'];
+    $label = $attr_r['label'];
+    if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
     if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
-  ?>
-     <div class="form-group" id="<?php print $attribute; ?>_div">
-      <label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
-      <div class="col-sm-6">
-       <input tabindex="<?php print $tabindex; ?>" type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($$attribute)) { print $$attribute; } ?>" <?php
-         if (isset($attr_r['onkeyup'])) { print "onkeyup=\"${attr_r['onkeyup']};\""; } ?>>
-      </div>
-     </div>
-  <?php
-   $tabindex++;
+    if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
+    if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
+    render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple,$tabindex);
+    $tabindex++;
   }
 ?>
 
diff --git a/www/account_manager/show_user.php b/www/account_manager/show_user.php
index 4c1d925..1ab9cf0 100644
--- a/www/account_manager/show_user.php
+++ b/www/account_manager/show_user.php
@@ -20,8 +20,6 @@ if ($SMTP['host'] != "") { $can_send_email = TRUE; } else { $can_send_email = FA
 
 $LDAP['default_attribute_map']["uidnumber"]  = array("label" => "UID");
 $LDAP['default_attribute_map']["gidnumber"]  = array("label" => "GID");
-$LDAP['default_attribute_map']["loginshell"] = array("label" => "Login shell");
-$LDAP['default_attribute_map']["homedirectory"]  = array("label" => "Home directory");
 $LDAP['default_attribute_map']["mail"]  = array("label" => "Email", "onkeyup" => "check_if_we_should_enable_sending_email();");
 
 $attribute_map = ldap_complete_account_attribute_array();
@@ -44,25 +42,64 @@ $ldap_connection = open_ldap_connection();
 $ldap_search_query="(${LDAP['account_attribute']}=". ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ")";
 $ldap_search = ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_query);
 
+
+#########################
 if ($ldap_search) {
 
  $user = ldap_get_entries($ldap_connection, $ldap_search);
 
- foreach ($attribute_map as $attribute => $attr_r) {
+ if ($user["count"] > 0) {
 
-   $$attribute = $user[0][$attribute][0];
+  foreach ($attribute_map as $attribute => $attr_r) {
 
-   if (isset($_POST['update_account']) and isset($_POST[$attribute]) and $_POST[$attribute] != $$attribute) {
-     $$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-     $to_update[$attribute] = $$attribute;
-   }
-   elseif (isset($attr_r['default'])) {
-     $$attribute = $attr_r['default'];
-   }
+    if (isset($user[0][$attribute]) and $user[0][$attribute]['count'] > 0) {
+      $$attribute = $user[0][$attribute];
+    }
+    else {
+      $$attribute = array();
+    }
+
+    if (isset($_POST['update_account']) and isset($_POST[$attribute])) {
+
+      $this_attribute = array();
+
+      if (is_array($_POST[$attribute])) {
+        $this_attribute['count'] = count($_POST[$attribute]);
+        foreach($_POST[$attribute] as $key => $value) {
+          $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        }
+      }
+      else {
+        $this_attribute['count'] = 1;
+        $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+      }
+
+      if ($this_attribute != $$attribute) {
+        $$attribute = $this_attribute;
+        $to_update[$attribute] = $this_attribute;
+        unset($to_update[$attribute]['count']);
+      }
+
+    }
+
+    if (!isset($$attribute) and isset($attr_r['default'])) {
+      $$attribute['count'] = 1;
+      $$attribute[0] = $attr_r['default'];
+    }
+
+  }
+  $dn = $user[0]['dn'];
 
  }
- $dn = $user[0]['dn'];
-
+ else {
+   ?>
+    <div class="alert alert-danger">
+     <p class="text-center">This account doesn't exist.</p>
+    </div>
+   <?php
+   render_footer();
+   exit(0);
+ }
 
  ### Update values
 
@@ -81,16 +118,18 @@ if ($ldap_search) {
        and !$weak_password
        and !$invalid_password
                              ) {
-     $to_update['userpassword'] = ldap_hashed_password($password);
+     $to_update['userpassword'][0] = ldap_hashed_password($password);
     }
   }
 
   if (array_key_exists($LDAP['account_attribute'], $to_update)) {
-    $new_rdn = "${LDAP['account_attribute']}=${to_update[$LDAP['account_attribute']]}";
+    $account_attribute = $LDAP['account_attribute'];
+    $new_account_identifier = $to_update[$account_attribute][0];
+    $new_rdn = "${account_attribute}=${new_account_identifier}";
     $renamed_entry = ldap_rename($ldap_connection, $dn, $new_rdn, $LDAP['user_dn'], true);
     if ($renamed_entry) {
       $dn = "${new_rdn},${LDAP['user_dn']}";
-      $account_identifier = $to_update[$LDAP['account_attribute']];
+      $account_identifier = $new_account_identifier;
     }
     else {
       ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
@@ -99,6 +138,7 @@ if ($ldap_search) {
   }
 
   $updated_account = @ ldap_mod_replace($ldap_connection, $dn, $to_update);
+
   if (!$updated_account) {
     ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
     error_log("$log_prefix Failed to modify account details for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
@@ -366,6 +406,9 @@ if ($ldap_search) {
  }
 
 </script>
+
+<?php render_dynamic_field_js(); ?>
+
 <style type='text/css'>
   .dual-list .list-group {
       margin-top: 8px;
@@ -411,20 +454,13 @@ if ($ldap_search) {
 
 
 <?php
-
   foreach ($attribute_map as $attribute => $attr_r) {
     $label = $attr_r['label'];
     if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
     if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
-  ?>
-     <div class="form-group" id="<?php print $attribute; ?>_div">
-      <label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
-      <div class="col-sm-6">
-       <input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($$attribute)) { print $$attribute; } ?>" <?php
-         if (isset($onkeyup)) { print "onkeyup=\"$onkeyup;\""; } ?>>
-      </div>
-     </div>
-  <?php
+    if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
+    if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
+    render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple);
   }
 ?>
 
diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php
index 4b5abe9..4f0f14f 100644
--- a/www/includes/config.inc.php
+++ b/www/includes/config.inc.php
@@ -5,11 +5,11 @@
  #Fixed
 
  $LDAP['account_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
- $LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name",      "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value)"),
-                                         "sn"        => array("label" => "Last name",       "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value)"),
-                                         "uid"       => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value)"),
-                                         "cn"        => array("label" => "Common Name",     "onkeyup" => "auto_cn_update = false;"),
-                                         "mail"      => array("label" => "Email",           "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value)")
+ $LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name",      "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
+                                         "sn"        => array("label" => "Last name",       "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
+                                         "uid"       => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value);"),
+                                         "cn"        => array("label" => "Common name",     "onkeyup" => "auto_cn_update = false;"),
+                                         "mail"      => array("label" => "Email",           "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
                                        );
 
  #Mandatory
@@ -34,7 +34,8 @@
  if (getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES')) { $LDAP['account_additional_attributes'] = getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES'); }
 
  if (getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES')) { $LDAP['group_additional_objectclasses'] = getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES'); }
- if (getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE')) { $LDAP['group_additional_attribute'] = getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE'); }
+ if (getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTES')) { $LDAP['group_additional_attributes'] = getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTES'); }
+
  if (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE')) { $LDAP['group_membership_attribute'] = getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE'); }
  if (getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) {
    if (strtoupper(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) == 'TRUE' )   { $LDAP['group_membership_uses_uid']  = TRUE;  }
diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php
index b0ca524..53c4195 100644
--- a/www/includes/ldap_functions.inc.php
+++ b/www/includes/ldap_functions.inc.php
@@ -703,6 +703,14 @@ function ldap_complete_account_attribute_array() {
     $this_r = array();
     $kv = explode(":", $this_attr);
     $attr_name = strtolower(filter_var($kv[0], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+    if (substr($attr_name, -1) == '+') {
+      $this_r['multiple'] = TRUE;
+      $attr_name = rtrim($attr_name, '+');
+    }
+    else {
+      $this_r['multiple'] = FALSE;
+    }
+
 
     if (preg_match('/^[a-zA-Z0-9\-]+$/', $attr_name) == 1) {
 
@@ -741,21 +749,22 @@ function ldap_new_account($ldap_connection,$account_r) {
 
   global $log_prefix, $LDAP, $LDAP_DEBUG, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP;
 
-  if (    isset($account_r['givenname'])
-      and isset($account_r['sn'])
-      and isset($account_r['cn'])
-      and isset($account_r['uid'])
+  if (    isset($account_r['givenname'][0])
+      and isset($account_r['sn'][0])
+      and isset($account_r['cn'][0])
+      and isset($account_r['uid'][0])
       and isset($account_r[$LDAP['account_attribute']])
-      and isset($account_r['password'])) {
+      and isset($account_r['password'][0])) {
 
-   $account_identifier = $account_r[$LDAP['account_attribute']];
-   $ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']})";
-   $ldap_search = @ ldap_search($ldap_connection, "${LDAP['user_dn']}", $ldap_search_query);
+   $account_identifier = $account_r[$LDAP['account_attribute']][0];
+   $user_dn=$LDAP['user_dn'];
+   $ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",$user_dn)";
+   $ldap_search = @ ldap_search($ldap_connection, $user_dn, $ldap_search_query);
    $result = @ ldap_get_entries($ldap_connection, $ldap_search);
 
    if ($result['count'] == 0) {
 
-     $hashed_pass = ldap_hashed_password($account_r['password']);
+     $hashed_pass = ldap_hashed_password($account_r['password'][0]);
      unset($account_r['password']);
 
      $objectclasses = $LDAP['account_objectclasses'];
diff --git a/www/includes/web_functions.inc.php b/www/includes/web_functions.inc.php
index ec162ca..179b65e 100644
--- a/www/includes/web_functions.inc.php
+++ b/www/includes/web_functions.inc.php
@@ -569,4 +569,91 @@ EoRenderEmailJS;
 
 }
 
+
+######################################################
+
+function render_dynamic_field_js() {
+
+?>
+<script>
+
+  function add_field_to(attribute_name,value=null) {
+
+    var parent      = document.getElementById(attribute_name + '_input_div');
+    var input_div   = document.createElement('div');
+
+    window[attribute_name + '_count'] = (window[attribute_name + '_count'] === undefined) ? 1 : window[attribute_name + '_count'] + 1;
+    var input_field_id = attribute_name + window[attribute_name + '_count'];
+    var input_div_id = 'div' + '_' + input_field_id;
+
+    input_div.className = 'input-group';
+    input_div.id = input_div_id;
+
+    parent.appendChild(input_div);
+
+    var input_field = document.createElement('input');
+        input_field.type = 'text';
+        input_field.className = 'form-control';
+        input_field.id = input_field_id;
+        input_field.name = attribute_name + '[]';
+        input_field.value = value;
+
+    var button_span = document.createElement('span');
+        button_span.className = 'input-group-btn';
+
+    var remove_button = document.createElement('button');
+        remove_button.type = 'button';
+        remove_button.className = 'btn btn-default';
+        remove_button.onclick = function() { var div_to_remove = document.getElementById(input_div_id); div_to_remove.innerHTML = ""; }
+        remove_button.innerHTML = '-';
+
+    input_div.appendChild(input_field);
+    input_div.appendChild(button_span);
+    button_span.appendChild(remove_button);
+
+  }
+
+</script>
+<?php
+
+}
+
+
+######################################################
+
+function render_attribute_fields($attribute,$label,$values_r,$onkeyup="",$multiple=FALSE,$tabindex=null) {
+
+?>
+
+     <div class="form-group" id="<?php print $attribute; ?>_div">
+
+       <label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
+       <div class="col-sm-6" id="<?php print $attribute; ?>_input_div">
+       <?php if ($multiple != TRUE) { ?>
+         <input <?php if (isset($tabindex)) { ?>tabindex="<?php print $tabindex; ?>" <?php } ?>type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>" <?php if ($onkeyup != "") { print "onkeyup=\"$onkeyup\""; } ?>>
+       <?php }
+             else {
+             ?><div class="input-group">
+                  <input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>[]" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>">
+                  <div class="input-group-btn"><button type="button" class="btn btn-default" onclick="add_field_to('<?php print $attribute; ?>')">+</i></button></div>
+              </div>
+            <?php
+              if (isset($values_r['count']) and $values_r['count'] > 0) {
+                $remaining_values = array_slice($values_r, 2);
+                print "<script>";
+                foreach($remaining_values as $this_value) { print "add_field_to('$attribute','$this_value');"; }
+                print "</script>";
+              }
+            }
+            ?>
+       </div>
+
+     </div>
+
+<?php
+}
+
+
+
+##EoFilelocal
 ?>