diff --git a/rules/README.md b/rules/README.md
index e4fb0124ab..a0c031256f 100644
--- a/rules/README.md
+++ b/rules/README.md
@@ -29,6 +29,7 @@ signature IDs.
 | QUIC     | 2231000 | 2231999 |
 | FTP      | 2232000 | 2232999 |
 | POP3     | 2236000 | 2236999 |
+| LDAP     | 2237000 | 2237999 |
 | DNS      | 2240000 | 2240999 |
 | PGSQL    | 2241000 | 2241999 |
 | mDNS     | 2242000 | 2242999 |
diff --git a/rules/ldap-events.rules b/rules/ldap-events.rules
new file mode 100644
index 0000000000..b172cd1026
--- /dev/null
+++ b/rules/ldap-events.rules
@@ -0,0 +1,8 @@
+# LDAP app layer event rules
+#
+# SID's fall in the 2237000+ range.
+
+alert ldap any any -> any any (msg:"SURICATA LDAP too many transactions"; app-layer-event:ldap.too_many_transactions; classtype:protocol-command-decode; sid:2237000; rev:1;)
+alert ldap any any -> any any (msg:"SURICATA LDAP invalid data"; app-layer-event:ldap.invalid_data; classtype:protocol-command-decode; sid:2237001; rev:1;)
+alert ldap any any -> any any (msg:"SURICATA LDAP request not found"; app-layer-event:ldap.request_not_found; classtype:protocol-command-decode; sid:2237002; rev:1;)
+