diff --git a/lldap_config.docker_template.toml b/lldap_config.docker_template.toml
index 506e10a..17b54aa 100644
--- a/lldap_config.docker_template.toml
+++ b/lldap_config.docker_template.toml
@@ -78,6 +78,12 @@
 ## is just the default one.
 #ldap_user_pass = "REPLACE_WITH_PASSWORD"
 
+## Force reset of the admin password.
+## Break glass in case of emergency: if you lost the admin password, you
+## can set this to true to force a reset of the admin password to the value
+## of ldap_user_pass above.
+# force_reset_admin_password = false
+
 ## Database URL.
 ## This encodes the type of database (SQlite, MySQL, or PostgreSQL)
 ## , the path, the user, password, and sometimes the mode (when
diff --git a/server/src/infra/cli.rs b/server/src/infra/cli.rs
index 76ac232..a53315c 100644
--- a/server/src/infra/cli.rs
+++ b/server/src/infra/cli.rs
@@ -89,6 +89,10 @@ pub struct RunOpts {
     #[clap(short, long, env = "LLDAP_DATABASE_URL")]
     pub database_url: Option<String>,
 
+    /// Force admin password reset to the config value.
+    #[clap(short, long, env = "LLDAP_FORCE_LADP_USER_PASS_RESET")]
+    pub force_ldap_user_pass_reset: Option<bool>,
+
     #[clap(flatten)]
     pub smtp_opts: SmtpOpts,
 
diff --git a/server/src/infra/configuration.rs b/server/src/infra/configuration.rs
index 54246ae..34f11df 100644
--- a/server/src/infra/configuration.rs
+++ b/server/src/infra/configuration.rs
@@ -83,6 +83,8 @@ pub struct Configuration {
     pub ldap_user_email: String,
     #[builder(default = r#"SecUtf8::from("password")"#)]
     pub ldap_user_pass: SecUtf8,
+    #[builder(default = "false")]
+    pub force_ldap_user_pass_reset: bool,
     #[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]
     pub database_url: String,
     #[builder(default)]
@@ -244,6 +246,10 @@ impl ConfigOverrider for RunOpts {
         if let Some(database_url) = self.database_url.as_ref() {
             config.database_url = database_url.to_string();
         }
+
+        if let Some(force_ldap_user_pass_reset) = self.force_ldap_user_pass_reset {
+            config.force_ldap_user_pass_reset = force_ldap_user_pass_reset;
+        }
         self.smtp_opts.override_config(config);
         self.ldaps_opts.override_config(config);
     }
diff --git a/server/src/main.rs b/server/src/main.rs
index bfd0a7c..383a763 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -107,6 +107,18 @@ async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {
             .await
             .map_err(|e| anyhow!("Error setting up admin login/account: {:#}", e))
             .context("while creating the admin user")?;
+    } else if config.force_ldap_user_pass_reset {
+        warn!("Forcing admin password reset to the config-provided password");
+        register_password(
+            &backend_handler,
+            &config.ldap_user_dn,
+            &config.ldap_user_pass,
+        )
+        .await
+        .context(format!(
+            "while resetting admin password for {}",
+            &config.ldap_user_dn
+        ))?;
     }
     let server_builder = infra::ldap_server::build_ldap_server(
         &config,