diff --git a/rc-new-ldap-user b/rc-new-ldap-user
new file mode 100755
index 0000000..b6efe86
--- /dev/null
+++ b/rc-new-ldap-user
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+set -e
+
+LDAP_SERVER='ldaps://ldap1.recycled.cloud'
+LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'
+LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'
+DEFAULT_GROUP_UID_NUMBER=10000
+
+for executable in ldapsearch slappasswd ldapadd sed; do
+	if ! command -v $executable >> /dev/null; then
+		echo "The $executable command is not available. Exiting." >&2
+		exit 1
+	fi
+done
+
+# Default user details to quiet shellcheck (FIXME?).
+uid=""
+mail=""
+given_name=""
+sn=""
+password=""
+
+# Prompt for user details.
+for input in uid mail given_name sn password; do
+	printf "Please enter %s for new user: " $input
+	read -r ${input?}
+done
+
+# Prompt for admin credentials.
+printf "\nPlease enter password for %s: " $LDAP_BIND_DN
+read -r ldap_bind_password
+
+# Determine the user's uidNumber
+last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
+	-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \
+	uidNumber | grep uidNumber | sed "s|uidNumber: ||" | sort -n | tail -n 1)
+next_uid_number=$(( "$last_uid_number" + 1))
+
+# Compute CN and hash password.
+cn="$given_name $sn"
+hashed_password=$(slappasswd -s "$password")
+
+# Generate new user, and ask for user-validation.
+ldif=$(cat << EOF
+dn: uid=$uid,ou=users,dc=recycled,dc=cloud
+objectClass: inetOrgPerson
+objectClass: posixAccount
+cn: $cn
+displayName: $cn
+gidNumber: $DEFAULT_GROUP_UID_NUMBER
+givenName: $given_name
+homeDirectory: /home/$uid
+mail: $mail
+sn: $sn
+uid: $uid
+uidNumber: $next_uid_number
+userPassword: $hashed_password
+EOF
+)
+
+echo """
+::: Generated LDIF :::
+
+$ldif
+
+::: ENTER to insert into database, Ctrl+C to abort :::
+
+"""
+
+read -r # Only used to pause execution until user input is received.
+
+printf 'Executing ldapdd... '
+echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
+echo "DONE."