diff --git a/src/controller/modules/ldapauth.js b/src/controller/modules/ldapauth.js
index 14196df3..2e654235 100644
--- a/src/controller/modules/ldapauth.js
+++ b/src/controller/modules/ldapauth.js
@@ -38,11 +38,12 @@ function* ldapQuery(username, password) {
       }
     });
 
-    search.on('searchReference', (referral) => {
-      if (referral) {
-        deferred.reject(referral);
-      }
-    });
+    // FIXME: do not reject when got searchReference
+    // search.on('searchReference', (referral) => {
+    //   if (referral) {
+    //     deferred.reject(referral);
+    //   }
+    // });
 
     search.on('end', () => {
       if (users.length > 0) {
@@ -63,15 +64,16 @@ function* ldapQuery(username, password) {
     });
   };
 
-  client.bind([login.bindDn, login.baseDn].join(','), login.bindPassword, (err) => {
+  client.bind([login.bindDn, login.baseDn].filter(Boolean).join(','), login.bindPassword, (err) => {
     if (err) {
       deferred.reject(err);
     }
 
-    const searchDn = simpleParse([login.searchDn, login.baseDn].join(','), { username });
+    const searchDn = simpleParse([login.searchDn, login.baseDn].filter(Boolean).join(','), { username });
+    const searchFilter = simpleParse(login.searchFilter || '(objectclass=*)', { username });
 
     const opts = {
-      filter: '(objectclass=*)',
+      filter: searchFilter,
       scope: 'sub',
     };