diff --git a/cmdb-api/api/models/acl.py b/cmdb-api/api/models/acl.py
index ebf02ff..d13e702 100644
--- a/cmdb-api/api/models/acl.py
+++ b/cmdb-api/api/models/acl.py
@@ -62,10 +62,10 @@ class UserQuery(BaseQuery):
         ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
         if '@' in username:
             email = username
-            who = '{0}@{1}'.format(username.split('@')[0], current_app.config.get('LDAP_DOMAIN'))
+            who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0])
         else:
-            who = '{0}@{1}'.format(username, current_app.config.get('LDAP_DOMAIN'))
-            email = who
+            who = current_app.config.get('LDAP_USER_DN').format(username)
+            email = "{}@{}".format(who, current_app.config.get('LDAP_DOMAIN'))
 
         username = username.split('@')[0]
         user = self.get_by_username(username)
diff --git a/cmdb-api/settings.example.py b/cmdb-api/settings.example.py
index 3f73517..fc22f59 100644
--- a/cmdb-api/settings.example.py
+++ b/cmdb-api/settings.example.py
@@ -76,6 +76,7 @@ DEFAULT_SERVICE = "http://127.0.0.1:8000"
 AUTH_WITH_LDAP = False
 LDAP_SERVER = ''
 LDAP_DOMAIN = ''
+LDAP_USER_DN = 'cn={},ou=users,dc=xxx,dc=com'
 
 # # pagination
 DEFAULT_PAGE_COUNT = 50