diff --git a/cmdb-api/Pipfile b/cmdb-api/Pipfile
index 458e424..60206f8 100644
--- a/cmdb-api/Pipfile
+++ b/cmdb-api/Pipfile
@@ -24,7 +24,7 @@ supervisor = "==4.0.3"
 Flask-Login = "==0.6.2"
 Flask-Bcrypt = "==1.0.1"
 Flask-Cors = ">=3.0.8"
-python-ldap = "==3.4.0"
+ldap3 = "==2.9.1"
 pycryptodome = "==3.12.0"
 # Caching
 Flask-Caching = ">=1.0.0"
diff --git a/cmdb-api/api/models/acl.py b/cmdb-api/api/models/acl.py
index d13e702..a96bb1c 100644
--- a/cmdb-api/api/models/acl.py
+++ b/cmdb-api/api/models/acl.py
@@ -5,7 +5,8 @@ import copy
 import hashlib
 from datetime import datetime
 
-import ldap
+from ldap3 import Server, Connection, ALL
+from ldap3.core.exceptions import LDAPBindError, LDAPCertificateError
 from flask import current_app
 from flask_sqlalchemy import BaseQuery
 
@@ -57,9 +58,7 @@ class UserQuery(BaseQuery):
         return user, authenticated
 
     def authenticate_with_ldap(self, username, password):
-        ldap_conn = ldap.initialize(current_app.config.get('LDAP_SERVER'))
-        ldap_conn.protocol_version = 3
-        ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
+        server = Server(current_app.config.get('LDAP_SERVER'), get_info=ALL)
         if '@' in username:
             email = username
             who = current_app.config.get('LDAP_USER_DN').format(username.split('@')[0])
@@ -70,11 +69,12 @@ class UserQuery(BaseQuery):
         username = username.split('@')[0]
         user = self.get_by_username(username)
         try:
-
             if not password:
-                raise ldap.INVALID_CREDENTIALS
+                raise LDAPCertificateError
 
-            ldap_conn.simple_bind_s(who, password)
+            conn = Connection(server, user=who, password=password)
+            conn.bind()
+            conn.unbind()
 
             if not user:
                 from api.lib.perm.acl.user import UserCRUD
@@ -84,7 +84,7 @@ class UserQuery(BaseQuery):
             op_record.apply_async(args=(None, username, OperateType.LOGIN, ["ACL"]), queue=ACL_QUEUE)
 
             return user, True
-        except ldap.INVALID_CREDENTIALS:
+        except LDAPBindError:
             return user, False
 
     def search(self, key):
diff --git a/cmdb-api/requirements.txt b/cmdb-api/requirements.txt
index d98316e..5df5a7b 100644
--- a/cmdb-api/requirements.txt
+++ b/cmdb-api/requirements.txt
@@ -32,7 +32,7 @@ Pillow==9.3.0
 pycryptodome==3.12.0
 PyJWT==2.4.0
 PyMySQL==1.1.0
-python-ldap==3.4.0
+ldap3==2.9.1
 PyYAML==6.0
 redis==4.6.0
 requests==2.31.0