diff --git a/conf/config.go b/conf/config.go
index 01a6c38..cfbd2db 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -12,6 +12,7 @@ type Config struct {
 	LDAPBindDN     string
 	LDAPBindPW     string
 	LDAPBaseDN     string
+	LDAPUserBaseDN string
 	LDAPRoleBaseDN string
 
 	ClientSecret                string
diff --git a/infrastructure/auth_connector/ldap.go b/infrastructure/auth_connector/ldap.go
index 32169dd..1d35ade 100644
--- a/infrastructure/auth_connector/ldap.go
+++ b/infrastructure/auth_connector/ldap.go
@@ -49,6 +49,7 @@ type Config struct {
 	BindPass       string            `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
 	BaseDN         string            `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
 	AttrClaims     map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
+	UserBaseDN     string            `envconfig:"user_basedn" required:"true" desc:"a LDAP base DN for searching users"`
 	RoleBaseDN     string            `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
 	RoleAttr       string            `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
 	RoleClaim      string            `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
@@ -65,11 +66,12 @@ func New() *Client {
 		BindDN:     conf.GetConfig().LDAPBindDN,
 		BindPass:   conf.GetConfig().LDAPBindPW,
 		BaseDN:     conf.GetConfig().LDAPBaseDN,
+		UserBaseDN: conf.GetConfig().LDAPRoleBaseDN,
 		RoleBaseDN: conf.GetConfig().LDAPRoleBaseDN,
 	}
 	return &Client{
 		Config:    cnf,
-		connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, IsTLS: cnf.IsTLS},
+		connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, UserBaseDN: cnf.UserBaseDN, IsTLS: cnf.IsTLS},
 		cache:     freecache.NewCache(cnf.CacheSize * 1024),
 	}
 }
@@ -379,7 +381,6 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
 			return nil, errors.New(err.Error() + " : failed to login to a LDAP woth a service account")
 		}
 	}
-
 	entries, err := cn.SearchUser(username, attrs...)
 	if err != nil {
 		return nil, err
diff --git a/main.go b/main.go
index b63ade6..1affe55 100644
--- a/main.go
+++ b/main.go
@@ -55,6 +55,7 @@ func main() {
 	conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
 	conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
 	conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
+	conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")
 	conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
 	go generateSelfPeer()
 	go generateRole()