diff --git a/apps/common/models.py b/apps/common/models.py
index 93675404f..1f634bce2 100644
--- a/apps/common/models.py
+++ b/apps/common/models.py
@@ -67,7 +67,7 @@ class Setting(models.Model):
 
         if self.name == "AUTH_LDAP":
             if self.cleaned_value and settings.AUTH_LDAP_BACKEND not in settings.AUTHENTICATION_BACKENDS:
-                settings.AUTHENTICATION_BACKENDS.append(settings.AUTH_LDAP_BACKEND)
+                settings.AUTHENTICATION_BACKENDS.insert(0, settings.AUTH_LDAP_BACKEND)
             elif not self.cleaned_value and settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS:
                 settings.AUTHENTICATION_BACKENDS.remove(settings.AUTH_LDAP_BACKEND)
 
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index 0cc200f7d..6fa15e1df 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -332,7 +332,7 @@ AUTH_LDAP_ALWAYS_UPDATE_USER = True
 AUTH_LDAP_BACKEND = 'django_auth_ldap.backend.LDAPBackend'
 
 if AUTH_LDAP:
-    AUTHENTICATION_BACKENDS.append(AUTH_LDAP_BACKEND)
+    AUTHENTICATION_BACKENDS.insert(0, AUTH_LDAP_BACKEND)
 
 # Celery using redis as broker
 CELERY_BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {