diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py
index 8d006a40e..c919edff6 100644
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -185,7 +185,7 @@ class Node(OrgModelMixin):
             else:
                 set_current_org(Organization.root())
                 org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
-                org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True)
+                org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True) or [0]
                 key = max([int(k) for k in org_nodes_roots_keys]) + 1
                 set_current_org(_current_org)
             root = cls.objects.create(key=key, value=_current_org.name)
diff --git a/apps/common/api.py b/apps/common/api.py
index b6658b665..e09cf9726 100644
--- a/apps/common/api.py
+++ b/apps/common/api.py
@@ -48,7 +48,7 @@ class LDAPTestingAPI(APIView):
             bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
             password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
             use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
-            search_ou = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
+            search_ougroup = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
             search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
             attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
 
@@ -64,18 +64,19 @@ class LDAPTestingAPI(APIView):
             except Exception as e:
                 return Response({"error": str(e)}, status=401)
 
-            ok = conn.search(search_ou, search_filter % ({"user": "*"}),
-                             attributes=list(attr_map.values()))
-            if not ok:
-                return Response({"error": "Search no entry matched"}, status=401)
-
             users = []
-            for entry in conn.entries:
-                user = {}
-                for attr, mapping in attr_map.items():
-                    if hasattr(entry, mapping):
-                        user[attr] = getattr(entry, mapping)
-                users.append(user)
+            for search_ou in str(search_ougroup).split("|"):
+                ok = conn.search(search_ou, search_filter % ({"user": "*"}),
+                                 attributes=list(attr_map.values()))
+                if not ok:
+                    return Response({"error": _("Search no entry matched in ou {}").format(search_ou)}, status=401)
+
+                for entry in conn.entries:
+                    user = {}
+                    for attr, mapping in attr_map.items():
+                        if hasattr(entry, mapping):
+                            user[attr] = getattr(entry, mapping)
+                    users.append(user)
             if len(users) > 0:
                 return Response({"msg": _("Match {} s users").format(len(users))})
             else:
diff --git a/apps/common/forms.py b/apps/common/forms.py
index 8667aa128..3ee553016 100644
--- a/apps/common/forms.py
+++ b/apps/common/forms.py
@@ -114,7 +114,8 @@ class LDAPSettingForm(BaseForm):
         widget=forms.PasswordInput, required=False
     )
     AUTH_LDAP_SEARCH_OU = forms.CharField(
-        label=_("User OU"), initial='ou=tech,dc=jumpserver,dc=org'
+        label=_("User OU"), initial='ou=tech,dc=jumpserver,dc=org',
+        help_text=_("Use | split User OUs")
     )
     AUTH_LDAP_SEARCH_FILTER = forms.CharField(
         label=_("User search filter"), initial='(cn=%(user)s)',
diff --git a/apps/common/models.py b/apps/common/models.py
index c90458985..007683917 100644
--- a/apps/common/models.py
+++ b/apps/common/models.py
@@ -5,7 +5,7 @@ from django.db import models
 from django.db.utils import ProgrammingError, OperationalError
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
-from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
 
 
 class SettingQuerySet(models.QuerySet):
@@ -72,10 +72,11 @@ class Setting(models.Model):
                 settings.AUTHENTICATION_BACKENDS.remove(settings.AUTH_LDAP_BACKEND)
 
         if self.name == "AUTH_LDAP_SEARCH_FILTER":
-            settings.AUTH_LDAP_USER_SEARCH = LDAPSearch(
-                settings.AUTH_LDAP_SEARCH_OU, ldap.SCOPE_SUBTREE,
-                settings.AUTH_LDAP_SEARCH_FILTER,
-            )
+            settings.AUTH_LDAP_USER_SEARCH_UNION = [
+                LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, settings.AUTH_LDAP_SEARCH_FILTER)
+                for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
+            ]
+            settings.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*settings.AUTH_LDAP_USER_SEARCH_UNION)
 
     class Meta:
         db_table = "settings"
diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index 9d01031bc..4693748eb 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -79,7 +79,6 @@ class AdminUserRequiredMixin(UserPassesTestMixin):
         return True
 
     def dispatch(self, request, *args, **kwargs):
-        print("Current org: {}".format(current_org))
         if not request.user.is_authenticated:
             return super().dispatch(request, *args, **kwargs)
 
@@ -92,6 +91,4 @@ class AdminUserRequiredMixin(UserPassesTestMixin):
                 print("Is org admin")
                 return redirect('orgs:switch-a-org')
             return HttpResponseForbidden()
-        else:
-            print(current_org.can_admin_by(request.user))
         return super().dispatch(request, *args, **kwargs)
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index b1c4fb3bf..4146bfdac 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -14,7 +14,7 @@ import os
 import sys
 
 import ldap
-from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
 from django.urls import reverse_lazy
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
@@ -357,9 +357,11 @@ AUTH_LDAP_SEARCH_OU = CONFIG.AUTH_LDAP_SEARCH_OU
 AUTH_LDAP_SEARCH_FILTER = CONFIG.AUTH_LDAP_SEARCH_FILTER
 AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
 AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    AUTH_LDAP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER,
-)
+AUTH_LDAP_USER_SEARCH_UNION = [
+    LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER)
+    for USER_SEARCH in str(AUTH_LDAP_SEARCH_OU).split("|")
+]
+AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_USER_SEARCH_UNION)
 AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
 AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
diff --git a/apps/orgs/mixins.py b/apps/orgs/mixins.py
index 7557600cb..99140f40b 100644
--- a/apps/orgs/mixins.py
+++ b/apps/orgs/mixins.py
@@ -43,7 +43,6 @@ class OrgManager(models.Manager):
     def all(self):
         if not current_org:
             msg = 'You can `objects.set_current_org(org).all()` then run it'
-            warnings.warn(msg)
             return self
         else:
             return super(OrgManager, self).all()
diff --git a/apps/templates/_nav.html b/apps/templates/_nav.html
index be9633054..5505b493e 100644
--- a/apps/templates/_nav.html
+++ b/apps/templates/_nav.html
@@ -80,7 +80,7 @@
 {#        <li id="download"><a href="">{% trans 'File download' %}</a></li>#}
 {#    </ul>#}
 {#</li>#}
-{% if XPACK_ENABLED %}
+{% if XPACK_PLUGINS %}
 <li id="xpack">
     <a>
         <i class="fa fa-sitemap" style="width: 14px"></i> <span class="nav-label">{% trans 'XPack' %}</span><span class="fa arrow"></span>