diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py
index ac3cfc254..5a5e16081 100644
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -82,6 +82,12 @@ class LDAPAuthorizationBackend(LDAPBackend):
 
 class LDAPUser(_LDAPUser):
 
+    def _search_for_user_dn_from_ldap_util(self):
+        from settings.utils import LDAPServerUtil
+        util = LDAPServerUtil()
+        user_dn = util.search_for_user_dn(self._username)
+        return user_dn
+
     def _search_for_user_dn(self):
         """
         This method was overridden because the AUTH_LDAP_USER_SEARCH
@@ -107,7 +113,10 @@ class LDAPUser(_LDAPUser):
         if results is not None and len(results) == 1:
             (user_dn, self._user_attrs) = next(iter(results))
         else:
-            user_dn = None
+            # 解决直接配置DC域，用户认证失败的问题(库不能从整棵树中搜索)
+            user_dn = self._search_for_user_dn_from_ldap_util()
+            self._user_dn = user_dn
+            self._user_attrs = self._load_user_attrs()
 
         return user_dn
 
diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py
index 5ca455380..45bdd6018 100644
--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@@ -146,8 +146,10 @@ class LDAPServerUtil(object):
         )
 
     @timeit
-    def search_user_entries(self):
+    def search_user_entries(self, search_users=None, search_value=None):
         logger.info("Search user entries")
+        self.search_users = search_users
+        self.search_value = search_value
         user_entries = list()
         search_ous = str(self.config.search_ou).split('|')
         for search_ou in search_ous:
@@ -180,12 +182,22 @@ class LDAPServerUtil(object):
             users.append(user)
         return users
 
+    @timeit
+    def search_for_user_dn(self, username):
+        user_entries = self.search_user_entries(search_users=[username])
+        if len(user_entries) == 1:
+            user_entry = user_entries[0]
+            user_dn = user_entry.entry_dn
+        else:
+            user_dn = None
+        return user_dn
+
     @timeit
     def search(self, search_users=None, search_value=None):
         logger.info("Search ldap users")
-        self.search_users = search_users
-        self.search_value = search_value
-        user_entries = self.search_user_entries()
+        user_entries = self.search_user_entries(
+            search_users=search_users, search_value=search_value
+        )
         users = self.user_entries_to_dict(user_entries)
         return users