diff --git a/.gitignore b/.gitignore
index 2439f292..f21da7fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@
 
 .idea/
 *.iml
+.vscode/
 
 tmp/
 tmpFiles/
diff --git a/object/check.go b/object/check.go
index 801823f4..3194a3bd 100644
--- a/object/check.go
+++ b/object/check.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/casbin/casdoor/cred"
 	"github.com/casbin/casdoor/util"
+	goldap "github.com/go-ldap/ldap/v3"
 )
 
 var reWhiteSpace *regexp.Regexp
@@ -120,6 +121,42 @@ func CheckPassword(user *User, password string) string {
 	}
 }
 
+func checkLdapUserPassword(user *User, password string) (*User, string) {
+	ldaps := GetLdaps(user.Owner)
+	ldapLoginSuccess := false
+	for _, ldapServer := range ldaps {
+		conn, err := GetLdapConn(ldapServer.Host, ldapServer.Port, ldapServer.Admin, ldapServer.Passwd)
+		if err != nil {
+			continue
+		}
+		SearchFilter := fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user.Name)
+		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn,
+			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+			SearchFilter, []string{}, nil)
+		searchResult, err := conn.Conn.Search(searchReq)
+		if err != nil {
+			return nil, err.Error()
+		}
+
+		if len(searchResult.Entries) == 0 {
+			continue
+		} else if len(searchResult.Entries) > 1 {
+			return nil, "Error: multiple accounts with same uid, please check your ldap server"
+		}
+
+		dn := searchResult.Entries[0].DN
+		if err := conn.Conn.Bind(dn, password); err == nil {
+			ldapLoginSuccess = true
+			break
+		}
+	}
+
+	if !ldapLoginSuccess {
+		return nil, "ldap user name or password incorrect"
+	}
+	return user, ""
+}
+
 func CheckUserPassword(organization string, username string, password string) (*User, string) {
 	user := GetUserByFields(organization, username)
 	if user == nil || user.IsDeleted == true {
@@ -129,6 +166,10 @@ func CheckUserPassword(organization string, username string, password string) (*
 	if user.IsForbidden {
 		return nil, "the user is forbidden to sign in, please contact the administrator"
 	}
+	//for ldap users
+	if user.Ldap != "" {
+		return checkLdapUserPassword(user, password)
+	}
 
 	msg := CheckPassword(user, password)
 	if msg != "" {
diff --git a/object/ldap.go b/object/ldap.go
index e3ce3279..8451e879 100644
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -17,10 +17,11 @@ package object
 import (
 	"errors"
 	"fmt"
+	"strings"
+
 	"github.com/casbin/casdoor/util"
 	goldap "github.com/go-ldap/ldap/v3"
 	"github.com/thanhpk/randstr"
-	"strings"
 )
 
 type Ldap struct {