diff --git a/lib/cli/auth-ldap/index.js b/lib/cli/auth-ldap/index.js
index 4788862a..62e929e7 100644
--- a/lib/cli/auth-ldap/index.js
+++ b/lib/cli/auth-ldap/index.js
@@ -44,6 +44,11 @@ module.exports.builder = function(yargs) {
     , type: 'string'
     , default: process.env.LDAP_SEARCH_SCOPE || 'sub'
     })
+    .option('ldap-search-filter', {
+      describe: 'LDAP search filter.'
+    , type: 'string'
+    , default: process.env.LDAP_SEARCH_FILTER
+    })
     .option('ldap-timeout', {
       alias: 't'
     , describe: 'LDAP timeout.'
diff --git a/lib/util/ldaputil.js b/lib/util/ldaputil.js
index 36b9bc2e..60adebc3 100644
--- a/lib/util/ldaputil.js
+++ b/lib/util/ldaputil.js
@@ -60,6 +60,16 @@ module.exports.login = function(options, username, password) {
           })
         }
 
+    if (options.search.filter !== 'undefined') {
+      var parsedFilter = ldap.parseFilter(options.search.filter)
+      if (f instanceof ldap.EqualityFilter) {
+        query.filter.filters.push(parsedFilter)
+      }
+      else {
+        Array.prototype.push.apply(query.filter.filters, parsedFilter.filters)
+      }
+    }
+
     client.search(options.search.dn, query, function(err, search) {
       if (err) {
         return resolver.reject(err)