diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index cef0c0a0e2..d1c577c8f6 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -249,8 +249,8 @@ func (source *Source) getUserAttributeListedInGroup(entry *ldap.Entry) string {
 	return entry.GetAttributeValue(source.UserUID)
 }
 
-func userAttributeFilter(userFilter string, userDNFoundBySearch bool) string {
-	if userDNFoundBySearch {
+func userAttributeFilter(userFilter string, directBind bool, userBase string) string {
+	if !directBind || userBase != "" {
 		return "(objectClass=*)"
 	}
 	return userFilter
@@ -281,7 +281,6 @@ func realSearchEntry(source *Source, name, passwd string, directBind bool) *Sear
 	defer l.Close()
 
 	var userDN string
-	userDNFoundBySearch := false
 	if directBind {
 		log.Trace("LDAP will bind directly via UserDN template: %s", source.UserDN)
 
@@ -305,7 +304,6 @@ func realSearchEntry(source *Source, name, passwd string, directBind bool) *Sear
 			if !ok {
 				return nil
 			}
-			userDNFoundBySearch = true
 		}
 	} else {
 		log.Trace("LDAP will use BindDN.")
@@ -327,7 +325,6 @@ func realSearchEntry(source *Source, name, passwd string, directBind bool) *Sear
 		if !found {
 			return nil
 		}
-		userDNFoundBySearch = true
 	}
 
 	if !source.AttributesInBind {
@@ -342,7 +339,7 @@ func realSearchEntry(source *Source, name, passwd string, directBind bool) *Sear
 	if !ok {
 		return nil
 	}
-	attributeFilter := userAttributeFilter(userFilter, userDNFoundBySearch)
+	attributeFilter := userAttributeFilter(userFilter, directBind, source.UserBase)
 
 	isAttributeSSHPublicKeySet := strings.TrimSpace(source.AttributeSSHPublicKey) != ""
 	isAttributeAvatarSet := strings.TrimSpace(source.AttributeAvatar) != ""
diff --git a/services/auth/source/ldap/source_search_test.go b/services/auth/source/ldap/source_search_test.go
deleted file mode 100644
index 4beaeeec4b..0000000000
--- a/services/auth/source/ldap/source_search_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package ldap
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestUserAttributeFilter(t *testing.T) {
-	const userFilter = "(&(objectClass=posixAccount)(uid=user1))"
-
-	assert.Equal(t, "(objectClass=*)", userAttributeFilter(userFilter, true))
-	assert.Equal(t, userFilter, userAttributeFilter(userFilter, false))
-}