diff --git a/internal/config/identity/ldap/ldap.go b/internal/config/identity/ldap/ldap.go
index 30a69c6ea..eaf8d4a06 100644
--- a/internal/config/identity/ldap/ldap.go
+++ b/internal/config/identity/ldap/ldap.go
@@ -98,7 +98,8 @@ func (l *Config) GetValidatedDNForUsername(username string) (*xldap.DNSearchResu
 	// under a configured base DN in the LDAP directory.
 	validDN, isUnderBaseDN, err := l.GetValidatedUserDN(conn, username)
 	if err == nil && !isUnderBaseDN {
-		return nil, fmt.Errorf("Unable to find user DN: %w", err)
+		// Not under any configured base DN, so treat as not found.
+		return nil, nil
 	}
 	return validDN, err
 }