diff --git a/uffd/ldap.py b/uffd/ldap.py
index 67e627c9eb99787dd856997afe20ae8498d3ba2c..2bbbaf67b9a4b49060eb439610a3cc58e9bc91ac 100644
--- a/uffd/ldap.py
+++ b/uffd/ldap.py
@@ -46,7 +46,8 @@ class FlaskLDAPMapper(LDAPMapper):
 				current_app.ldap_mock.bind()
 			return current_app.ldap_mock
 		server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"], get_info=ldap3.ALL)
+		auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND if current_app.config["LDAP_SERVICE_USE_STARTTLS"] else True
 		return ldap3.Connection(server, current_app.config["LDAP_SERVICE_BIND_DN"],
-		                        current_app.config["LDAP_SERVICE_BIND_PASSWORD"], auto_bind=True)
+		                        current_app.config["LDAP_SERVICE_BIND_PASSWORD"], auto_bind=auto_bind)
 
 ldap = FlaskLDAPMapper()
diff --git a/uffd/session/views.py b/uffd/session/views.py
index cad80b2d8323cc12b569803b437c4b79628aee49..a235e3fcf295d0474fdab0c0272185dbe7409a42 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -6,6 +6,7 @@ from flask import Blueprint, render_template, request, url_for, redirect, flash,
 
 import ldap3
 from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError
+from ldapalchemy.core import encode_filter
 
 from uffd.user.models import User
 from uffd.ldap import ldap
@@ -31,11 +32,12 @@ def login_get_user(loginname, password):
 			return None
 	else:
 		server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"], get_info=ldap3.ALL)
+		auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND if current_app.config["LDAP_SERVICE_USE_STARTTLS"] else True
 		try:
-			conn = ldap3.Connection(server, dn, password, auto_bind=True)
+			conn = ldap3.Connection(server, dn, password, auto_bind=auto_bind)
 		except (LDAPBindError, LDAPPasswordIsMandatoryError):
 			return None
-	conn.search(conn.user, '(objectClass=person)')
+	conn.search(conn.user, encode_filter(current_app.config["LDAP_USER_SEARCH_FILTER"]))
 	if len(conn.entries) != 1:
 		return None
 	return User.query.get(dn)