diff --git a/cmd/root.go b/cmd/root.go
index 37b8454..b364cfb 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -152,6 +152,7 @@ var rootCmd = &cobra.Command{
 				BindPassword: config.LdapBindPassword,
 				BaseDN:       config.LdapBaseDN,
 				Insecure:     config.LdapInsecure,
+				SearchFilter: config.LdapSearchFilter,
 			}
 
 			// Create LDAP service
@@ -249,6 +250,7 @@ func init() {
 	rootCmd.Flags().String("ldap-bind-password", "", "LDAP bind password.")
 	rootCmd.Flags().String("ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com).")
 	rootCmd.Flags().Bool("ldap-insecure", false, "Skip certificate verification for the LDAP server.")
+	rootCmd.Flags().String("ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup.")
 
 	// Bind flags to environment
 	viper.BindEnv("port", "PORT")
@@ -289,6 +291,7 @@ func init() {
 	viper.BindEnv("ldap-bind-password", "LDAP_BIND_PASSWORD")
 	viper.BindEnv("ldap-base-dn", "LDAP_BASE_DN")
 	viper.BindEnv("ldap-insecure", "LDAP_INSECURE")
+	viper.BindEnv("ldap-search-filter", "LDAP_SEARCH_FILTER")
 
 	// Bind flags to viper
 	viper.BindPFlags(rootCmd.Flags())
diff --git a/internal/ldap/ldap.go b/internal/ldap/ldap.go
index 4bb1538..39f709e 100644
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@@ -41,7 +41,7 @@ func (l *LDAP) Search(username string) (string, error) {
 	searchRequest := ldapgo.NewSearchRequest(
 		l.BaseDN,
 		ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
-		fmt.Sprintf("(uid=%s)", username),
+		fmt.Sprintf(l.Config.SearchFilter, username),
 		[]string{"dn"},
 		nil,
 	)
diff --git a/internal/types/config.go b/internal/types/config.go
index 188a7c5..74c6571 100644
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -41,6 +41,7 @@ type Config struct {
 	LdapBindPassword        string `mapstructure:"ldap-bind-password"`
 	LdapBaseDN              string `mapstructure:"ldap-base-dn"`
 	LdapInsecure            bool   `mapstructure:"ldap-insecure"`
+	LdapSearchFilter        string `mapstructure:"ldap-search-filter"`
 }
 
 // Server configuration
@@ -135,4 +136,5 @@ type LdapConfig struct {
 	BindPassword string
 	BaseDN       string
 	Insecure     bool
+	SearchFilter string
 }