diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py
index 9dd151561..07ec0f375 100644
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -32,6 +32,13 @@ class LDAPAuthorizationBackend(LDAPBackend):
         if not username:
             logger.info('Authenticate failed: username is None')
             return None
+        if settings.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS:
+            user_model = self.get_user_model()
+            exist = user_model.objects.filter(username=username).exists()
+            if not exist:
+                msg = 'Authentication failed: user ({}) is not in the user list'
+                logger.info(msg.format(username))
+                return None
         ldap_user = LDAPUser(self, username=username.strip(), request=request)
         user = self.authenticate_ldap_user(ldap_user, password)
         logger.info('Authenticate user: {}'.format(user))
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 9825eaece..0df26d149 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -378,6 +378,7 @@ defaults = {
     'AUTH_LDAP_SYNC_IS_PERIODIC': False,
     'AUTH_LDAP_SYNC_INTERVAL': None,
     'AUTH_LDAP_SYNC_CRONTAB': None,
+    'AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS': False,
     'HTTP_BIND_HOST': '0.0.0.0',
     'HTTP_LISTEN_PORT': 8080,
     'WS_LISTEN_PORT': 8070,
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index b0db8dbab..6088358f1 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -429,6 +429,7 @@ AUTH_LDAP_SEARCH_PAGED_SIZE = CONFIG.AUTH_LDAP_SEARCH_PAGED_SIZE
 AUTH_LDAP_SYNC_IS_PERIODIC = CONFIG.AUTH_LDAP_SYNC_IS_PERIODIC
 AUTH_LDAP_SYNC_INTERVAL = CONFIG.AUTH_LDAP_SYNC_INTERVAL
 AUTH_LDAP_SYNC_CRONTAB = CONFIG.AUTH_LDAP_SYNC_CRONTAB
+AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS = CONFIG.AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS
 
 AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
 AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'