diff --git a/files/ldap-user-filter.patch b/files/ldap-user-filter.patch
new file mode 100644
index 0000000..a22b83a
--- /dev/null
+++ b/files/ldap-user-filter.patch
@@ -0,0 +1,19 @@
+--- lib/ldap/user.rb.orig       2021-07-28 23:16:02.518958920 +0200
++++ lib/ldap/user.rb    2021-07-28 22:47:00.991810209 +0200
+@@ -95,7 +95,7 @@
+     def valid?(username, password)
+       bind_success = @ldap.connection.bind_as(
+         base:     @ldap.base_dn,
+-        filter:   "(#{login_attribute}=#{username})",
++        filter:   @user_filter ? "(&(#{login_attribute}=#{username})#{@user_filter})" : "(#{login_attribute}=#{username})",
+         password: password
+       )
+ 
+@@ -179,6 +179,7 @@
+ 
+       @uid_attribute = config[:uid_attribute]
+       @filter        = config[:filter]
++      @user_filter   = config[:user_filter]
+     end
+   end
+ end
diff --git a/tasks/zammad.yml b/tasks/zammad.yml
index 75965a2..efdf09f 100644
--- a/tasks/zammad.yml
+++ b/tasks/zammad.yml
@@ -18,3 +18,10 @@
   patch:
     src: plain-text.patch
     dest: "{{ zammad_home }}/app/models/channel/email_build.rb"
+
+# https://github.com/zammad/zammad/pull/3682
+- name: "zammad: Wende ldap-user-filter-Patch an"
+  patch:
+    src: ldap-user-filter.patch
+    dest: "{{ zammad_home }}/lib/ldap/user.rb"
+