diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index 78f3ecb4cb4b1453aea0b4127f3526b93c35d628..fbdd6c5934feec6d67af5c39b00906ce9bb3296f 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -1,3 +1,5 @@
+require 'net/ldap/dn'
+
 # OAuth extension for User model
 #
 # * Find GitLab user based on omniauth uid and provider
@@ -103,12 +105,29 @@ def ldap_person
         # Look for a corresponding person with same uid in any of the configured LDAP providers
         Gitlab::LDAP::Config.providers.each do |provider|
           adapter = Gitlab::LDAP::Adapter.new(provider)
-          @ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
+          @ldap_person = find_ldap_person(auth_hash.uid, adapter)
+
           break if @ldap_person
         end
         @ldap_person
       end
 
+      # OmniAuth providers can send anything as the `uid`. Try to be flexible
+      #
+      # Currently, this method only looks LDAP users by DN or uid. More may
+      # need to be added later.
+      def find_ldap_person(uid, adapter)
+        if Net::LDAP::DN.new(auth_hash.uid)
+          return Gitlab::LDAP::Person.find_by_dn(uid, adapter)
+        end
+      rescue RuntimeError => e
+        # Net::LDAP raises a generic RuntimeError. Bad library! Bad!
+        logger.debug { "Omniauth UID: '#{dn}' doesn't look like a DN. Trying next step. Message: #{e.message}" }
+
+        # Fallback to looking for an LDAP user by `uid`.
+        return Gitlab::LDAP::Person.find_by_uid(uid, adapter)
+      end
+
       def ldap_config
         Gitlab::LDAP::Config.new(ldap_person.provider) if ldap_person
       end