diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index f3fc7703c..e9c98a42f 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -14,7 +14,7 @@ use Icinga\Repository\RepositoryQuery;
 use Icinga\Protocol\Ldap\LdapException;
 use Icinga\User;
 
-class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
+class LdapUserBackend extends LdapRepository implements UserBackendInterface, DomainAwareInterface, Inspectable
 {
     /**
      * The base DN to use for a query
@@ -44,6 +44,13 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
      */
     protected $filter;
 
+    /**
+     * The domain the backend is responsible for
+     *
+     * @var string
+     */
+    protected $domain;
+
     /**
      * The columns which are not permitted to be queried
      *
@@ -174,6 +181,29 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
         return $this->filter;
     }
 
+    public function getDomain()
+    {
+        return $this->domain;
+    }
+
+    /**
+     * Set the domain the backend is responsible for
+     *
+     * @param   string  $domain
+     *
+     * @return  $this
+     */
+    public function setDomain($domain)
+    {
+        $domain = trim($domain);
+
+        if (strlen($domain)) {
+            $this->domain = $domain;
+        }
+
+        return $this;
+    }
+
     /**
      * Apply the given configuration to this backend
      *
@@ -187,7 +217,8 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
             ->setBaseDn($config->base_dn)
             ->setUserClass($config->user_class)
             ->setUserNameAttribute($config->user_name_attribute)
-            ->setFilter($config->filter);
+            ->setFilter($config->filter)
+            ->setDomain($config->domain);
     }
 
     /**
@@ -372,10 +403,20 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
      */
     public function authenticate(User $user, $password)
     {
+        if ($this->domain !== null) {
+            if (! $user->hasDomain() || strtolower($user->getDomain()) !== $this->domain) {
+                return false;
+            }
+
+            $username = $user->getLocalUsername();
+        } else {
+            $username = $user->getUsername();
+        }
+
         try {
             $userDn = $this
                 ->select()
-                ->where('user_name', str_replace('*', '', $user->getUsername()))
+                ->where('user_name', str_replace('*', '', $username))
                 ->getQuery()
                 ->setUsePagedResults(false)
                 ->fetchDn();
@@ -392,7 +433,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
         } catch (LdapException $e) {
             throw new AuthenticationException(
                 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
-                $user->getUsername(),
+                $username,
                 $this->getName(),
                 $e
             );