diff --git a/application/forms/Config/UserBackend/LdapBackendForm.php b/application/forms/Config/UserBackend/LdapBackendForm.php
index ac2091398..df6e0a4c4 100644
--- a/application/forms/Config/UserBackend/LdapBackendForm.php
+++ b/application/forms/Config/UserBackend/LdapBackendForm.php
@@ -99,8 +99,8 @@ class LdapBackendForm extends Form
                     . 'Leave empty to not to use any additional filter rules.'
                 ),
                 'requirement'   => $this->translate(
-                    'The filter needs to be expressed as standard LDAP expression, without'
-                    . ' outer parentheses. (e.g. &(foo=bar)(bar=foo) or foo=bar)'
+                    'The filter needs to be expressed as standard LDAP expression.'
+                    . ' (e.g. &(foo=bar)(bar=foo) or foo=bar)'
                 ),
                 'validators'    => array(
                     array(
@@ -108,10 +108,15 @@ class LdapBackendForm extends Form
                         false,
                         array(
                             'callback'  => function ($v) {
-                                return strpos($v, '(') !== 0;
+                                // This is not meant to be a full syntax check. It will just
+                                // ensure that we can safely strip unnecessary parentheses.
+                                $v = trim($v);
+                                return ! $v || $v[0] !== '(' || (
+                                    strpos($v, ')(') !== false ? substr($v, -2) === '))' : substr($v, -1) === ')'
+                                );
                             },
                             'messages'  => array(
-                                'callbackValue' => $this->translate('The filter must not be wrapped in parantheses.')
+                                'callbackValue' => $this->translate('The filter is invalid. Please check your syntax.')
                             )
                         )
                     )
diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index 333969891..cec74a6e5 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -148,6 +148,10 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
     public function setFilter($filter)
     {
         if (($filter = trim($filter))) {
+            if ($filter[0] === '(') {
+                $filter = substr($filter, 1, -1);
+            }
+
             $this->filter = $filter;
         }
 
diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
index 224013e9f..976af266f 100644
--- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@@ -356,6 +356,10 @@ class LdapUserGroupBackend /*extends LdapRepository*/ implements UserGroupBacken
     public function setUserFilter($filter)
     {
         if (($filter = trim($filter))) {
+            if ($filter[0] === '(') {
+                $filter = substr($filter, 1, -1);
+            }
+
             $this->userFilter = $filter;
         }