diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
index 78dc628..73b46f4 100644
--- a/ldapauthenticator/ldapauthenticator.py
+++ b/ldapauthenticator/ldapauthenticator.py
@@ -385,6 +385,18 @@ def _observe_escape_userdn(self, change):
         """,
     )
 
+    attributes_search_filter = Unicode(
+        config=True,
+        default_value="(objectClass=*)",
+        allow_none=True,
+        help="""
+        Filter for querying user attributes lookup.
+
+        Default value `'(objectClass=*)'` should be good enough for most
+        use cases.
+        """,
+    )
+
     auth_state_attributes = List(
         config=True,
         help="""
@@ -564,7 +576,7 @@ def get_user_attributes(self, conn, userdn):
             conn.search(
                 search_base=userdn,
                 search_scope=ldap3.SUBTREE,
-                search_filter="(objectClass=*)",
+                search_filter=self.attributes_search_filter,
                 attributes=self.auth_state_attributes,
             )