diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0cc3b893..8fe8e989 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Check RacksDB version executed by agent is greater or equal to the minimal
     supported version specified in gateway configuration settings (#415→#417).
   - Do not return clusters global stats in `/clusters` endpoint anymore.
+  - Lookup user DN in the scope of user base subtree before authentication on
+    LDAP directory by default (#446,447). This can be reverted to the previous
+    behavior by setting `lookup_user_dn=no` in `[ldap]` section of the gateway
+    configuration.
 - agent:
   - Skip registering of RacksDB API endpoints when disabled (#440).
   - Report error in logs instead of failing with critical error when unable to
diff --git a/slurmweb/apps/gateway.py b/slurmweb/apps/gateway.py
index 18c389b6..cfe7d990 100644
--- a/slurmweb/apps/gateway.py
+++ b/slurmweb/apps/gateway.py
@@ -170,6 +170,7 @@ def __init__(self, seed):
                     bind_dn=self.settings.ldap.bind_dn,
                     bind_password=self.settings.ldap.bind_password,
                     restricted_groups=self.settings.ldap.restricted_groups,
+                    lookup_user_dn=self.settings.ldap.lookup_user_dn,
                 )
             else:
                 raise SlurmwebConfigurationError(