diff --git a/server/ldap-admin/internal/logic/getdepartmentslogic.go b/server/ldap-admin/internal/logic/getdepartmentslogic.go
index 11a88cc4..f0a7d6ca 100644
--- a/server/ldap-admin/internal/logic/getdepartmentslogic.go
+++ b/server/ldap-admin/internal/logic/getdepartmentslogic.go
@@ -45,7 +45,7 @@ func (l *GetDepartmentsLogic) GetDepartments(req *types.Request, userinfo *auth.
 	if len(rootCn) == 0 {
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "root用户DN未设置")
 	}
-	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap)
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupOu)
 	filter := "(&(objectClass=*)(!(ou=" + l.svcCtx.Config.Ldap.PeopleGroupOu + "))(!(" + rootCn[0] + ")))" //所有object但是不包括people以及root用户
 	searchResult, err := ldapServer.Search(l.svcCtx.Config.Ldap.BaseDN, filter, nil, nil)
 	if err != nil {
diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go
index 1949a1de..965a1aa1 100644
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@@ -2,16 +2,25 @@ package ldap_lib
 
 import (
 	"errors"
+	"strings"
 
 	"github.com/go-ldap/ldap/v3"
 )
 
 type Ldap struct {
-	conn *ldap.Conn
+	baseDN        string
+	rootDN        string
+	peopleGroupOu string
+	conn          *ldap.Conn
 }
 
-func NewLdap(conn *ldap.Conn) *Ldap {
-	return &Ldap{conn}
+func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupOu string) *Ldap {
+	return &Ldap{
+		baseDN:        baseDN,
+		rootDN:        rootDN,
+		peopleGroupOu: peopleGroupOu,
+		conn:          conn,
+	}
 }
 
 // 更新资源(分组/用户)
@@ -41,7 +50,11 @@ func (l *Ldap) Delete(DN string) error {
 // 查询资源(分组/用户)
 func (l *Ldap) Search(DN, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
 	if filter == "" {
-		filter = "(objectClass=*)" //查询多个 与(&(objectClass=a)(objectClass=b)) 或  (|(objectClass=a)(objectClass=b))
+		rootCn := strings.Split(l.rootDN, ",")
+		if len(rootCn) == 0 {
+			return nil, errors.New("root用户DN未设置")
+		}
+		filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
 	}
 	searchRequest := ldap.NewSearchRequest(
 		DN,