diff --git a/src/ldapserver.js b/src/ldapserver.js
index 0454b96ae..29a0551ca 100644
--- a/src/ldapserver.js
+++ b/src/ldapserver.js
@@ -53,10 +53,6 @@ async function userAuthInternal(appId, req, res, next) {
     const commonName = req.dn.rdns[0].attrs[attributeName].value;
     if (!commonName) return next(new ldap.NoSuchObjectError('Missing CN'));
 
-    // this code here is only for completeness. none of the apps send totptoken
-    const TOTPTOKEN_ATTRIBUTE_NAME = 'totptoken';
-    const totpToken = req.dn.rdns[0].attrs[TOTPTOKEN_ATTRIBUTE_NAME] ? req.dn.rdns[0].attrs[TOTPTOKEN_ATTRIBUTE_NAME].value : null;
-
     let verifyFunc;
     if (attributeName === 'mail') {
         verifyFunc = users.verifyWithEmail;
@@ -68,7 +64,7 @@ async function userAuthInternal(appId, req, res, next) {
         verifyFunc = users.verifyWithUsername;
     }
 
-    const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', appId || '', { skipTotpCheck: true, totpToken }));
+    const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', appId || '', { skipTotpCheck: true }));
     if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(error.message));
     if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(error.message));
     if (error) return next(new ldap.OperationsError(error.message));