diff --git a/src/externalldap.js b/src/externalldap.js
index 791e5e940..3b7a586eb 100644
--- a/src/externalldap.js
+++ b/src/externalldap.js
@@ -55,6 +55,7 @@ function testConfig(config, callback) {
     if (!config.url) return callback(new BoxError(BoxError.BAD_FIELD, 'url must not be empty'));
     if (!config.baseDn) return callback(new BoxError(BoxError.BAD_FIELD, 'basedn must not be empty'));
     if (!config.filter) return callback(new BoxError(BoxError.BAD_FIELD, 'filter must not be empty'));
+    if (!config.usernameField) config.usernameField = 'uid';
 
     getClient(config, function (error, client) {
         if (error) return callback(error);
@@ -162,25 +163,27 @@ function sync(progressCallback, callback) {
                         // ignore the bindDn user if any
                         if (user.dn === externalLdapConfig.bindDn) return iteratorCallback();
 
-                        users.getByUsername(user.uid, function (error, result) {
+                        const username = user[externalLdapConfig.usernameField];
+
+                        users.getByUsername(username, function (error, result) {
                             if (error && error.reason !== BoxError.NOT_FOUND) {
                                 console.error(error);
                                 return iteratorCallback();
                             }
 
                             if (error) {
-                                debug('[adding user]     ', user.uid, user.mail, user.cn);
+                                debug('[adding user]     ', username, user.mail, user.cn);
 
-                                users.create(user.uid, null, user.mail, user.cn, { source: 'ldap' }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
+                                users.create(username, null /* password */, user.mail, user.cn, { source: 'ldap' }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
                                     if (error) console.error('Failed to create user', user, error);
                                     iteratorCallback();
                                 });
                             } else if (result.source !== 'ldap') {
-                                debug('[conflicting user]', user.uid, user.mail, user.cn);
+                                debug('[conflicting user]', username, user.mail, user.cn);
 
                                 iteratorCallback();
                             } else if (result.email !== user.mail || result.displayName !== user.cn) {
-                                debug('[updating user]   ', user.uid, user.mail, user.cn);
+                                debug('[updating user]   ', username, user.mail, user.cn);
 
                                 users.update(result.id, { email: user.mail, fallbackEmail: user.mail, displayName: user.cn }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
                                     if (error) console.error('Failed to update user', user, error);
@@ -188,6 +191,7 @@ function sync(progressCallback, callback) {
                                 });
                             } else {
                                 // user known and up-to-date
+                                debug('[up-to-date user]   ', username, user.mail, user.cn);
                                 iteratorCallback();
                             }
                         });
diff --git a/src/routes/settings.js b/src/routes/settings.js
index 4474b438a..83b4937ce 100644
--- a/src/routes/settings.js
+++ b/src/routes/settings.js
@@ -199,11 +199,11 @@ function setExternalLdapConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
     if (!req.body.provider || typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string'));
-    if (typeof req.body.provider !== 'string' || req.body.provider === '') return next(new HttpError(400, 'provider must be non-empty string'));
-    if (typeof req.body.url !== 'string' || req.body.url === '') return next(new HttpError(400, 'url must be a non empty string'));
-    if (typeof req.body.baseDn !== 'string' || req.body.baseDn === '') return next(new HttpError(400, 'baseDn must be a non empty string'));
-    if (typeof req.body.filter !== 'string' || req.body.filter === '') return next(new HttpError(400, 'filter must be a non empty string'));
-    if ('bindDn' in req.body && (typeof req.body.bindDn !== 'string' || req.body.bindDn === '')) return next(new HttpError(400, 'bindDn must be a non empty string'));
+    if ('url' in req.body && typeof req.body.url !== 'string') return next(new HttpError(400, 'url must be a string'));
+    if ('baseDn' in req.body && typeof req.body.baseDn !== 'string') return next(new HttpError(400, 'baseDn must be a string'));
+    if ('usernameField' in req.body && typeof req.body.usernameField !== 'string') return next(new HttpError(400, 'usernameField must be a string'));
+    if ('filter' in req.body && typeof req.body.filter !== 'string') return next(new HttpError(400, 'filter must be a string'));
+    if ('bindDn' in req.body && typeof req.body.bindDn !== 'string') return next(new HttpError(400, 'bindDn must be a non empty string'));
     if ('bindPassword' in req.body && typeof req.body.bindPassword !== 'string') return next(new HttpError(400, 'bindPassword must be a string'));
 
     settings.setExternalLdapConfig(req.body, function (error) {