diff --git a/src/externalldap.js b/src/externalldap.js
index 8d911b192..cfd56887d 100644
--- a/src/externalldap.js
+++ b/src/externalldap.js
@@ -78,6 +78,11 @@ function testConfig(config, callback) {
     if (!config.baseDn) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'basedn must not be empty'));
     if (!config.filter) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'filter must not be empty'));
 
+    // basic validation
+    try { ldap.parseDN(config.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); }
+    try { ldap.parseFilter(config.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); }
+    if (config.bindDn) try { ldap.parseFilter(config.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); }
+
     var client;
     try {
         client = ldap.createClient({ url: config.url });
@@ -106,11 +111,10 @@ function testConfig(config, callback) {
         };
 
         client.search(config.baseDn, opts, function (error, result) {
-            console.error('---', error)
             if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
 
             result.on('searchEntry', function (entry) {});
-            result.on('error', function (error) { callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error)); });
+            result.on('error', function (error) { callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'Unable to search directory')); });
             result.on('end', function (result) { callback(); });
         });
     });