diff --git a/flaschengeist/plugins/__init__.py b/flaschengeist/plugins/__init__.py
index a61e7f3..2aa8234 100644
--- a/flaschengeist/plugins/__init__.py
+++ b/flaschengeist/plugins/__init__.py
@@ -72,6 +72,16 @@ class AuthPlugin(Plugin):
         """
         pass
 
+    def find_user(self, userid, mail=None):
+        """Find an user by userid or mail
+        Args:
+            userid: Userid to search
+            mail: If set, mail to search
+        Returns:
+            None or User
+        """
+        return None
+
     def modify_user(self, user, password, new_password=None):
         """If backend is using (writeable) external data, then update the external database with the user provided.
         User might have roles not existing on the external database, so you might have to create those.
diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index 541bac9..f666397 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -52,23 +52,16 @@ class AuthLDAP(AuthPlugin):
             return False
         return self.ldap.authenticate(user.userid, password, "uid", self.dn)
 
+    def find_user(self, userid, mail=None):
+        attr = self.__find(userid, mail)
+        if attr:
+            user = User(userid=attr["uid"][0])
+            self.__update(user, attr)
+            return user
+
     def update_user(self, user):
-        self.ldap.connection.search(
-            "ou=user,{}".format(self.dn),
-            "(uid={})".format(user.userid),
-            SUBTREE,
-            attributes=["uid", "givenName", "sn", "mail"],
-        )
-        r = self.ldap.connection.response[0]["attributes"]
-        if r["uid"][0] == user.userid:
-            user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
-            user.firstname = r["givenName"][0]
-            user.lastname = r["sn"][0]
-            if r["mail"]:
-                user.mail = r["mail"][0]
-            if "displayName" in r:
-                user.display_name = r["displayName"][0]
-            userController.set_roles(user, self._get_groups(user.userid), create=True)
+        attr = self.__find(user.userid)
+        self.__update(user, attr)
 
     def create_user(self, user, password):
         if self.admin_dn is None:
@@ -182,6 +175,31 @@ class AuthLDAP(AuthPlugin):
         ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
         ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
 
+    def __find(self, userid, mail=None):
+        """Find attributes of an user by uid or mail in LDAP"""
+        con = self.ldap.connection
+        if not con:
+            con = self.ldap.connect(self.admin_dn, self.admin_secret)
+        con.search(
+            f"ou=user,{self.dn}",
+            f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
+            SUBTREE,
+            attributes=["uid", "givenName", "sn", "mail"],
+        )
+        return con.response[0]["attributes"]
+
+    def __update(self, user, attr):
+        """Update an User object with LDAP attributes"""
+        if attr["uid"][0] == user.userid:
+            user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
+            user.firstname = attr["givenName"][0]
+            user.lastname = attr["sn"][0]
+            if attr["mail"]:
+                user.mail = attr["mail"][0]
+            if "displayName" in attr:
+                user.display_name = attr["displayName"][0]
+            userController.set_roles(user, self._get_groups(user.userid), create=True)
+
     def __modify_role(
         self,
         role: Role,