diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb
index adf12f5abdbda03c222bbfd85b13472c6a31e529..901acb63057c9377b7491aeb027b5b894ca45e6a 100644
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@@ -1,16 +1,21 @@
+# LDAP authorization model
+#
+# * Check if we are allowed access (not blocked)
+# * Update authorizations and associations
+#
 module Gitlab
   module LDAP
     class Access
-      attr_reader :adapter
+      attr_reader :adapter, :provider
 
-      def self.open(&block)
-        Gitlab::LDAP::Adapter.open do |adapter|
-          block.call(self.new(adapter))
+      def self.open(provider, &block)
+        Gitlab::LDAP::Adapter.open(provider) do |adapter|
+          block.call(self.new(provider, adapter))
         end
       end
 
       def self.allowed?(user)
-        self.open do |access|
+        self.open(user.provider) do |access|
           if access.allowed?(user)
             access.update_permissions(user)
             access.update_email(user)
@@ -23,7 +28,8 @@ module Gitlab
         end
       end
 
-      def initialize(adapter=nil)
+      def initialize(provider, adapter=nil)
+        @provider = provider
         @adapter = adapter
       end
 
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index a50a30d6bdcfb826c7073989ccf63a239882b2d2..28a48671d856589013e410f61b779ddc356ddcbd 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -66,7 +66,7 @@ module Gitlab
       def find_by_uid_and_provider
         # LDAP distinguished name is case-insensitive
         model.
-          where(provider: auth_hash.provider).
+          where(provider: [auth_hash.provider, :ldap]).
           where('lower(extern_uid) = ?', auth_hash.uid.downcase).last
       end