diff --git a/pom.xml b/pom.xml
index 52d8ca033..29dcea80f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,6 +75,9 @@
 		<version.archunit>0.13.0</version.archunit>
 		<version.mockito>3.2.4</version.mockito>
 		<version.junit.mockito>3.2.4</version.junit.mockito>
+    <!-- byte buddy 1.9.7+ is needed to solve dependency errors with spring mock tests see LdapClientTest -->
+    <version.byte-buddy>1.9.7</version.byte-buddy>
+    <version.byte-buddy-agent>1.9.7</version.byte-buddy-agent>
 		<version.powermock>2.0.5</version.powermock>
 		<version.hamcrest>2.2</version.hamcrest>
 		<version.equalsverifier>3.1.12</version.equalsverifier>
diff --git a/rest/taskana-rest-spring/pom.xml b/rest/taskana-rest-spring/pom.xml
index bbfefa2a3..38d74ffdf 100644
--- a/rest/taskana-rest-spring/pom.xml
+++ b/rest/taskana-rest-spring/pom.xml
@@ -139,6 +139,30 @@
 			<version>${version.spring.restdocs}</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<version>${version.mockito}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-junit-jupiter</artifactId>
+			<version>${version.junit.mockito}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>net.bytebuddy</groupId>
+			<artifactId>byte-buddy</artifactId>
+			<version>${version.byte-buddy}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>net.bytebuddy</groupId>
+			<artifactId>byte-buddy-agent</artifactId>
+			<version>${version.byte-buddy-agent}</version>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>com.h2database</groupId>
 			<artifactId>h2</artifactId>
diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/ldap/LdapClient.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/ldap/LdapClient.java
index 49de6975c..51aa85f4b 100644
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/ldap/LdapClient.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/ldap/LdapClient.java
@@ -1,6 +1,7 @@
 package pro.taskana.ldap;
 
 import java.util.List;
+import java.util.regex.Pattern;
 import javax.annotation.PostConstruct;
 import javax.naming.directory.SearchControls;
 import org.slf4j.Logger;
@@ -64,6 +65,8 @@ public class LdapClient {
 
   private String groupsOfUser;
 
+  private String baseDn;
+
   private int minSearchForLength;
 
   private int maxNumberOfReturnedAccessIds;
@@ -182,16 +185,22 @@ public class LdapClient {
       throw new SystemException(
           "LdapClient was called but is not active due to missing configuration: " + message);
     }
-
+    // Obviously Spring LdapTemplate does have a inconsistency and always adds the base name to the
+    // given DN.
+    // https://stackoverflow.com/questions/55285743/spring-ldaptemplate-how-to-lookup-fully-qualified-dn-with-configured-base-dn
+    // Therefore we have to remove the base name from the dn before performing the lookup
+    // (?i) --> case insensitive replacement
+    String nameWithoutBaseDn = name.replaceAll("(?i)" + Pattern.quote("," + baseDn), "");
+    LOGGER.debug(
+        "Removes baseDN {} from given DN. New DN to be used: {}", baseDn, nameWithoutBaseDn);
     String[] groupAttributesToReturn;
     if (CN.equals(groupNameAttribute)) {
       groupAttributesToReturn = new String[] {CN};
     } else {
       groupAttributesToReturn = new String[] {getGroupNameAttribute(), CN};
     }
-
     final AccessIdResource accessId =
-        ldapTemplate.lookup(name, groupAttributesToReturn, new GroupContextMapper());
+        ldapTemplate.lookup(nameWithoutBaseDn, groupAttributesToReturn, new GroupContextMapper());
     LOGGER.debug("Exit from searchGroupByDn. Retrieved the following group: {}", accessId);
     return accessId;
   }
@@ -261,6 +270,10 @@ public class LdapClient {
     return env.getProperty("taskana.ldap.groupSearchBase");
   }
 
+  public String getBaseDn() {
+    return env.getProperty("taskana.ldap.baseDn");
+  }
+
   public String getGroupSearchFilterName() {
     return env.getProperty("taskana.ldap.groupSearchFilterName");
   }
@@ -298,7 +311,7 @@ public class LdapClient {
   }
 
   @PostConstruct
-  private void init() {
+  void init() {
     LOGGER.debug("Entry to init()");
     String strMinSearchForLength = getMinSearchForLengthAsString();
     if (strMinSearchForLength == null || strMinSearchForLength.isEmpty()) {
@@ -326,6 +339,7 @@ public class LdapClient {
       groupSearchFilterValue = getGroupSearchFilterValue();
       groupNameAttribute = getGroupNameAttribute();
       groupsOfUser = getGroupsOfUser();
+      baseDn = getBaseDn();
 
       ldapTemplate.setDefaultCountLimit(maxNumberOfReturnedAccessIds);
 
@@ -364,6 +378,9 @@ public class LdapClient {
       if (groupsOfUser == null) {
         message += " taskana.ldap.groupsOfUser is not configured.";
       }
+      if (baseDn == null) {
+        message += " taskana.ldap.baseDn is not configured.";
+      }
       if (!message.equals(emptyMessage)) {
         throw new SystemException(message);
       }
@@ -383,7 +400,7 @@ public class LdapClient {
   }
 
   /** Context Mapper for user entries. */
-  private class UserContextMapper extends AbstractContextMapper<AccessIdResource> {
+  class UserContextMapper extends AbstractContextMapper<AccessIdResource> {
 
     @Override
     public AccessIdResource doMapFromContext(final DirContextOperations context) {
@@ -397,7 +414,7 @@ public class LdapClient {
   }
 
   /** Context Mapper for user entries. */
-  private class GroupContextMapper extends AbstractContextMapper<AccessIdResource> {
+  class GroupContextMapper extends AbstractContextMapper<AccessIdResource> {
 
     @Override
     public AccessIdResource doMapFromContext(final DirContextOperations context) {
diff --git a/rest/taskana-rest-spring/src/test/java/pro/taskana/ldap/LdapClientTest.java b/rest/taskana-rest-spring/src/test/java/pro/taskana/ldap/LdapClientTest.java
new file mode 100644
index 000000000..afaf4d8a7
--- /dev/null
+++ b/rest/taskana-rest-spring/src/test/java/pro/taskana/ldap/LdapClientTest.java
@@ -0,0 +1,63 @@
+package pro.taskana.ldap;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.lenient;
+import static org.mockito.Mockito.verify;
+
+import java.util.stream.Stream;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoSettings;
+import org.springframework.core.env.Environment;
+import org.springframework.ldap.core.LdapTemplate;
+
+@MockitoSettings
+class LdapClientTest {
+
+  @Mock Environment environment;
+
+  @Mock LdapTemplate ldapTemplate;
+
+  @InjectMocks LdapClient cut;
+
+  @Test
+  void testLdap() {
+
+    setUpEnvMock();
+    cut.init();
+
+    cut.searchGroupByDn("cn=developersgroup,ou=groups,o=taskanatest");
+
+    verify(ldapTemplate)
+        .lookup(
+            eq("cn=developersgroup,ou=groups"), any(), any(LdapClient.GroupContextMapper.class));
+  }
+
+  private void setUpEnvMock() {
+    Stream.of(
+            new String[][] {
+              {"taskana.ldap.useLdap", "true"},
+              {"taskana.ldap.baseDn", "o=TaskanaTest"},
+              {"taskana.ldap.userSearchBase", "ou=people"},
+              {"taskana.ldap.userSearchFilterName", "objectclass"},
+              {"taskana.ldap.groupsOfUser", "memberUid"},
+              {"taskana.ldap.groupNameAttribute", "cn"},
+              {"taskana.ldap.groupSearchFilterValue", "groupOfUniqueNames"},
+              {"taskana.ldap.groupSearchFilterName", "objectclass"},
+              {"taskana.ldap.groupSearchBase", "ou=groups"},
+              {"taskana.ldap.userIdAttribute", "uid"},
+              {"taskana.ldap.userLastnameAttribute", "sn"},
+              {"taskana.ldap.userFirstnameAttribute", "givenName"},
+              {"taskana.ldap.userFirstnameAttribute", "givenName"},
+              {"taskana.ldap.userSearchFilterValue", "person"},
+              {"taskana.ldap.bindDn", "uid=admin,ou=system"},
+              {"taskana.ldap.bindPassword", "secret"},
+              {"taskana.ldap.serverUrl", "ldap://localhost:10389"},
+            })
+        .forEach(
+            strings ->
+                lenient().when(this.environment.getProperty(strings[0])).thenReturn(strings[1]));
+  }
+}