diff --git a/tests/aux/ldap.pl b/tests/aux/ldap.pl
index 1fad4a4..c05b369 100755
--- a/tests/aux/ldap.pl
+++ b/tests/aux/ldap.pl
@@ -43,8 +43,9 @@ use constant RESULT_OK => {
 };
 
 my %objects = (
-  'uid=foo,ou=users,dc=example,dc=com' => ['vvincredible'],
-  'uid=test,ou=users,dc=example,dc=com' =>['cccccccfhcbe', 'ccccccbchvth'],
+  'base=uid=foo,ou=users,dc=example,dc=com' => {keys => ['vvincredible']},
+  'base=uid=test,ou=users,dc=example,dc=com' => {keys => ['cccccccfhcbe', 'ccccccbchvth']},
+  'sub:base=:(uid=test)' => {keys => ['cccccccfhcbe', 'ccccccbchvth'], dn => 'uid=test,out=users,dc=example,dc=com'},
 );
 
 sub bind {
@@ -56,14 +57,22 @@ sub bind {
 sub search {
   my $self = shift;
   my $reqData = shift;
-  my $base = $reqData->{'baseObject'};
-  my $id = $objects{$base};
+  my $id;
+  my $base;
+  if($reqData->{'scope'} == 0) {
+    $base = $reqData->{'baseObject'};
+    $id = $objects{'base=' . $base};
+  } elsif($reqData->{'scope'} == 2) {
+    my $match = $reqData->{'filter'}->{'equalityMatch'};
+    $id = $objects{'sub:base=' . $reqData->{'baseObject'} . ':(' . $match->{'attributeDesc'} . '=' . $match->{'assertionValue'} . ')'};
+    $base = $id->{'dn'};
+  }
   my @entries;
   if($id) {
     my $entry = Net::LDAP::Entry->new;
     $entry->dn($base);
     $entry->add(objectClass => [ "person" ]);
-    $entry->add(yubiKeyId => $id);
+    $entry->add(yubiKeyId => $id->{'keys'});
     push @entries, $entry;
   }
   return RESULT_OK, @entries;
diff --git a/tests/pam_test.c b/tests/pam_test.c
index e347b85..5f4e0c1 100644
--- a/tests/pam_test.c
+++ b/tests/pam_test.c
@@ -70,6 +70,15 @@ static const char *ldap_cfg[] = {
   "debug"
 };
 
+static const char *ldap_cfg2[] = {
+  "id=1",
+  "urllist=http://localhost:"YKVAL_PORT1"/wsapi/2/verify;http://localhost:"YKVAL_PORT2"/wsapi/2/verify",
+  "ldap_uri=ldap://localhost:"LDAP_PORT,
+  "ldap_filter=(uid=%u)",
+  "yubi_attr=yubiKeyId",
+  "debug"
+};
+
 static const struct data *test_get_data(void *id) {
   return &_data[(long)id];
 }
@@ -211,6 +220,10 @@ static int test_authenticate_ldap2(void) {
   return pam_sm_authenticate(4, 0, sizeof(ldap_cfg) / sizeof(char*), ldap_cfg);
 }
 
+static int test_authenticate_ldap3(void) {
+  return pam_sm_authenticate(4, 0, sizeof(ldap_cfg2) / sizeof(char*), ldap_cfg2);
+}
+
 static pid_t run_mock(const char *port, const char *type) {
   pid_t pid = fork();
   if(pid == 0) {
@@ -250,28 +263,32 @@ int main(void) {
     ret = 5;
     goto out;
   }
-#ifdef HAVE_LIBLDAP
-  if(test_authenticate_ldap1() != PAM_SUCCESS) {
+  if(test_authenticate3() != PAM_SUCCESS) {
     ret = 6;
     goto out;
   }
+#ifdef HAVE_LIBLDAP
+  if(test_authenticate_ldap1() != PAM_SUCCESS) {
+    ret = 1001;
+    goto out;
+  }
   if(test_authenticate_ldap_fail1() != PAM_USER_UNKNOWN) {
-    ret = 7;
+    ret = 1002;
     goto out;
   }
   if(test_authenticate_ldap_fail2() != PAM_AUTH_ERR) {
-    ret = 8;
+    ret = 1003;
     goto out;
   }
   if(test_authenticate_ldap2() != PAM_SUCCESS) {
-    ret = 9;
+    ret = 1004;
+    goto out;
+  }
+  if(test_authenticate_ldap3() != PAM_SUCCESS) {
+    ret = 1005;
     goto out;
   }
 #endif
-  if(test_authenticate3() != PAM_SUCCESS) {
-    ret = 10;
-    goto out;
-  }
 
 out:
   kill(child, 9);