diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
index 3ae96945296942..1186469a1ec822 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
@@ -112,7 +112,7 @@ public boolean checkUpdate(String ldapPassword) {
     private void init() {
         LdapInfo ldapInfo = Env.getCurrentEnv().getAuth().getLdapInfo();
         if (ldapInfo == null || !ldapInfo.isValid()) {
-            LOG.error("info is null, maybe no ldap admin password is set.");
+            LOG.error("LDAP info is null or invalid, LDAP admin password may not be set");
             ErrorReport.report(ErrorCode.ERROR_LDAP_CONFIGURATION_ERR);
             throw new RuntimeException("ldapTemplate is not initialized");
         }
@@ -163,18 +163,18 @@ List<String> getGroups(String userName) {
             return groups;
         }
         List<String> groupDns;
-
-        // Support Open Directory implementations
-        // If no group filter is configured, it defaults to querying groups based on the attribute 'member'
-        // for standard LDAP implementations
         if (!LdapConfig.ldap_group_filter.isEmpty()) {
+            // Support Open Directory implementations
+            String filter = LdapConfig.ldap_group_filter.replace("{login}", userName);
             groupDns = getDn(org.springframework.ldap.query.LdapQueryBuilder.query()
-                .base(LdapConfig.ldap_group_basedn)
-                .filter(getGroupFilter(LdapConfig.ldap_group_filter, userName)));
+                    .attributes("dn")
+                    .base(LdapConfig.ldap_group_basedn)
+                    .filter(filter));
         } else {
+            // Standard LDAP using member attribute
             groupDns = getDn(org.springframework.ldap.query.LdapQueryBuilder.query()
-                .base(LdapConfig.ldap_group_basedn)
-                .where("member").is(userDn));
+                    .base(LdapConfig.ldap_group_basedn)
+                    .where("member").is(userDn));
         }
 
         if (groupDns == null) {
@@ -209,11 +209,12 @@ private String getUserDn(String userName) {
     private List<String> getDn(LdapQuery query) {
         init();
         try {
-            return clientInfo.getLdapTemplatePool().search(query, new AbstractContextMapper<String>() {
-                protected String doMapFromContext(DirContextOperations ctx) {
-                    return ctx.getNameInNamespace();
-                }
-            });
+            return clientInfo.getLdapTemplatePool().search(query,
+                    new AbstractContextMapper<String>() {
+                        protected String doMapFromContext(DirContextOperations ctx) {
+                            return ctx.getNameInNamespace();
+                        }
+                    });
         } catch (Exception e) {
             LOG.error("Get user dn fail.", e);
             ErrorReport.report(ErrorCode.ERROR_LDAP_CONFIGURATION_ERR);
@@ -224,8 +225,4 @@ protected String doMapFromContext(DirContextOperations ctx) {
     private String getUserFilter(String userFilter, String userName) {
         return userFilter.replaceAll("\\{login}", userName);
     }
-
-    private String getGroupFilter(String groupFilter, String userName) {
-        return groupFilter.replaceAll("\\{login}", userName);
-    }
 }