diff --git a/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java b/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
index 4c9e0b8de4..86c398e837 100644
--- a/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.java
@@ -108,7 +108,8 @@ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken toke
         // Binds using the username and password provided by the user.
         LdapContext ctx = null;
         try {
-            ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword()));
+            ctx = ldapContextFactory.getLdapContext(getUsernameWithSuffix(upToken.getUsername()),
+                    String.valueOf(upToken.getPassword()));
         } finally {
             LdapUtils.closeContext(ctx);
         }
@@ -166,11 +167,7 @@ protected Set<String> getRoleNamesForUser(String username, LdapContext ldapConte
         SearchControls searchControls = new SearchControls();
         searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
-        String userPrincipalName = username;
-        if (principalSuffix != null
-                && !userPrincipalName.toLowerCase(Locale.ROOT).endsWith(principalSuffix.toLowerCase(Locale.ROOT))) {
-            userPrincipalName += principalSuffix;
-        }
+        String userPrincipalName = getUsernameWithSuffix(username);
 
         Object[] searchArguments = new Object[] {userPrincipalName};
 
@@ -236,4 +233,12 @@ protected Collection<String> getRoleNamesForGroups(Collection<String> groupNames
         return roleNames;
     }
 
+    protected String getUsernameWithSuffix(String username) {
+        if (principalSuffix != null
+                && !username.toLowerCase(Locale.ROOT).endsWith(principalSuffix.toLowerCase(Locale.ROOT))) {
+            return username + principalSuffix;
+        }
+        return username;
+    }
+
 }
diff --git a/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java b/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
index edd6e52832..e64425f4e6 100644
--- a/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
+++ b/core/src/main/java/org/apache/shiro/realm/ldap/AbstractLdapRealm.java
@@ -100,6 +100,15 @@ public abstract class AbstractLdapRealm extends AuthorizingRealm {
     |               M E T H O D S               |
     ============================================*/
 
+    /**
+     * Used when initializing the default {@link LdapContextFactory}.  This property is ignored if a custom
+     * <tt>LdapContextFactory</tt> is specified.
+     *
+     * @param principalSuffix the suffix.
+     */
+    public void setPrincipalSuffix(String principalSuffix) {
+        this.principalSuffix = principalSuffix;
+    }
 
     /**
      * Used when initializing the default {@link LdapContextFactory}.  This property is ignored if a custom