diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
index 35907021cd..6f335651c7 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
@@ -303,6 +303,13 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
 
       securityRoles = new HashMap<>();
       try {
+         if (logger.isDebugEnabled()) {
+            logger.debug(new StringBuilder().append("Performing LDAP search: ").append(destinationBase)
+                                            .append("\tfilter: ").append(filter)
+                                            .append("\tcontrols:")
+                                            .append("\t\treturningAttributes: ").append(roleAttribute)
+                                            .append("\t\tsearchScope: SUBTREE_SCOPE"));
+         }
          NamingEnumeration<SearchResult> searchResults = context.search(destinationBase, filter, searchControls);
          while (searchResults.hasMore()) {
             processSearchResult(securityRoles, searchResults.next());
@@ -321,50 +328,52 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
 
    private void processSearchResult(Map<String, Set<Role>> securityRoles,
                                     SearchResult searchResult) throws NamingException {
+      LdapName searchResultLdapName = new LdapName(searchResult.getName());
       Attributes attrs = searchResult.getAttributes();
       if (attrs == null || attrs.size() == 0) {
+         if (logger.isDebugEnabled()) {
+            logger.debug("Skipping LDAP search result \"" + searchResultLdapName + "\" with " + (attrs == null ? "null" : attrs.size()) + " attributes");
+         }
          return;
       }
-      LdapName searchResultLdapName = new LdapName(searchResult.getName());
-      if (logger.isDebugEnabled()) {
-         logger.debug("LDAP search result : " + searchResultLdapName);
-      }
-      String permissionType = null;
-      String destination = null;
-      String destinationType = "unknown";
       List<Rdn> rdns = searchResultLdapName.getRdns();
       if (rdns.size() < 3) {
          if (logger.isDebugEnabled()) {
-            logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs.");
+            logger.debug("\tSkipping LDAP search result \"" + searchResultLdapName + "\" with " + rdns.size() + " RDNs.");
          }
          return;
       }
+      StringBuilder logMessage = new StringBuilder();
+      if (logger.isDebugEnabled()) {
+         logMessage.append("LDAP search result: ").append(searchResultLdapName);
+      }
       // we can count on the RNDs being in order from right to left
       Rdn rdn = rdns.get(rdns.size() - 3);
       String rawDestinationType = rdn.getValue().toString();
+      String destinationType = "unknown";
       if (rawDestinationType.toLowerCase().contains("queue")) {
          destinationType = "queue";
       } else if (rawDestinationType.toLowerCase().contains("topic")) {
          destinationType = "topic";
       }
       if (logger.isDebugEnabled()) {
-         logger.debug("\tDestination type: " + destinationType);
+         logMessage.append("\tDestination type: ").append(destinationType);
       }
 
       rdn = rdns.get(rdns.size() - 2);
       if (logger.isDebugEnabled()) {
-         logger.debug("\tDestination name: " + rdn.getValue());
+         logMessage.append("\tDestination name: ").append(rdn.getValue());
       }
-      destination = rdn.getValue().toString();
+      String destination = rdn.getValue().toString();
 
       rdn = rdns.get(rdns.size() - 1);
       if (logger.isDebugEnabled()) {
-         logger.debug("\tPermission type: " + rdn.getValue());
+         logMessage.append("\tPermission type: ").append(rdn.getValue());
       }
-      permissionType = rdn.getValue().toString();
+      String permissionType = rdn.getValue().toString();
 
       if (logger.isDebugEnabled()) {
-         logger.debug("\tAttributes: " + attrs);
+         logMessage.append("\tAttributes: ").append(attrs);
       }
       Attribute attr = attrs.get(roleAttribute);
       NamingEnumeration<?> e = attr.getAll();
@@ -382,7 +391,7 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
          rdn = ldapname.getRdn(ldapname.size() - 1);
          String roleName = rdn.getValue().toString();
          if (logger.isDebugEnabled()) {
-            logger.debug("\tRole name: " + roleName);
+            logMessage.append("\tRole name: ").append(roleName);
          }
          Role role = new Role(roleName,
                               permissionType.equalsIgnoreCase(writePermissionValue), // send
@@ -399,6 +408,10 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
          roles.add(role);
       }
 
+      if (logger.isDebugEnabled()) {
+         logger.debug(logMessage);
+      }
+
       if (!exists) {
          securityRoles.put(destination, roles);
       }