diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 826896a146..e37e8a255c 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -42,6 +42,7 @@ import javax.naming.OperationNotSupportedException;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.ldap.InitialLdapContext;
+import java.io.Serializable;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -219,6 +220,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
 		}
 
+		handleResolveObj(exception);
+
 		int subErrorCode = parseSubErrorCode(exception.getMessage());
 
 		if (subErrorCode <= 0) {
@@ -234,6 +237,14 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 		}
 	}
 
+	private void handleResolveObj(NamingException exception) {
+		Object resolvedObj = exception.getResolvedObj();
+		boolean serializable = resolvedObj instanceof Serializable;
+		if (resolvedObj != null && !serializable) {
+			exception.setResolvedObj(null);
+		}
+	}
+
 	private int parseSubErrorCode(String message) {
 		Matcher m = SUB_ERROR_CODE.matcher(message);