diff --git a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
index 5781c4af35..27e8b9b1dd 100644
--- a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
@@ -123,6 +123,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
         populator.addConstructorArg(parseServerReference(elt, parserContext));
         populator.addConstructorArg(groupSearchBase);
         populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
+        populator.addPropertyValue("searchSubtree", Boolean.TRUE);
         
         if (StringUtils.hasText(rolePrefix)) {
             if ("none".equals(rolePrefix)) {
diff --git a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
index a25bc8a86d..4b2bf59769 100644
--- a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
@@ -38,8 +38,8 @@ public class LdapProviderBeanDefinitionParserTests {
         Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
         LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal();
 
-        assertEquals(2, ben.getAuthorities().length);
-    }  
+        assertEquals(3, ben.getAuthorities().length);
+    }
     
     @Test(expected = SecurityConfigurationException.class)
     public void missingServerEltCausesConfigException() {
diff --git a/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
index 3ed6a93ce9..af6b1677c8 100644
--- a/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
@@ -42,7 +42,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
         UserDetails ben = uds.loadUserByUsername("ben");
 
         Set authorities = AuthorityUtils.authorityArrayToSet(ben.getAuthorities());
-        assertEquals(2, authorities.size());
+        assertEquals(3, authorities.size());
         assertTrue(authorities.contains("ROLE_DEVELOPERS"));
     }
 
@@ -88,7 +88,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
         UserDetails ben = uds.loadUserByUsername("ben");
 
         Set authorities = AuthorityUtils.authorityArrayToSet(ben.getAuthorities());
-        assertEquals(2, authorities.size());
+        assertEquals(3, authorities.size());
         assertTrue(authorities.contains(new GrantedAuthorityImpl("ROLE_DEVELOPER")));
         
     }