diff --git a/lib/initConf.js b/lib/initConf.js
index c6e437f5..de61745f 100644
--- a/lib/initConf.js
+++ b/lib/initConf.js
@@ -10,6 +10,7 @@ var defaults = {
   LDAP_SEARCH_GROUPS:                   '(member:1.2.840.113556.1.4.1941:={0})',
   LDAP_USER_BY_NAME:                    '(sAMAccountName={0})',
   LDAP_NUMBER_OF_PARALLEL_BINDS:        1,
+  LDAP_HEARTBEAT_SEARCH_QUERY:          '(&(objectclass=user)(|(sAMAccountName=foo)(UserPrincipalName=foo)))',
   WSFED_ISSUER:                         'urn:auth0',
   AGENT_MODE:                           true,
   GROUPS:                               true,
@@ -18,7 +19,7 @@ var defaults = {
   GROUP_PROPERTY:                       'cn',
   GROUP_PROPERTIES:                     [],
   GROUPS_CACHE_SECONDS:                 600,
-  GROUPS_DEREF_ALIASES:			0,  
+  GROUPS_DEREF_ALIASES:			0,
   ALLOW_PASSWORD_EXPIRED:               false,
   ALLOW_PASSWORD_CHANGE_REQUIRED:       false,
   OVERRIDE_CONFIG:                      true,
diff --git a/lib/ldap.js b/lib/ldap.js
index 0fdde7dc..d6ac3ee6 100644
--- a/lib/ldap.js
+++ b/lib/ldap.js
@@ -28,7 +28,12 @@ function initializeConnection () {
   });
 
   connection.heartbeat = function (callback) {
-    connection.search('', '(&(objectclass=user)(|(sAMAccountName=foo)(UserPrincipalName=foo)))', function (err, res) {
+    var opts = {
+      scope: 'sub',
+      filter: nconf.get('LDAP_HEARTBEAT_SEARCH_QUERY'),
+      sizeLimit: 1
+    };
+    connection.search(nconf.get('LDAP_BASE'), opts, function (err, res) {
       if (err) {
         return callback(err);
       }