diff --git a/CHANGELOG b/CHANGELOG
index 69c2c120d99f25d593d9dc60b23d8da1923e2c60..2ec3bd28b39c70e03c9bf43314b2902db151bb03 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,6 +27,7 @@ v 8.0.0 (unreleased)
   - Make all profiles public
   - Fixed login failure when extern_uid changes (Joel Koglin)
   - Don't notify users without access to the project when they are (accidentally) mentioned in a note.
+  - Retrieving oauth token with LDAP credentials
 
 v 7.14.1
   - Improve abuse reports management from admin area
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 6139ddbe6cd7d9d76e8234269d4ded5c6ce7891e..66ac88e9f4af7df56fa80799c49afe4e3debb9d6 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -12,8 +12,7 @@ Doorkeeper.configure do
   end
 
   resource_owner_from_credentials do |routes|
-    u = User.find_by(email: params[:username]) || User.find_by(username: params[:username])
-    u if u && u.valid_password?(params[:password])
+    Gitlab::Auth.new.find(params[:username], params[:password])
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.