diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py
--- a/rhodecode/authentication/base.py
+++ b/rhodecode/authentication/base.py
@@ -627,3 +627,21 @@ def authenticate(username, password, env
         log.debug("User `%s` failed to authenticate against %s",
                   display_user, plugin.get_id())
     return None
+
+
+def chop_at(s, sub, inclusive=False):
+    """Truncate string ``s`` at the first occurrence of ``sub``.
+
+    If ``inclusive`` is true, truncate just after ``sub`` rather than at it.
+
+    >>> chop_at("plutocratic brats", "rat")
+    'plutoc'
+    >>> chop_at("plutocratic brats", "rat", True)
+    'plutocrat'
+    """
+    pos = s.find(sub)
+    if pos == -1:
+        return s
+    if inclusive:
+        return s[:pos+len(sub)]
+    return s[:pos]
diff --git a/rhodecode/authentication/plugins/auth_crowd.py b/rhodecode/authentication/plugins/auth_crowd.py
--- a/rhodecode/authentication/plugins/auth_crowd.py
+++ b/rhodecode/authentication/plugins/auth_crowd.py
@@ -28,10 +28,9 @@ import base64
 import logging
 import urllib2
 
-from pylons.i18n.translation import lazy_ugettext as _
-from sqlalchemy.ext.hybrid import hybrid_property
-
-from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
+from rhodecode.translation import _
+from rhodecode.authentication.base import (
+    RhodeCodeExternalAuthPlugin, hybrid_property)
 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.colander_utils import strip_whitespace
diff --git a/rhodecode/authentication/plugins/auth_headers.py b/rhodecode/authentication/plugins/auth_headers.py
--- a/rhodecode/authentication/plugins/auth_headers.py
+++ b/rhodecode/authentication/plugins/auth_headers.py
@@ -21,15 +21,14 @@
 import colander
 import logging
 
-from sqlalchemy.ext.hybrid import hybrid_property
-
-from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
+from rhodecode.translation import _
+from rhodecode.authentication.base import (
+    RhodeCodeExternalAuthPlugin, hybrid_property)
 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.colander_utils import strip_whitespace
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.model.db import User
-from rhodecode.translation import _
 
 
 log = logging.getLogger(__name__)
diff --git a/rhodecode/authentication/plugins/auth_jasig_cas.py b/rhodecode/authentication/plugins/auth_jasig_cas.py
--- a/rhodecode/authentication/plugins/auth_jasig_cas.py
+++ b/rhodecode/authentication/plugins/auth_jasig_cas.py
@@ -30,10 +30,9 @@ import rhodecode
 import urllib
 import urllib2
 
-from pylons.i18n.translation import lazy_ugettext as _
-from sqlalchemy.ext.hybrid import hybrid_property
-
-from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
+from rhodecode.translation import _
+from rhodecode.authentication.base import (
+    RhodeCodeExternalAuthPlugin, hybrid_property)
 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.colander_utils import strip_whitespace
diff --git a/rhodecode/authentication/plugins/auth_ldap.py b/rhodecode/authentication/plugins/auth_ldap.py
--- a/rhodecode/authentication/plugins/auth_ldap.py
+++ b/rhodecode/authentication/plugins/auth_ldap.py
@@ -27,10 +27,9 @@ import colander
 import logging
 import traceback
 
-from pylons.i18n.translation import lazy_ugettext as _
-from sqlalchemy.ext.hybrid import hybrid_property
-
-from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
+from rhodecode.translation import _
+from rhodecode.authentication.base import (
+    RhodeCodeExternalAuthPlugin, chop_at, hybrid_property)
 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.colander_utils import strip_whitespace
@@ -72,14 +71,15 @@ class LdapSettingsSchema(AuthnPluginSett
     host = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('Host of the LDAP Server'),
+        description=_('Host of the LDAP Server \n'
+                      '(e.g., 192.168.2.154, or ldap-server.domain.com'),
         preparer=strip_whitespace,
         title=_('LDAP Host'),
         widget='string')
     port = colander.SchemaNode(
         colander.Int(),
         default=389,
-        description=_('Port that the LDAP server is listening on'),
+        description=_('Custom port that the LDAP server is listening on. Default: 389'),
         preparer=strip_whitespace,
         title=_('Port'),
         validator=colander.Range(min=0, max=65536),
@@ -87,7 +87,9 @@ class LdapSettingsSchema(AuthnPluginSett
     dn_user = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('User to connect to LDAP'),
+        description=_('Optional user DN/account to connect to LDAP if authentication is required. \n'
+                      'e.g., cn=admin,dc=mydomain,dc=com, or '
+                      'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'),
         missing='',
         preparer=strip_whitespace,
         title=_('Account'),
@@ -95,7 +97,7 @@ class LdapSettingsSchema(AuthnPluginSett
     dn_pass = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('Password to connect to LDAP'),
+        description=_('Password to authenticate for given user DN.'),
         missing='',
         preparer=strip_whitespace,
         title=_('Password'),
@@ -117,7 +119,9 @@ class LdapSettingsSchema(AuthnPluginSett
     base_dn = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('Base DN to search (e.g., dc=mydomain,dc=com)'),
+        description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker '
+                      'in it to be replaced with current user credentials \n'
+                      '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'),
         missing='',
         preparer=strip_whitespace,
         title=_('Base DN'),
@@ -125,22 +129,25 @@ class LdapSettingsSchema(AuthnPluginSett
     filter = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('Filter to narrow results (e.g., ou=Users, etc)'),
+        description=_('Filter to narrow results \n'
+                      '(e.g., (&(objectCategory=Person)(objectClass=user)), or \n'
+                      '(memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))'),
         missing='',
         preparer=strip_whitespace,
         title=_('LDAP Search Filter'),
         widget='string')
+
     search_scope = colander.SchemaNode(
         colander.String(),
-        default=search_scope_choices[0],
-        description=_('How deep to search LDAP'),
+        default=search_scope_choices[2],
+        description=_('How deep to search LDAP. If unsure set to SUBTREE'),
         title=_('LDAP Search Scope'),
         validator=colander.OneOf(search_scope_choices),
         widget='select')
     attr_login = colander.SchemaNode(
         colander.String(),
-        default='',
-        description=_('LDAP Attribute to map to user name'),
+        default='uid',
+        description=_('LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)'),
         preparer=strip_whitespace,
         title=_('Login Attribute'),
         missing_msg=_('The LDAP Login attribute of the CN must be specified'),
@@ -148,7 +155,7 @@ class LdapSettingsSchema(AuthnPluginSett
     attr_firstname = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('LDAP Attribute to map to first name'),
+        description=_('LDAP Attribute to map to first name (e.g., givenName)'),
         missing='',
         preparer=strip_whitespace,
         title=_('First Name Attribute'),
@@ -156,7 +163,7 @@ class LdapSettingsSchema(AuthnPluginSett
     attr_lastname = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('LDAP Attribute to map to last name'),
+        description=_('LDAP Attribute to map to last name (e.g., sn)'),
         missing='',
         preparer=strip_whitespace,
         title=_('Last Name Attribute'),
@@ -164,7 +171,9 @@ class LdapSettingsSchema(AuthnPluginSett
     attr_email = colander.SchemaNode(
         colander.String(),
         default='',
-        description=_('LDAP Attribute to map to email address'),
+        description=_('LDAP Attribute to map to email address (e.g., mail).\n'
+                      'Emails are a crucial part of RhodeCode. \n'
+                      'If possible add a valid email attribute to ldap users.'),
         missing='',
         preparer=strip_whitespace,
         title=_('Email Attribute'),
@@ -182,7 +191,7 @@ class AuthLdap(object):
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
                  tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
                  search_scope='SUBTREE', attr_login='uid',
-                 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))'):
+                 ldap_filter=None):
         if ldap == Missing:
             raise LdapImportError("Missing or incompatible ldap library")
 
@@ -236,14 +245,13 @@ class AuthLdap(object):
             server.start_tls_s()
 
         if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
-            log.debug('Trying simple_bind with password and given DN: %s',
+            log.debug('Trying simple_bind with password and given login DN: %s',
                       self.LDAP_BIND_DN)
             server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
 
         return server
 
     def get_uid(self, username):
-        from rhodecode.lib.helpers import chop_at
         uid = username
         for server_addr in self.SERVER_ADDRESSES:
             uid = chop_at(username, "@%s" % server_addr)
@@ -292,8 +300,11 @@ class AuthLdap(object):
                 self.BASE_DN, self.SEARCH_SCOPE, filter_)
 
             if not lobjects:
+                log.debug("No matching LDAP objects for authentication "
+                          "of UID:'%s' username:(%s)", uid, username)
                 raise ldap.NO_SUCH_OBJECT()
 
+            log.debug('Found matching ldap object, trying to authenticate')
             for (dn, _attrs) in lobjects:
                 if dn is None:
                     continue
@@ -304,15 +315,13 @@ class AuthLdap(object):
                     break
 
             else:
-                log.debug("No matching LDAP objects for authentication "
-                          "of '%s' (%s)", uid, username)
                 raise LdapPasswordError('Failed to authenticate user '
                                         'with given password')
 
         except ldap.NO_SUCH_OBJECT:
             log.debug("LDAP says no such user '%s' (%s), org_exc:",
                       uid, username, exc_info=True)
-            raise LdapUsernameError()
+            raise LdapUsernameError('Unable to find user')
         except ldap.SERVER_DOWN:
             org_exc = traceback.format_exc()
             raise LdapConnectionError(
@@ -447,7 +456,7 @@ class RhodeCodeAuthPlugin(RhodeCodeExter
                 'email': get_ldap_attr('attr_email') or email,
                 'admin': admin,
                 'active': active,
-                "active_from_extern": None,
+                'active_from_extern': None,
                 'extern_name': user_dn,
                 'extern_type': extern_type,
             }
diff --git a/rhodecode/authentication/plugins/auth_pam.py b/rhodecode/authentication/plugins/auth_pam.py
--- a/rhodecode/authentication/plugins/auth_pam.py
+++ b/rhodecode/authentication/plugins/auth_pam.py
@@ -17,6 +17,7 @@
 # This program is dual-licensed. If you wish to learn more about the
 # RhodeCode Enterprise Edition, including its added features, Support services,
 # and proprietary license terms, please see https://rhodecode.com/licenses/
+
 """
 RhodeCode authentication library for PAM
 """
@@ -29,10 +30,9 @@ import pwd
 import re
 import socket
 
-from pylons.i18n.translation import lazy_ugettext as _
-from sqlalchemy.ext.hybrid import hybrid_property
-
-from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
+from rhodecode.translation import _
+from rhodecode.authentication.base import (
+    RhodeCodeExternalAuthPlugin, hybrid_property)
 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.colander_utils import strip_whitespace
diff --git a/rhodecode/authentication/plugins/auth_rhodecode.py b/rhodecode/authentication/plugins/auth_rhodecode.py
--- a/rhodecode/authentication/plugins/auth_rhodecode.py
+++ b/rhodecode/authentication/plugins/auth_rhodecode.py
@@ -25,9 +25,8 @@ RhodeCode authentication plugin for buil
 import logging
 
 from pylons.i18n.translation import lazy_ugettext as _
-from sqlalchemy.ext.hybrid import hybrid_property
 
-from rhodecode.authentication.base import RhodeCodeAuthPluginBase
+from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.lib.utils2 import safe_str
 from rhodecode.model.db import User
diff --git a/rhodecode/authentication/plugins/auth_token.py b/rhodecode/authentication/plugins/auth_token.py
--- a/rhodecode/authentication/plugins/auth_token.py
+++ b/rhodecode/authentication/plugins/auth_token.py
@@ -24,10 +24,9 @@ RhodeCode authentication token plugin fo
 
 import logging
 
-from sqlalchemy.ext.hybrid import hybrid_property
-
 from rhodecode.translation import _
-from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
+from rhodecode.authentication.base import (
+    RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property)
 from rhodecode.authentication.routes import AuthnPluginResourceBase
 from rhodecode.model.db import User, UserApiKeys
 
diff --git a/rhodecode/authentication/schema.py b/rhodecode/authentication/schema.py
--- a/rhodecode/authentication/schema.py
+++ b/rhodecode/authentication/schema.py
@@ -40,10 +40,11 @@ class AuthnPluginSettingsSchemaBase(cola
     cache_ttl = colander.SchemaNode(
         colander.Int(),
         default=0,
-        description=_('Amount of seconds to cache the authentication '
-                      'call for this plugin. Useful for long calls like '
-                      'LDAP to improve the responsiveness of the '
-                      'authentication system (0 means disabled).'),
+        description=_('Amount of seconds to cache the authentication response'
+                      'call for this plugin. \n'
+                      'Useful for long calls like LDAP to improve the '
+                      'performance of the authentication system '
+                      '(0 means disabled).'),
         missing=0,
         title=_('Auth Cache TTL'),
         validator=colander.Range(min=0, max=None),
diff --git a/rhodecode/events/base.py b/rhodecode/events/base.py
--- a/rhodecode/events/base.py
+++ b/rhodecode/events/base.py
@@ -57,7 +57,12 @@ class RhodecodeEvent(object):
     def actor(self):
         auth_user = self.auth_user
         if auth_user:
-            return auth_user.get_instance()
+            instance = auth_user.get_instance()
+            if not instance:
+                return AttributeDict(dict(
+                    username=auth_user.username
+                ))
+
         return SYSTEM_USER
 
     @property
diff --git a/rhodecode/public/css/main-content.less b/rhodecode/public/css/main-content.less
--- a/rhodecode/public/css/main-content.less
+++ b/rhodecode/public/css/main-content.less
@@ -61,6 +61,7 @@
     .help-block {
         display: block;
         margin-left: @label-width;
+        white-space: pre;
     }
 
     .action_button {
@@ -116,7 +117,7 @@
             float: none;
             margin-left: @label-width;
 
-            .help-block{
+            .help-block {
                 margin-left: 0;
             }
         }
diff --git a/rhodecode/templates/admin/auth/plugin_settings.mako b/rhodecode/templates/admin/auth/plugin_settings.mako
--- a/rhodecode/templates/admin/auth/plugin_settings.mako
+++ b/rhodecode/templates/admin/auth/plugin_settings.mako
@@ -111,6 +111,7 @@
     $("#tls_kind").select2(select2Options);
     $("#tls_reqcert").select2(select2Options);
     $("#search_scope").select2(select2Options);
+    $("#group_extraction_type").select2(select2Options);
 });
 </script>
 </%def>