diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
index 23011f9911b9e68cdfda429603ee7c7ae41e993a..052458cfa709cf1fd76bb0c10394ed08904e6346 100755
--- a/misc/pam_authentication/ldap_authentication.sh
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -32,8 +32,8 @@
 exe_dir=$(dirname "$0")
 . "$exe_dir/ldap.env"
 LDAPTLS_REQCERT="${LDAP_TLS_REQCERT:-hard}"
-BIND_DN_PATTERN="${BIND_DN_PATTERN:-'cn=${USER_NAME},${USER_BASE}'}"
-WHO_AM_I_PATTERN="${WHO_AM_I_PATTERN:-'dn:${USER_NAME},${USER_BASE}'}"
+BIND_DN_PATTERN="${BIND_DN_PATTERN:-"cn=\${USER_NAME},\${USER_BASE}"}"
+WHO_AM_I_PATTERN="${WHO_AM_I_PATTERN:-"dn:cn=\${USER_NAME},\${USER_BASE}"}"
 
 # If the second argument is empty or "-", take password from stdin, else use the argument as a file.
 testpw() {
@@ -56,6 +56,8 @@ testpw() {
     elif [ "$result" = "$who_am_i" ] ; then
         return 0
     fi
+    echo "result : $result"
+    echo "pattern: $who_am_i"
     return 1
 
 }