diff --git a/data/users/externalldap.py b/data/users/externalldap.py
index a059352af..6ab4b6c6b 100644
--- a/data/users/externalldap.py
+++ b/data/users/externalldap.py
@@ -66,7 +66,7 @@ class LDAPUsers(FederatedUsers):
 
   def __init__(self, ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
                allow_tls_fallback=False, secondary_user_rdns=None, requires_email=True,
-               timeout=None, network_timeout=None):
+               timeout=None, network_timeout=None, force_no_pagination=False):
     super(LDAPUsers, self).__init__('ldap', requires_email)
 
     self._ldap = LDAPConnectionBuilder(ldap_uri, admin_dn, admin_passwd, allow_tls_fallback,
@@ -76,6 +76,7 @@ class LDAPUsers(FederatedUsers):
     self._email_attr = email_attr
     self._allow_tls_fallback = allow_tls_fallback
     self._requires_email = requires_email
+    self._force_no_pagination = force_no_pagination
 
     # Note: user_rdn is a list of RDN pieces (for historical reasons), and secondary_user_rds
     # is a list of RDN strings.
@@ -291,6 +292,7 @@ class LDAPUsers(FederatedUsers):
     return (self._iterate_members(group_dn, page_size, disable_pagination), None)
 
   def _iterate_members(self, group_dn, page_size, disable_pagination):
+    has_pagination = not(self._force_no_pagination or disable_pagination)
     with self._ldap.get_connection() as conn:
       lc = ldap.controls.libldap.SimplePagedResultsControl(criticality=True, size=page_size,
                                                            cookie='')
@@ -300,24 +302,24 @@ class LDAPUsers(FederatedUsers):
 
       for user_search_dn in self._user_dns:
         # Conduct the initial search for users that are a member of the group.
-        if disable_pagination:
-          msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
-        else:
+        if has_pagination:
           msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc],
                                   attrlist=attributes)
+        else:
+          msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
 
         while True:
-          if disable_pagination:
-            _, rdata = conn.result(msgid)
-          else:
+          if has_pagination:
             _, rdata, _, serverctrls = conn.result3(msgid)
+          else:
+            _, rdata = conn.result(msgid)
 
           # Yield any users found.
           for userdata in rdata:
             yield self._build_user_information(userdata[1])
 
           # If pagination is disabled, nothing more to do.
-          if disable_pagination:
+          if not has_pagination:
             break
 
           # Filter down the controls with which the server responded, looking for the paging
diff --git a/test/test_ldap.py b/test/test_ldap.py
index 2cbd2999a..0bb05ab12 100644
--- a/test/test_ldap.py
+++ b/test/test_ldap.py
@@ -19,7 +19,7 @@ def _create_ldap(requires_email=True):
 
   ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
                    uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns,
-                   requires_email=requires_email)
+                   requires_email=requires_email, force_no_pagination=True)
   return ldap
 
 @contextmanager