diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index 37ba20ae6c09e..94562723fa9b5 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -56,7 +56,7 @@ type backend struct {
 	*framework.Backend
 }
 
-func (b *backend) Login(ctx context.Context, req *logical.Request, username string, password string) (string, []string, *logical.Response, []string, error) {
+func (b *backend) Login(ctx context.Context, req *logical.Request, username string, password string, usernameAsAlias bool) (string, []string, *logical.Response, []string, error) {
 	cfg, err := b.Config(ctx, req)
 	if err != nil {
 		return "", nil, nil, nil, err
@@ -195,12 +195,15 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 	// Policies from each group may overlap
 	policies = strutil.RemoveDuplicates(policies, true)
 
-	entityAliasAttribute, err := ldapClient.GetUserAliasAttributeValue(cfg.ConfigEntry, c, username)
-	if err != nil {
-		return "", nil, logical.ErrorResponse(err.Error()), nil, nil
-	}
-	if entityAliasAttribute == "" {
-		return "", nil, logical.ErrorResponse("missing entity alias attribute value"), nil, nil
+	entityAliasAttribute := username
+	if !usernameAsAlias {
+		entityAliasAttribute, err = ldapClient.GetUserAliasAttributeValue(cfg.ConfigEntry, c, username)
+		if err != nil {
+			return "", nil, logical.ErrorResponse(err.Error()), nil, nil
+		}
+		if entityAliasAttribute == "" {
+			return "", nil, logical.ErrorResponse("missing entity alias attribute value"), nil, nil
+		}
 	}
 
 	return entityAliasAttribute, policies, ldapResponse, allGroups, nil
diff --git a/builtin/credential/ldap/path_login.go b/builtin/credential/ldap/path_login.go
index 49c0cfe9d8fb1..67303911e5a17 100644
--- a/builtin/credential/ldap/path_login.go
+++ b/builtin/credential/ldap/path_login.go
@@ -73,7 +73,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
 	username := d.Get("username").(string)
 	password := d.Get("password").(string)
 
-	effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password)
+	effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
 	// Handle an internal error
 	if err != nil {
 		return nil, err
@@ -103,10 +103,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
 		},
 	}
 
-	if cfg.UsernameAsAlias {
-		auth.Alias.Name = username
-	}
-
 	cfg.PopulateTokenAuth(auth)
 
 	// Add in configured policies from mappings
@@ -139,7 +135,7 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
 	username := req.Auth.Metadata["username"]
 	password := req.Auth.InternalData["password"].(string)
 
-	_, loginPolicies, resp, groupNames, err := b.Login(ctx, req, username, password)
+	_, loginPolicies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
 	if err != nil || (resp != nil && resp.IsError()) {
 		return resp, err
 	}