diff --git a/awx/sso/tests/unit/test_ldap.py b/awx/sso/tests/unit/test_ldap.py
index 48dd3e30e2..0a50871650 100644
--- a/awx/sso/tests/unit/test_ldap.py
+++ b/awx/sso/tests/unit/test_ldap.py
@@ -1,6 +1,7 @@
 import ldap
 
 from awx.sso.backends import LDAPSettings
+from awx.sso.validators import validate_ldap_filter
 
 
 def test_ldap_default_settings(mocker):
@@ -19,3 +20,7 @@ def test_ldap_default_network_timeout(mocker):
             ldap.OPT_REFERRALS: 0,
             ldap.OPT_NETWORK_TIMEOUT: 30
         }
+
+
+def test_ldap_filter_validator():
+    validate_ldap_filter('(test-uid=%(user)s)', with_user=True)
diff --git a/awx/sso/validators.py b/awx/sso/validators.py
index dd1086a426..7e89958236 100644
--- a/awx/sso/validators.py
+++ b/awx/sso/validators.py
@@ -47,7 +47,7 @@ def validate_ldap_filter(value, with_user=False):
         dn_value = value.replace('%(user)s', 'USER')
     else:
         dn_value = value
-    if re.match(r'^\([A-Za-z0-9]+?=[^()]+?\)$', dn_value):
+    if re.match(r'^\([A-Za-z0-9-]+?=[^()]+?\)$', dn_value):
         return
     elif re.match(r'^\([&|!]\(.*?\)\)$', dn_value):
         try: