diff --git a/awx/main/tests/functional/api/test_settings.py b/awx/main/tests/functional/api/test_settings.py
index afa113bb6e..5753841bd2 100644
--- a/awx/main/tests/functional/api/test_settings.py
+++ b/awx/main/tests/functional/api/test_settings.py
@@ -96,10 +96,15 @@ def test_empty_ldap_dn(get, put, patch, delete, admin, enterprise_license,
                        setting):
     url = reverse('api:setting_singleton_detail', args=('ldap',))
     Setting.objects.create(key='LICENSE', value=enterprise_license)
+
     patch(url, user=admin, data={setting: ''}, expect=200)
     resp = get(url, user=admin, expect=200)
     assert resp.data[setting] is None
 
+    patch(url, user=admin, data={setting: None}, expect=200)
+    resp = get(url, user=admin, expect=200)
+    assert resp.data[setting] is None
+
 
 @pytest.mark.django_db
 def test_radius_settings(get, put, patch, delete, admin, enterprise_license, settings):
diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index 237209a017..355e4d6af2 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -269,6 +269,7 @@ register(
     'AUTH_LDAP_USER_DN_TEMPLATE',
     field_class=fields.LDAPDNWithUserField,
     allow_blank=True,
+    allow_null=True,
     default='',
     label=_('LDAP User DN Template'),
     help_text=_('Alternative to user search, if user DNs are all of the same '
@@ -338,6 +339,7 @@ register(
     'AUTH_LDAP_REQUIRE_GROUP',
     field_class=fields.LDAPDNField,
     allow_blank=True,
+    allow_null=True,
     default='',
     label=_('LDAP Require Group'),
     help_text=_('Group DN required to login. If specified, user must be a member '
@@ -354,6 +356,7 @@ register(
     'AUTH_LDAP_DENY_GROUP',
     field_class=fields.LDAPDNField,
     allow_blank=True,
+    allow_null=True,
     default='',
     label=_('LDAP Deny Group'),
     help_text=_('Group DN denied from login. If specified, user will not be '