diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb
index 04f4c89b3..d3ede3005 100644
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -49,12 +49,13 @@ class AuthSourceLdap < AuthSource
     end
     return nil if dn.empty?
     logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
-    # authenticate user
-    ldap_con = initialize_ldap_con(dn, password)
-    return nil unless ldap_con.bind
-    # return user's attributes
-    logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
-    attrs    
+
+    if authenticate_dn(dn, password)
+      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
+      return attrs
+    else
+      return nil
+    end
   rescue  Net::LDAP::LdapError => text
     raise "LdapError: " + text
   end
@@ -96,6 +97,12 @@ class AuthSourceLdap < AuthSource
      :auth_source_id => self.id
     ]
   end
+
+  # Check if a DN (user record) authenticates with the password
+  def authenticate_dn(dn, password)
+    ldap_con = initialize_ldap_con(dn, password)
+    return ldap_con.bind
+  end
   
   def self.get_attr(entry, attr_name)
     if !attr_name.blank?