diff --git a/inc/inc.ClassLdapAuthentication.php b/inc/inc.ClassLdapAuthentication.php
index 504c9a8fb..987a6a4e9 100644
--- a/inc/inc.ClassLdapAuthentication.php
+++ b/inc/inc.ClassLdapAuthentication.php
@@ -153,7 +153,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 			 * address.
 			 */
 			if ($bind) {
-				if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
+				if (!empty($settings->_ldapFilter)) {
 					$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
 				} else {
 					$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username);
@@ -168,18 +168,25 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 
 			/* If the previous bind failed, try it with the users creditionals
 			 * by simply setting $dn to a guessed dn (see above)
-			 * FIXME: This is probably a bad idea because users filtered out
+			 * Don't do this if a filter is set because users filtered out
 			 * may still be able to authenticate, because $tmpDN could be a
-			 * valid DN. Example: if baseDN is 'dc=seeddms,dc=org' and the
+			 * valid DN which do not match the filter criteria.
+			 * Example: if baseDN is 'dc=seeddms,dc=org' and the
 			 * user 'test' logs in, then $tmpDN will be 'uid=test,dc=seeddms,dc=org'
 			 * If that user was filtered out, because filter was set to '(mail=*)'
 			 * and the user doesn't have a mail address, then $dn will not be
 			 * set and $tmpDN will be used instead, allowing a successfull bind.
 			 */
-			if (is_bool($dn)) {
+			if (is_bool($dn) && empty($settings->_ldapFilter)) {
 				$dn = $tmpDN;
 			}
 
+			/* Without a dn don't even try to bind. It won't work anyway */
+			if(!$dn) {
+				ldap_close($ds);
+				return null;
+			}
+
 			/* Check if user already exists in the database. Return with an error
 			 * only if the sql statements fails, but not if no user was found.
 			 */
@@ -193,7 +200,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 			$bind = @ldap_bind($ds, $dn, $password);
 			if (!$bind) {
 				ldap_close($ds);
-				return false;
+				return null;
 			}
 
 			// Successfully authenticated. Now check to see if the user exists within