diff -r dfb257df7fe3 MoinMoin/auth/ldap_login.py
--- a/MoinMoin/auth/ldap_login.py	Mon Feb 04 14:35:21 2008 +0100
+++ b/MoinMoin/auth/ldap_login.py	Sat Feb 09 00:41:07 2008 +0100
@@ -19,7 +19,6 @@ import ldap
 import ldap
 
 from MoinMoin import user
-
 
 def ldap_login(request, **kw):
     """ get authentication data from form, authenticate against LDAP (or Active
@@ -72,6 +71,7 @@ def ldap_login(request, **kw):
                         ldap.set_option(option, value)
 
             server = cfg.ldap_uri
+            ldap_base = cfg.ldap_base
             if verbose: request.log("LDAP: Trying to initialize %r." % server)
             l = ldap.initialize(server)
             if verbose: request.log("LDAP: Connected to LDAP server %r." % server)
@@ -88,7 +88,20 @@ def ldap_login(request, **kw):
             # you can use %(username)s and %(password)s here to get the stuff entered in the form:
             ldap_binddn = cfg.ldap_binddn % locals()
             ldap_bindpw = cfg.ldap_bindpw % locals()
-            l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding))
+            # searching if the user is defined in subtree of ldap_base
+            try:
+                ldap_search = l.search_s(ldap_base, ldap.SCOPE_SUBTREE, 'uid=%s' % ldap_binddn.encode(coding))
+                ldap_dn, attrs = ldap_search[0][0], ldap_search[0][1]
+            # ToDo find the right exception 
+            except:
+                request.log("LDAP: invalid credentials (wrong password?) for dn %r (username: %r)" % (server, ldap_binddn))
+            # check if the given password belongs to the user
+            try:
+                l.bind_s(ldap_dn, ldap_bindpw.encode(coding))
+            except:
+                request.log("LDAP: invalid credentials (wrong password?) for dn %r (username: %r)" % (server, ldap_binddn))
+
+            #l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding))
             if verbose: request.log("LDAP: Bound with binddn %r" % ldap_binddn)
 
             # you can use %(username)s here to get the stuff entered in the form:
