--- paloSantoACL.class.php.dist	2021-12-29 17:07:10.980191846 +0100
+++ paloSantoACL.class.php	2021-12-29 17:31:25.478250842 +0100
@@ -802,6 +802,9 @@
         $pass = trim($pass);
         //$pass = md5($pass);
 
+        // Modify this test so we can check for existacne of a user in the DB, effectively decoupling
+        // user existance and password check.
+        //
         if ($this->_DB->connStatus) {
             return FALSE;
         } else {
@@ -810,20 +813,55 @@
             if($user == "" or $pass == "") {
                 $this->errMsg = PALOACL_MSG_ERROR_1;
                 return FALSE;
-            } else if (!preg_match("/^[[:alnum:]]{32}$/", $pass)) {
-                $this->errMsg = PALOACL_MSG_ERROR_3;
-                return FALSE;
             }
 
-            $sql = "SELECT name FROM acl_user WHERE name = ? AND md5_password = ?";
-            $arr = $this->_DB->fetchTable($sql, FALSE, array($user, $pass));
-            if (is_array($arr)) {
-                return (count($arr) > 0);
-            } else {
+            $sql = "SELECT name FROM acl_user WHERE name = ?";
+            $arr = $this->_DB->fetchTable($sql, FALSE, array($user));
+            if ((is_array($arr)) && (count($arr) == 0)) {
                 $this->errMsg = $this->_DB->errMsg;
                 return FALSE;
             }
         }
+
+        // First example, we try to auth against AD.
+        //
+        $ad_server ="ldap://bpdc1fvg.fvg.ad.lnf.it/ ldap://bpdc1fvg.fvg.ad.lnf.it/";
+        $ad_nisdom = "LNF_FVG";
+        $ldapconn = ldap_connect($ad_server);
+        if ( $ldapconn ) {
+          ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+          $ldapbind = ldap_bind($ldapconn, $ad_nisdom . "\\" . $user, $pass);
+          if ( $ldapbind ) {
+            ldap_unbind($ldapconn);
+            return TRUE;
+          }
+        }
+
+        //// Another example, connection to an IMAP/POP server.
+        ////
+        //$imap_server = "{imap.pp.lnf.it:993/imap/ssl/novalidate-cert}";
+        //$mbox = imap_open($imap_server, $user, $pass);
+        //if ( $mbox ) {
+        //  imap_close($mbox);
+        //  return TRUE;
+        //}
+
+        // Auth agains the DB, the last one.
+        //
+        $pass = md5($pass);
+        if (!preg_match("/^[[:alnum:]]{32}$/", $pass)) {
+          $this->errMsg = PALOACL_MSG_ERROR_3;
+          return FALSE;
+        }
+
+        $sql = "SELECT name FROM acl_user WHERE name = ? AND md5_password = ?";
+        $arr = $this->_DB->fetchTable($sql, FALSE, array($user, $pass));
+        if (is_array($arr)) {
+          return (count($arr) > 0);
+        } else {
+          $this->errMsg = $this->_DB->errMsg;
+          return FALSE;
+        }
     }
 
     function saveGroupPermission($idGroup, $resources)