diff --git a/lib/ldap_fluff/ldap_fluff.rb b/lib/ldap_fluff/ldap_fluff.rb
index 5bd8dc1..e550a4e 100644
--- a/lib/ldap_fluff/ldap_fluff.rb
+++ b/lib/ldap_fluff/ldap_fluff.rb
@@ -23,7 +23,12 @@ def initialize(config=nil)
   # return true if the user password combination
   # authenticates the user, otherwise false
   def authenticate?(uid, password)
-    @ldap.bind? uid, password
+    if password.nil? || password.empty?
+      # protect against passwordless auth from ldap server
+      return false
+    else
+      @ldap.bind? uid, password
+    end
   end
 
   # return a list[] of groups for a given uid