diff --git a/modules/ldap/lib/ConfigHelper.php b/modules/ldap/lib/ConfigHelper.php
index 7fc63ba2f1989fdc7a96f83f999ddfe89be81018..fea883ea50cb583a8bcfe56c95facf4dd42c53a1 100644
--- a/modules/ldap/lib/ConfigHelper.php
+++ b/modules/ldap/lib/ConfigHelper.php
@@ -167,6 +167,11 @@ class sspmod_ldap_ConfigHelper {
 		assert('is_string($username)');
 		assert('is_string($password)');
 
+		if (empty($password)) {
+			SimpleSAML_Logger::info($this->location . ': Login with empty password disallowed.');
+			throw new SimpleSAML_Error_Error('WRONGUSERPASS');
+		}
+
 		$ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout);
 
 		if (!$this->searchEnable) {