diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php
index b106079f8201e00a9e09795205afd290564d55ea..3a3679d7e493641b1af24c221eb43362f3d6300b 100644
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -605,7 +605,6 @@ class SimpleSAML_Auth_LDAP {
          * These characters are escaped by prefixing them with '\'.
          */
         $username = addcslashes($username, ',+"\\<>;*');
-        $password = addcslashes($password, ',+"\\<>;*');
 
         if (isset($config['priv_user_dn'])) {
             $this->bind($config['priv_user_dn'], $config['priv_user_pw']);
@@ -617,6 +616,8 @@ class SimpleSAML_Auth_LDAP {
         }
 
         if ($password !== null) { // checking users credentials ... assuming below that she may read her own attributes ...
+            // escape characters with a special meaning, also in the password
+            $password = addcslashes($password, ',+"\\<>;*');
             if (!$this->bind($dn, $password)) {
                 SimpleSAML\Logger::info('Library - LDAP validate(): Failed to authenticate \''. $username . '\' using DN \'' . $dn . '\'');
                 return FALSE;