Index: simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php
===================================================================
--- simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php	(revision 75862)
+++ simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php	(working copy)
@@ -16,6 +16,8 @@
 	 * A LDAP configuration object.
 	 */
 	private $ldapConfig;
+	private $ldap;
+	private $config;
 
 
 	/**
@@ -33,22 +35,22 @@
 
 		$this->ldapConfig = new sspmod_ldap_ConfigHelper($config,
 			'Authentication source ' . var_export($this->authId, TRUE));
+		$this->ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enableTLS'], $config['debug'], $config['timeout']);
+		$this->ldap->bind($config['search.username'], $config['search.password']);
+		$this->config = $config;
 	}
 
 
 	/**
-	 * Attempt to log in using the given username and password.
+	 * Check if login might be possible.
 	 *
 	 * @param string $username  The username the user wrote.
-	 * @param string $password  The password the user wrote.
-	 * param array $sasl_arg  Associative array of SASL options
-	 * @return array  Associative array with the users attributes.
 	 */
-	protected function login($username, $password, array $sasl_args = NULL) {
+	private function is_login_possible($username) {
 		assert('is_string($username)');
-		assert('is_string($password)');
-		
-		$attributes = $this->ldapConfig->login($username, $password, $sasl_args);
+
+		$user_dn = $this->ldap->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE);
+		$attributes = $this->ldap->getAttributes($user_dn);
 		SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true));
 
 		$the_time = time();
@@ -123,6 +125,26 @@
 		}
 		// ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway
 
+		return TRUE;
+	}
+
+
+	/**
+	 * Attempt to log in using the given username and password.
+	 *
+	 * @param string $username  The username the user wrote.
+	 * @param string $password  The password the user wrote.
+	 * param array $sasl_arg  Associative array of SASL options
+	 * @return array  Associative array with the users attributes.
+	 */
+	protected function login($username, $password, array $sasl_args = NULL) {
+		assert('is_string($username)');
+		assert('is_string($password)');
+
+		$this->is_login_possible($username);
+
+		$attributes = $this->ldapConfig->login($username, $password, $sasl_args);
+
 		return $attributes;
 	}