diff --git a/src/ui/auth/ldap/ldap.go b/src/ui/auth/ldap/ldap.go
index 235013c3d..6b8942176 100644
--- a/src/ui/auth/ldap/ldap.go
+++ b/src/ui/auth/ldap/ldap.go
@@ -36,6 +36,10 @@ const metaChars = "&|!=~*<>()"
 func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 
 	p := m.Principal
+	if len(strings.TrimSpace(p)) == 0 {
+		log.Debugf("LDAP authentication failed for empty user id.")
+		return nil, nil
+	}
 	for _, c := range metaChars {
 		if strings.ContainsRune(p, c) {
 			return nil, fmt.Errorf("the principal contains meta char: %q", c)
diff --git a/src/ui/auth/ldap/ldap_test.go b/src/ui/auth/ldap/ldap_test.go
index e979c9d11..6563f4f68 100644
--- a/src/ui/auth/ldap/ldap_test.go
+++ b/src/ui/auth/ldap/ldap_test.go
@@ -131,4 +131,13 @@ func TestAuthenticate(t *testing.T) {
 	if user != nil {
 		t.Errorf("Nil user expected for wrong password")
 	}
+	person.Principal = ""
+	person.Password = ""
+	user, err = auth.Authenticate(person)
+	if err != nil {
+		t.Errorf("unexpected ldap error: %v", err)
+	}
+	if user != nil {
+		t.Errorf("Nil user for empty credentials")
+	}
 }