diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
index 08b21839f..0bc8d403c 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@@ -369,7 +369,10 @@ class LDAP extends Base implements IAuthConnector
     {
         // todo: implement SSL parts (legacy : ldap_setup_caenv)
         // authenticate user
-        if (array_key_exists($username, $this->userDNmap)) {
+        if (empty($password)) {
+            // prevent anonymous bind
+            return false;
+        } elseif (array_key_exists($username, $this->userDNmap)) {
             // we can map $username to distinguished name, just feed to connect
             $ldap_is_connected = $this->connect($this->ldapBindURL, $this->userDNmap[$username], $password);
             return $ldap_is_connected;