diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
index 3f7e0dd3c8..d78c0f403d 100644
--- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
@@ -21,11 +21,13 @@ import org.acegisecurity.ldap.LdapUserInfo;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.User;
 import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.BadCredentialsException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import javax.naming.directory.Attributes;
 
@@ -141,6 +143,12 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
     }
 
     protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+        if(!StringUtils.hasLength(username)) {
+            throw new BadCredentialsException(messages.getMessage(
+                "LdapAuthenticationProvider.emptyUsername",
+                "Empty Username"));
+        }
+
         if (logger.isDebugEnabled()) {
             logger.debug("Retrieving user " + username);
         }
diff --git a/core/src/main/resources/org/acegisecurity/messages.properties b/core/src/main/resources/org/acegisecurity/messages.properties
index 921247d52d..90de5e78e4 100644
--- a/core/src/main/resources/org/acegisecurity/messages.properties
+++ b/core/src/main/resources/org/acegisecurity/messages.properties
@@ -37,9 +37,11 @@ SwitchUserProcessingFilter.disabled=User is disabled
 SwitchUserProcessingFilter.expired=User account has expired
 SwitchUserProcessingFilter.credentialsExpired=User credentials have expired
 AbstractAccessDecisionManager.accessDenied=Access is denied
+LdapAuthenticationProvider.emptyUsername=Empty username not allowed
 DefaultIntitalDirContextFactory.communicationFailure=Unable to connect to LDAP server
 DefaultIntitalDirContextFactory.badCredentials=Bad credentials
 DefaultIntitalDirContextFactory.unexpectedException=Failed to obtain InitialDirContext due to unexpected exception
 PasswordComparisonAuthenticator.badCredentials=Bad credentials
 BindAuthenticator.badCredentials=Bad credentials
 BindAuthenticator.failedToLoadAttributes=Bad credentials
+