diff --git a/tests/test_session.py b/tests/test_session.py
index d3e00d7acbb189c7a6ec3016e9ea860ca792913f..70e32882702ea671c40819a3420dd9d5c35aa1f9 100644
--- a/tests/test_session.py
+++ b/tests/test_session.py
@@ -75,7 +75,6 @@ class TestSession(UffdTestCase):
 		self.assertEqual(r.status_code, 200)
 		self.assertLogout()
 
-	@unittest.skip('See #27')
 	def test_empty_password(self):
 		r = self.client.post(path=url_for('session.login'),
 			data={'loginname': 'testuser', 'password': ''}, follow_redirects=True)
diff --git a/uffd/ldap/ldap.py b/uffd/ldap/ldap.py
index 6e2f40dd0b508b184c5aae741b34b73598a37ef4..880e86ad0984bcccc99cd06d06037ac315158f9d 100644
--- a/uffd/ldap/ldap.py
+++ b/uffd/ldap/ldap.py
@@ -2,7 +2,7 @@ import string
 
 from flask import Blueprint, current_app
 from ldap3.utils.conv import escape_filter_chars
-from ldap3.core.exceptions import LDAPBindError, LDAPCursorError
+from ldap3.core.exceptions import LDAPBindError, LDAPCursorError, LDAPPasswordIsMandatoryError
 
 from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, MOCK_SYNC
 
@@ -45,13 +45,16 @@ def user_conn(loginname, password):
 		# implementation just compares the string in the objects's userPassword
 		# field with the password, no support for hashing or OpenLDAP-style
 		# password-prefixes ("{PLAIN}..." or "{ssha512}...").
-		if not conn.rebind(loginname_to_dn(loginname), password):
+		try:
+			if not conn.rebind(loginname_to_dn(loginname), password):
+				return False
+		except (LDAPBindError, LDAPPasswordIsMandatoryError):
 			return False
 		return get_mock_conn()
 	server = Server(current_app.config["LDAP_SERVICE_URL"], get_info=ALL)
 	try:
 		return fix_connection(Connection(server, loginname_to_dn(loginname), password, auto_bind=True))
-	except LDAPBindError:
+	except (LDAPBindError, LDAPPasswordIsMandatoryError):
 		return False
 
 def get_conn():