diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
index da6ece3100..277b363113 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -30,6 +30,7 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 
 /**
@@ -68,6 +69,12 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
         String username = authentication.getName();
         String password = (String)authentication.getCredentials();
 
+        if (!StringUtils.hasLength(password)) {
+            logger.debug("Rejecting empty password for user " + username);
+            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword",
+                    "Empty Password"));
+        }
+
         // If DN patterns are configured, try authenticating with them directly
         for (String dn : getUserDns(username)) {
             user = bindWithDn(dn, username, password);
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
index 5ccc193548..f304f620d6 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -246,12 +246,6 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
         String password = (String) authentication.getCredentials();
         Assert.notNull(password, "Null password was supplied in authentication token");
 
-        if (password.length() == 0) {
-            logger.debug("Rejecting empty password for user " + username);
-            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword",
-                    "Empty Password"));
-        }
-
         try {
             DirContextOperations userData = getAuthenticator().authenticate(authentication);
 
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
index 22369cc051..c89485d5b7 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -15,19 +15,17 @@
 
 package org.springframework.security.ldap.authentication;
 
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.ldap.AbstractLdapIntegrationTests;
-import org.springframework.security.ldap.authentication.BindAuthenticator;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import org.junit.Test;
 
 /**
  * Tests for {@link BindAuthenticator}.
@@ -53,6 +51,11 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
 
     }
 
+    @Test(expected=BadCredentialsException.class)
+    public void emptyPasswordIsRejected() {
+        authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
+    }
+
     @Test
     public void testAuthenticationWithCorrectPasswordSucceeds() {
         authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
index a120a140ae..286f4ac03b 100644
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -82,12 +82,6 @@ public class LdapAuthenticationProviderTests {
         } catch (BadCredentialsException expected) {}
     }
 
-    @Test(expected=BadCredentialsException.class)
-    public void emptyPasswordIsRejected() {
-        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
-        ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
-    }
-
     @Test(expected=BadCredentialsException.class)
     public void usernameNotFoundExceptionIsHiddenByDefault() {
         final LdapAuthenticator authenticator = jmock.mock(LdapAuthenticator.class);