diff --git a/test/test_ldap.py b/test/test_ldap.py
index 46085fb54..4e35fd667 100644
--- a/test/test_ldap.py
+++ b/test/test_ldap.py
@@ -211,6 +211,31 @@ class TestLDAP(unittest.TestCase):
       (response, _) = ldap.confirm_existing_user('someuser', 'somepass')
       self.assertEquals(response.username, 'someuser')
 
+  def test_login_empty_password(self):
+    with mock_ldap() as ldap:
+      # Verify we cannot login.
+      (response, err_msg) = ldap.verify_and_link_user('someuser', '')
+      self.assertIsNone(response)
+      self.assertEquals(err_msg, 'Anonymous binding not allowed')
+
+      # Verify we cannot confirm the user.
+      (response, err_msg) = ldap.confirm_existing_user('someuser', '')
+      self.assertIsNone(response)
+      self.assertEquals(err_msg, 'Invalid user')
+
+  def test_login_whitespace_password(self):
+    with mock_ldap() as ldap:
+      # Verify we cannot login.
+      (response, err_msg) = ldap.verify_and_link_user('someuser', '    ')
+      self.assertIsNone(response)
+      self.assertEquals(err_msg, 'Invalid password')
+
+      # Verify we cannot confirm the user.
+      (response, err_msg) = ldap.confirm_existing_user('someuser', '    ')
+      self.assertIsNone(response)
+      self.assertEquals(err_msg, 'Invalid user')
+
+
   def test_login_secondary(self):
     with mock_ldap() as ldap:
       # Verify we can login.