--- proftpd-dfsg-1.3.2e/contrib/mod_ldap.c.orig	2010-04-06 17:24:00.065027336 +0100
+++ proftpd-dfsg-1.3.2e/contrib/mod_ldap.c	2010-04-06 17:19:38.737029792 +0100
@@ -978,15 +978,21 @@
   }
 
   pw = pr_ldap_getpwnam(cmd->tmp_pool, cmd->argv[0]);
-  if (pw) {
-    gr = pr_ldap_getgrgid(cmd->tmp_pool, pw->pw_gid);
-    if (gr) {
-      pr_log_debug(DEBUG3, MOD_LDAP_VERSION ": adding user %s primary group %s/%lu", pw->pw_name, gr->gr_name, (unsigned long)pw->pw_gid);
-      *((gid_t *) push_array(gids))   = pw->pw_gid;
-      *((char **) push_array(groups)) = pstrdup(session.pool, gr->gr_name);
-    } else {
-      pr_log_debug(DEBUG3, MOD_LDAP_VERSION ": couldn't determine group name for user %s primary group %lu, skipping.", pw->pw_name, (unsigned long)pw->pw_gid);
-    }
+  /* If the user lookup fails, there is no point at looking at the groups */
+  if (!pw) {
+    pr_log_pri(PR_LOG_ERR, MOD_LDAP_VERSION ": ldap_handle_getgroups(): Invalid user %s or authentication filter",
+               cmd->argv[0]);
+
+    goto return_groups;
+  }
+
+  gr = pr_ldap_getgrgid(cmd->tmp_pool, pw->pw_gid);
+  if (gr) {
+    pr_log_debug(DEBUG3, MOD_LDAP_VERSION ": adding user %s primary group %s/%lu", pw->pw_name, gr->gr_name, (unsigned long)pw->pw_gid);
+    *((gid_t *) push_array(gids))   = pw->pw_gid;
+    *((char **) push_array(groups)) = pstrdup(session.pool, gr->gr_name);
+  } else {
+    pr_log_debug(DEBUG3, MOD_LDAP_VERSION ": couldn't determine group name for user %s primary group %lu, skipping.", pw->pw_name, (unsigned long)pw->pw_gid);
   }
 
   if (!ldap_gid_basedn) {
@@ -1047,7 +1053,7 @@
       continue;
     }
 
-    if (!pw || strtoul(LDAP_VALUE(gidNumber, 0), (char **)NULL, 10) != pw->pw_gid) {
+    if (strtoul(LDAP_VALUE(gidNumber, 0), (char **)NULL, 10) != pw->pw_gid) {
       *((gid_t *) push_array(gids)) =
         strtoul(LDAP_VALUE(gidNumber, 0), (char **)NULL, 10);
       *((char **) push_array(groups)) = pstrdup(session.pool, LDAP_VALUE(cn, 0));