diff --git a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/LDAPUserVerifier.java b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/LDAPUserVerifier.java
index a9ca2ed..54591cf 100644
--- a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/LDAPUserVerifier.java
+++ b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/LDAPUserVerifier.java
@@ -22,11 +22,18 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.commons.lang.StringUtils;
 import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
+import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
 import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
+import org.eclipse.emf.emfstore.internal.server.core.MonitorProvider;
 import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
+import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
+import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.AccesscontrolFactory;
 import org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider;
 
+import com.google.common.base.Optional;
+
 /**
  * Verifies user name/password using LDAP.
  *
@@ -42,6 +49,7 @@
 	private static final String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory"; //$NON-NLS-1$
 	private final String authUser;
 	private final String authPassword;
+	private final ESOrgUnitProvider orgUnitProvider;
 
 	/**
 	 * Default constructor.
@@ -59,6 +67,7 @@
 	public LDAPUserVerifier(ESOrgUnitProvider orgUnitProvider,
 		String ldapUrl, String ldapBase, String searchDn, String authUser, String authPassword) {
 		super(orgUnitProvider);
+		this.orgUnitProvider = orgUnitProvider;
 		this.ldapUrl = ldapUrl;
 		this.ldapBase = ldapBase;
 		this.searchDn = searchDn;
@@ -200,4 +209,31 @@
 
 	}
 
+	@Override
+	protected ACUser findUser(String username) throws AccessControlException {
+		final Boolean ignoreCase = Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(
+			ServerConfiguration.AUTHENTICATION_MATCH_USERS_IGNORE_CASE, Boolean.FALSE.toString()));
+
+		final Boolean createAuthenticatedUsers = Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(
+			ServerConfiguration.AUTHENTICATION_CREATE_AUTHENTICATED_USERS, Boolean.FALSE.toString()));
+
+		synchronized (MonitorProvider.getInstance().getMonitor()) {
+			final Optional<ACUser> user = findExistingUser(orgUnitProvider, username, ignoreCase);
+
+			if (user.isPresent()) {
+				return user.get();
+			}
+
+			if (createAuthenticatedUsers) {
+				final ACUser acUser = AccesscontrolFactory.eINSTANCE.createACUser();
+				acUser.setName(username);
+				acUser.setDescription(StringUtils.EMPTY);
+				orgUnitProvider.addUser(acUser.toAPI());
+				return acUser;
+			}
+
+			throw new AccessControlException();
+		}
+	}
+
 }
diff --git a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/UserVerifier.java b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/UserVerifier.java
index a234e77..d536c74 100644
--- a/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/UserVerifier.java
+++ b/bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/UserVerifier.java
@@ -13,7 +13,6 @@
 
 import java.util.Set;
 
-import org.apache.commons.lang.StringUtils;
 import org.eclipse.emf.emfstore.internal.common.APIUtil;
 import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
 import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
@@ -21,12 +20,13 @@
 import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
 import org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation;
 import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
-import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.AccesscontrolFactory;
 import org.eclipse.emf.emfstore.server.model.ESAuthenticationInformation;
 import org.eclipse.emf.emfstore.server.model.ESClientVersionInfo;
 import org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider;
 import org.eclipse.emf.emfstore.server.model.ESUser;
 
+import com.google.common.base.Optional;
+
 /**
  * @author emueller
  *
@@ -95,32 +95,40 @@
 		final Boolean ignoreCase = Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(
 			ServerConfiguration.AUTHENTICATION_MATCH_USERS_IGNORE_CASE, Boolean.FALSE.toString()));
 
-		final Boolean createAuthenticatedUsers = Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(
-			ServerConfiguration.AUTHENTICATION_CREATE_AUTHENTICATED_USERS, Boolean.FALSE.toString()));
-
 		synchronized (MonitorProvider.getInstance().getMonitor()) {
-			final Set<ESUser> users = orgUnitProvider.getUsers();
-			final Set<ACUser> internal = APIUtil.toInternal(users);
-			for (final ACUser user : internal) {
-				if (ignoreCase) {
-					if (user.getName().equalsIgnoreCase(username)) {
-						return user;
-					}
-				} else {
-					if (user.getName().equals(username)) {
-						return user;
-					}
-				}
-			}
-			if (createAuthenticatedUsers) {
-				final ACUser acUser = AccesscontrolFactory.eINSTANCE.createACUser();
-				acUser.setName(username);
-				acUser.setDescription(StringUtils.EMPTY);
-				orgUnitProvider.addUser(acUser.toAPI());
-				return acUser;
+			final Optional<ACUser> user = findExistingUser(orgUnitProvider, username, ignoreCase);
+			if (user.isPresent()) {
+				return user.get();
 			}
 			throw new AccessControlException();
 		}
 	}
 
+	/**
+	 * Checks the given {@link ESOrgUnitProvider} to find a user with the given username.
+	 *
+	 * @param orgUnitProvider the provider
+	 * @param username the username to find
+	 * @param ignoreCase <code>true</code> if the username is not case-sensitive, <code>false</code> otherwise
+	 * @return the user, if found
+	 * @since 1.8.1
+	 */
+	protected static final Optional<ACUser> findExistingUser(ESOrgUnitProvider orgUnitProvider, String username,
+		final Boolean ignoreCase) {
+		final Set<ESUser> users = orgUnitProvider.getUsers();
+		final Set<ACUser> internal = APIUtil.toInternal(users);
+		for (final ACUser user : internal) {
+			if (ignoreCase) {
+				if (user.getName().equalsIgnoreCase(username)) {
+					return Optional.of(user);
+				}
+			} else {
+				if (user.getName().equals(username)) {
+					return Optional.of(user);
+				}
+			}
+		}
+		return Optional.absent();
+	}
+
 }
diff --git a/tests/org.eclipse.emf.emfstore.server.test/src/org/eclipse/emf/emfstore/server/accesscontrol/test/AutoCreateACUserTestTest.java b/tests/org.eclipse.emf.emfstore.server.test/src/org/eclipse/emf/emfstore/server/accesscontrol/test/AutoCreateACUserTestTest.java
index d8a5a64..4cbfc67 100644
--- a/tests/org.eclipse.emf.emfstore.server.test/src/org/eclipse/emf/emfstore/server/accesscontrol/test/AutoCreateACUserTestTest.java
+++ b/tests/org.eclipse.emf.emfstore.server.test/src/org/eclipse/emf/emfstore/server/accesscontrol/test/AutoCreateACUserTestTest.java
@@ -11,20 +11,19 @@
  ******************************************************************************/
 package org.eclipse.emf.emfstore.server.accesscontrol.test;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
 import java.util.LinkedHashMap;
 import java.util.Map;
 
 import org.eclipse.emf.emfstore.client.test.common.cases.ESTestWithLoggedInUserMock;
-import org.eclipse.emf.emfstore.client.test.common.util.ServerUtil;
 import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
-import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
 import org.eclipse.emf.emfstore.server.exceptions.ESException;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+/**
+ * Assert that it is not possible to log in without password when auto-create authenticated users is set to true outside
+ * of LDAP auth.
+ */
 public class AutoCreateACUserTestTest extends ESTestWithLoggedInUserMock {
 
 	private static final String NOT_EXISTING_USER_NAME = "FOO_USER"; //$NON-NLS-1$
@@ -40,13 +39,9 @@
 		startEMFStoreWithAutoCreateProperty();
 	}
 
-	@Test
+	@Test(expected = ESException.class)
 	public void testAutoCreateACUser() throws ESException {
 		/* act */
 		getServer().login(NOT_EXISTING_USER_NAME, ""); //$NON-NLS-1$
-		/* assert */
-		final ACUser user = ServerUtil.getUser(getUsersession(), NOT_EXISTING_USER_NAME);
-		assertNotNull(user);
-		assertEquals(NOT_EXISTING_USER_NAME, user.getName());
 	}
 }