Index: auth.php
===================================================================
--- auth.php	(.../upstream/MOODLE_19_STABLE/auth/ldap/auth.php)	(revision 767)
+++ auth.php	(.../trunk/auth/ldap/auth.php)	(revision 767)
@@ -163,7 +163,18 @@
             // Try to bind with current username and password
             $ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, $extpassword);
             ldap_close($ldapconnection);
+
             if ($ldap_login) {
+                // make sure that input user name is same as one in LDAP.
+                $user_dn = $textlib->convert(stripslashes($ldap_user_dn),
+                    $this->config->ldapencoding, 'utf-8');
+                $regexp =  '/(^|,)' . $this->config->user_attribute .
+                    '=([^,]+)(,|$)/i';
+                if (preg_match($regexp, $user_dn, $match) <= 0 ||
+                    $username !== $match[2]) {
+                    return false;
+                }
+
                 return true;
             }
         }