diff --git a/aleksis/core/util/ldap.py b/aleksis/core/util/ldap.py
index 031e582e779f7998d79371cff4127b489dfc7355..5a17cbbb5aea91030fab467c21897826f74eb6aa 100644
--- a/aleksis/core/util/ldap.py
+++ b/aleksis/core/util/ldap.py
@@ -1,5 +1,7 @@
 """Utilities and extensions for django_auth_ldap."""
 
+from django.core.exceptions import PermissionDenied
+
 from django_auth_ldap.backend import LDAPBackend as _LDAPBackend
 
 
@@ -20,13 +22,13 @@ class LDAPBackend(_LDAPBackend):
         """
         user = ldap_user.authenticate(password)
 
+        if not user:
+            # Fail early and do not try other backends
+            raise PermissionDenied("LDAP failed to authenticate user")
+
         if self.settings.SET_USABLE_PASSWORD:
-            if user:
-                # Set a usable password so users can change their LDAP password
-                user.set_password(password)
-            else:
-                # Disable local password if authentication fails
-                user.set_unusable_password()
+            # Set a usable password so users can change their LDAP password
+            user.set_password(password)
             user.save()
 
         return user