diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m
index 2463b5a18..b92c0fdac 100644
--- a/SoObjects/SOGo/SOGoUserManager.m
+++ b/SoObjects/SOGo/SOGoUserManager.m
@@ -610,6 +610,9 @@ static Class NSNullK;
   jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
   currentUser = [jsonUser objectFromJSONString];
 
+  if ([currentUser isKindOfClass: NSNullK])
+    currentUser = nil;
+
   //
   // If we are using multidomain and the UIDFieldName is not part of the email address
   // we must bind without the domain part since internally, SOGo will use
@@ -623,7 +626,7 @@ static Class NSNullK;
   // and authenticates with "foo", using bindFields = (uid, mail) and SOGoEnableDomainBasedUID = YES;
   // Otherwise, -_sourceCheckLogin:... would have failed because SOGo would try to bind using: foo@example.com
   //
-  if ([[currentUser objectForKey: @"DomainLessLogin"] boolValue])
+  if (currentUser && [[currentUser objectForKey: @"DomainLessLogin"] boolValue])
     {
       NSRange r;
 
@@ -631,7 +634,7 @@ static Class NSNullK;
       _login = [_login substringToIndex: r.location];
     }
 
-  dictPassword = [currentUser objectForKey: @"password"];
+  dictPassword = (currentUser ? [currentUser objectForKey: @"password"] : nil);
   if (useCache && currentUser && dictPassword)
     {
       checkOK = ([dictPassword isEqualToString: [_pwd asSHA1String]]);
@@ -723,6 +726,9 @@ static Class NSNullK;
   jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: login];
   currentUser = [jsonUser objectFromJSONString];
 
+  if ([currentUser isKindOfClass: NSNullK])
+    currentUser = nil;
+
   if ([self _sourceChangePasswordForLogin: login
                                  inDomain: domain
                               oldPassword: oldPassword