diff --git a/moulinette/authenticators/__init__.py b/moulinette/authenticators/__init__.py
index 958d85a0..4c3e3ec6 100644
--- a/moulinette/authenticators/__init__.py
+++ b/moulinette/authenticators/__init__.py
@@ -32,6 +32,7 @@ class BaseAuthenticator(object):
 
     def __init__(self, name):
         self._name = name
+        self.is_authenticated = False
 
     @property
     def name(self):
@@ -44,12 +45,6 @@ class BaseAuthenticator(object):
     """The vendor name of the authenticator"""
     vendor = None
 
-    @property
-    def is_authenticated(self):
-        """Either the instance is authenticated or not"""
-        raise NotImplementedError("derived class '%s' must override this property" %
-                                  self.__class__.__name__)
-
     # Virtual methods
     # Each authenticator classes must implement these methods.
 
@@ -103,6 +98,8 @@ class BaseAuthenticator(object):
                                  self.name, self.vendor, e)
                 raise MoulinetteError('unable_authenticate')
 
+            self.is_authenticated = True
+
             # Store session for later using the provided (new) token if any
             if token:
                 try:
@@ -123,12 +120,14 @@ class BaseAuthenticator(object):
                 s_id, s_token = token
                 # Attempt to authenticate
                 self._authenticate_session(s_id, s_token)
-            except MoulinetteError:
+            except MoulinetteError as e:
                 raise
             except Exception as e:
                 logger.exception("authentication (name: '%s', vendor: '%s') fails because '%s'",
                                  self.name, self.vendor, e)
                 raise MoulinetteError('unable_authenticate')
+            else:
+                self.is_authenticated = True
 
         #
         # No credentials given, can't authenticate
diff --git a/moulinette/authenticators/ldap.py b/moulinette/authenticators/ldap.py
index 447cbd77..07593483 100644
--- a/moulinette/authenticators/ldap.py
+++ b/moulinette/authenticators/ldap.py
@@ -57,21 +57,6 @@ class Authenticator(BaseAuthenticator):
 
     vendor = 'ldap'
 
-    @property
-    def is_authenticated(self):
-        if self.con is None:
-            return False
-        try:
-            # Retrieve identity
-            who = self.con.whoami_s()
-        except Exception as e:
-            logger.warning("Error during ldap authentication process: %s", e)
-            return False
-        else:
-            if who[3:] == self.userdn:
-                return True
-        return False
-
     # Implement virtual methods
 
     def authenticate(self, password):
@@ -89,9 +74,19 @@ class Authenticator(BaseAuthenticator):
         except ldap.SERVER_DOWN:
             logger.exception('unable to reach the server to authenticate')
             raise MoulinetteError('ldap_server_down')
+
+        # Check that we are indeed logged in with the right identity
+        try:
+            who = con.whoami_s()
+        except Exception as e:
+            logger.warning("Error during ldap authentication process: %s", e)
+            raise
         else:
-            self.con = con
-            self._ensure_password_uses_strong_hash(password)
+            if who[3:] != self.userdn:
+                raise MoulinetteError("Not logged in with the expected userdn ?!")
+            else:
+                self.con = con
+                self._ensure_password_uses_strong_hash(password)
 
     def _ensure_password_uses_strong_hash(self, password):
         # XXX this has been copy pasted from YunoHost, should we put that into moulinette?