I have a little problem that I would like to fix:

My setup right now works great, however there is only little problem, even if the user is rejected (i.e. incorrect password) all the user attributes are still returned.  I think this is a slight security risk, since all you need to know is the username to retrieve information about the network...

I am trying to stop this but placing an entry at the top of the users file, but I can not figure out what variable to test for?

Any ideas? Where would I look?

Thanks
Bob