diff --git a/app/coffee/Features/Authentication/AuthenticationManager.coffee b/app/coffee/Features/Authentication/AuthenticationManager.coffee
index 9ac1c15b747f4678852909b535c32d13d57b8b6d..ac753e42f11a9d2cc8d11040afa6ec196f2bbf10 100644
--- a/app/coffee/Features/Authentication/AuthenticationManager.coffee
+++ b/app/coffee/Features/Authentication/AuthenticationManager.coffee
@@ -7,58 +7,60 @@ bcrypt = require 'bcrypt'
 BCRYPT_ROUNDS = Settings?.security?.bcryptRounds or 12
 
 module.exports = AuthenticationManager =
-	authenticate: (query, password, callback = (error, user) ->) ->
-		# Using Mongoose for legacy reasons here. The returned User instance
-		# gets serialized into the session and there may be subtle differences
-		# between the user returned by Mongoose vs mongojs (such as default values)
-		User.findOne query, (error, user) =>
-			return callback(error) if error?
-			if user?
-				if user.hashedPassword?
-					bcrypt.compare password, user.hashedPassword, (error, match) ->
-						return callback(error) if error?
-						if match
-							AuthenticationManager.checkRounds user, user.hashedPassword, password, (err) ->
-								return callback(err) if err?
-								callback null, user
-						else
-							callback null, null
-				else
-					callback null, null
-			else
-				callback null, null
+  authenticate: (query, password, callback = (error, user) ->) ->
+    # Using Mongoose for legacy reasons here. The returned User instance
+    # gets serialized into the session and there may be subtle differences
+    # between the user returned by Mongoose vs mongojs (such as default values)
+    User.findOne query, (error, user) =>
+      return callback(error) if error?
+      if user?
+        if user.hashedPassword?
+          bcrypt.compare password, user.hashedPassword, (error, match) ->
+            return callback(error) if error?
+            if match
+              AuthenticationManager.checkRounds user, user.hashedPassword, password, (err) ->
+                return callback(err) if err?
+                callback null, user
+            else
+              callback null, null
+        else
+          callback null, null
+      else
+        callback null, null
 
-	ldapAuthenticate: (ldapUser, callback = (error, user) ->) ->
-		User.findOneAndUpdate {email: eval('ldapUser.' + Settings.ldap.emailAtt)}, {first_name: eval('ldapUser.' + Settings.ldap.nameAtt), last_name: eval('ldapUser.' + Settings.ldap.lastNameAtt), hashedPassword: ldapUser.userPassword, ldap: true}, {new: true, upsert: true, setDefaultsOnInsert: true}, (error, user) =>
-			return callback(error) if error?
-			if user?
-				callback null, user
-			else
-				callback null, null
+  ldapAuthenticate: (ldapUser, callback = (error, user) ->) ->
+    ldapMail = eval('ldapUser.' + Settings.ldap.emailAtt)
+    mail = if Array.isArray(ldapMail) then ldapMail[0] else ldapMail
+    User.findOneAndUpdate {email: mail}, {first_name: eval('ldapUser.' + Settings.ldap.nameAtt), last_name: eval('ldapUser.' + Settings.ldap.lastNameAtt), hashedPassword: ldapUser.userPassword, ldap: true}, {new: true, upsert: true, setDefaultsOnInsert: true}, (error, user) =>
+      return callback(error) if error?
+      if user?
+        callback null, user
+      else
+        callback null, null
 
-	setUserPassword: (user_id, password, callback = (error) ->) ->
-		if (Settings.passwordStrengthOptions?.length?.max? and
-				Settings.passwordStrengthOptions?.length?.max < password.length)
-			return callback("password is too long")
-		if (Settings.passwordStrengthOptions?.length?.min? and
-				Settings.passwordStrengthOptions?.length?.min > password.length)
-			return callback("password is too short")
+  setUserPassword: (user_id, password, callback = (error) ->) ->
+    if (Settings.passwordStrengthOptions?.length?.max? and
+        Settings.passwordStrengthOptions?.length?.max < password.length)
+      return callback("password is too long")
+    if (Settings.passwordStrengthOptions?.length?.min? and
+        Settings.passwordStrengthOptions?.length?.min > password.length)
+      return callback("password is too short")
 
-		bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
-			return callback(error) if error?
-			bcrypt.hash password, salt, (error, hash) ->
-				return callback(error) if error?
-				db.users.update({
-					_id: ObjectId(user_id.toString())
-				}, {
-					$set: hashedPassword: hash
-					$unset: password: true
-				}, callback)
+    bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
+      return callback(error) if error?
+      bcrypt.hash password, salt, (error, hash) ->
+        return callback(error) if error?
+        db.users.update({
+          _id: ObjectId(user_id.toString())
+        }, {
+          $set: hashedPassword: hash
+          $unset: password: true
+        }, callback)
 
-	checkRounds: (user, hashedPassword, password, callback = (error) ->) ->
-		# check current number of rounds and rehash if necessary
-		currentRounds = bcrypt.getRounds hashedPassword
-		if currentRounds < BCRYPT_ROUNDS
-			AuthenticationManager.setUserPassword user._id, password, callback
-		else
-			callback()
+  checkRounds: (user, hashedPassword, password, callback = (error) ->) ->
+    # check current number of rounds and rehash if necessary
+    currentRounds = bcrypt.getRounds hashedPassword
+    if currentRounds < BCRYPT_ROUNDS
+      AuthenticationManager.setUserPassword user._id, password, callback
+    else
+      callback()