diff --git a/src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb b/src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb
index 192779f6d1..6d300cb450 100644
--- a/src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb
+++ b/src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb
@@ -35,21 +35,44 @@ module OpenNebulaCloudAuth
         if auth.provided? && auth.basic?
             username, password = auth.credentials
 
-            if @conf[:encode_user_password]
+            authenticated = false
+
+            invalid_chars =
+                (User::INVALID_NAME_CHARS.any? {|char| username.include?(char) } ||
+                 User::INVALID_PASS_CHARS.any? {|char| password.include?(char) } )
+
+            # Try to authenticate the user with plain user:password. This step
+            # is skipped if an invalid character is found, since it's not possible
+            # for the authentication to succeed
+            if !invalid_chars
+                client = OpenNebula::Client.new("#{username}:#{password}", @conf[:one_xmlrpc])
+                user   = OpenNebula::User.new_with_id(OpenNebula::User::SELF, client)
+
+                rc = user.info
+
+                authenticated = !OpenNebula.is_error?(rc)
+            end
+
+            # Either the plain user:password auth failed, or the strings contain
+            # invalid chars. In both cases, try to authenticate encoding the
+            # strings. Some drivers such as ldap need this to work with chars
+            # that oned rejects
+            if !authenticated
                 if defined?(URI::Parser)
                     parser=URI::Parser.new
                 else
                     parser=URI
                 end
 
-                username=parser.escape(username)
-                password=parser.escape(password)
+                username = parser.escape(username)
+                password = parser.escape(password)
+
+                client = OpenNebula::Client.new("#{username}:#{password}", @conf[:one_xmlrpc])
+                user   = OpenNebula::User.new_with_id(OpenNebula::User::SELF, client)
+
+                rc = user.info
             end
 
-            client = OpenNebula::Client.new("#{username}:#{password}", @conf[:one_xmlrpc])
-            user   = OpenNebula::User.new_with_id(OpenNebula::User::SELF, client)
-
-            rc = user.info
             if OpenNebula.is_error?(rc)
                 if logger
                     logger.error{ "User #{username} could not be authenticated"}
@@ -58,7 +81,7 @@ module OpenNebulaCloudAuth
                 return nil
             end
 
-            return username
+            return user.name
         end
 
         return nil
diff --git a/src/oca/ruby/opennebula/user.rb b/src/oca/ruby/opennebula/user.rb
index 4a6d9ed353..74ed15ef74 100644
--- a/src/oca/ruby/opennebula/user.rb
+++ b/src/oca/ruby/opennebula/user.rb
@@ -54,6 +54,10 @@ module OpenNebula
         # Driver name for x509 proxy authentication
         X509_PROXY_AUTH = "x509_proxy"
 
+        # Same as User.cc
+        INVALID_NAME_CHARS = [" ", ":", "\t", "\n", "\v", "\f", "\r"]
+        INVALID_PASS_CHARS = [" ", "\t", "\n", "\v", "\f", "\r"]
+
         # Creates a User description with just its identifier
         # this method should be used to create plain User objects.
         # +id+ the id of the user
diff --git a/src/sunstone/etc/sunstone-server.conf b/src/sunstone/etc/sunstone-server.conf
index 7b04bb1d98..3c8bd12720 100644
--- a/src/sunstone/etc/sunstone-server.conf
+++ b/src/sunstone/etc/sunstone-server.conf
@@ -87,12 +87,6 @@
 #
 :core_auth: cipher
 
-# For external authentication drivers, such as LDAP. Performs a URL encoding
-# on the credentials sent to OpenNebula, e.g. secret%20password
-# This only works with "opennebula" auth.
-#
-#:encode_user_password: true
-
 ################################################################################
 # Check Upgrades
 ################################################################################