function authenticate($user, $username, $password)
 {
     // If previous authentication succeeded, respect that
     if (is_a($user, 'WP_User')) {
         return $user;
     }
     // Determine if user a local admin
     $local_admin = false;
     $user_obj = get_user_by('login', $username);
     if (user_can($user_obj, 'update_core')) {
         $local_admin = true;
     }
     if (empty($username) || empty($password)) {
         $error = new WP_Error();
         if (empty($username)) {
             $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
         }
         if (empty($password)) {
             $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
         }
         return $error;
     }
     // If high security mode is enabled, remove default WP authentication hook
     if (str_true($this->get_setting('high_security')) && !$local_admin) {
         remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
     }
     // Sweet, let's try to authenticate our user and pass against LDAP
     $auth_result = $this->ldap_auth($username, $password, $this->get_setting('directory'));
     if ($auth_result) {
         // Authenticated, does user have required groups, if any?
         if ($this->user_has_groups($username, $this->get_setting('directory'))) {
             $user = get_user_by('login', $username);
             if (!$user || strtolower($user->user_login) !== strtolower($username)) {
                 if (!str_true($this->get_setting('create_users'))) {
                     do_action('wp_login_failed', $username);
                     return new WP_Error('invalid_username', __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.'));
                 }
                 $new_user = wp_insert_user($this->get_user_data($username, $this->get_setting('directory')));
                 if (!is_wp_error($new_user)) {
                     // Successful Login
                     $new_user = new WP_User($new_user);
                     do_action_ref_array($this->prefix . 'auth_success', array($new_user));
                     return $new_user;
                 } else {
                     do_action('wp_login_failed', $username);
                     return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: ' . $new_user->get_error_message()));
                 }
             } else {
                 return new WP_User($user->ID);
             }
         } else {
             return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: Your LDAP credentials are correct, but you are not in an authorized LDAP group.'));
         }
     } elseif (str_true($this->get_setting('high_security'))) {
         return new WP_Error('invalid_username', __('<strong>Simple LDAP Login</strong>: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.'));
     }
     do_action($this->prefix . 'auth_failure');
     return false;
 }