diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
index 87d7af4..dac573d 100644
--- a/ldapauthenticator/ldapauthenticator.py
+++ b/ldapauthenticator/ldapauthenticator.py
@@ -43,8 +43,8 @@ def _server_port_default(self):
 
 
     allowed_groups = List(
-	config=True,
-	help="List of LDAP Group DNs whose members are allowed access"
+        config=True,
+        help="List of LDAP Group DNs whose members are allowed access"
     )
 
     valid_username_regex = Unicode(
@@ -92,8 +92,15 @@ def authenticate(self, handler, data):
                         attributes=['member']
                     ):
                         return username
+                # If we reach here, then none of the groups matched
+                self.log.warn('User {username} not in any of the allowed groups'.format(
+                    username=userdn
+                ))
+                return None
             else:
                 return username
         else:
-            self.log.warn('Invalid password')
+            self.log.warn('Invalid password for user {username}'.format(
+                username=userdn,
+            ))
             return None