diff --git a/src/admin_view/admin_router.js b/src/admin_view/admin_router.js
index c9e30ba2657f66c53e97f85b6d11a58cceceedd9..fd5a422324f17dd486238290c11b1b9c00d00a88 100644
--- a/src/admin_view/admin_router.js
+++ b/src/admin_view/admin_router.js
@@ -25,6 +25,7 @@ router.get('/', function (req, res) {
     res.redirect('/admin');
 });
 
+//note that this doesn't conflict with the server.get('/login', ...) in index.js since this catches path '/adminview/login'
 router.get('/login', function (req, res) {
     console.log('Connecting to ' + req.url);
     res.render('login', { title: 'Login', port: port, 
diff --git a/src/index.js b/src/index.js
index 48992cbe68c8b9b2bbcfee99377e07fd57ee1870..04cce6d224a9c85c7c8611dc39baef5240a40a89 100644
--- a/src/index.js
+++ b/src/index.js
@@ -5,9 +5,19 @@
 import server from './server';
 import colors from 'colors';
 import router from './admin_view/admin_router';
+import passport from 'passport';
 
 // setting up l'interface admin des BDD
-server.use(router);
+server.use('/adminview',router); // catches and resolves HTTP requests to paths '/adminview/*'
+
+// gere les requetes de login du front
+server.post('/login',
+    passport.authenticate('ldapauth', {
+        successRedirect: '/admin',
+        failureRedirect: '/login',
+        failureFlash: true
+    })
+);
 
 let port = process.env.PORT || 3000;
 
diff --git a/src/server.js b/src/server.js
index 9f4338399c9906694e73d683a3cd8fda1d27c1fc..a91bba25cd51b899e5182b3650226a38e787a766 100644
--- a/src/server.js
+++ b/src/server.js
@@ -43,6 +43,7 @@ server.use(bodyParser.urlencoded({ //parses bodies of media type "application/x-
  * et deserializeUser prend cette cle, fait une requete vers une BDD de users et met dans l'objet JS req.user toutes les infos issues de la BDD
  * Cette repartition permet de ne stocker dans la session (i.e. en memoire sur le serveur) que la cle des utilisateurs connectes et de ne "charger en memoire" toutes les infos de la BDD que lorsque necessaire
  * cf https://stackoverflow.com/questions/27637609/understanding-passport-serialize-deserialize#27637668
+ * et http://toon.io/understanding-passportjs-authentication-flow/
  * 
  * Mais en fait dans notre cas c'est graphql qui communique avec la BDD, donc on s'en fiche! On peut se contenter de dire a serializeUser et deserializeUser de ne s'occuper que du champ uid)
  */
@@ -59,15 +60,27 @@ passport.use(new LdapStrategy({
         //searchAttributes: ['givenName', 'sn'],
         //tlsOptions: '..........',
     },
+
     //usernameField: 'username', // Field name where the username is found, defaults to username
-    //passwordField: 'password', // Field name where the password is found, defaults to password
-    passReqToCallback: true, // set verify callback to have req as the first argument
-    function (req, user, done) {
-        // "verify callback", called after each passport.authenticate(...) when the authentication succeeded
+    //passwordField: 'password', // Field name where the pas    sword is found, defaults to password
+    
+    // LdapStrategy has a default verify callback ! j'ai perdu plein de temps pour rien :'(
+    // cf. https://github.com/vesse/passport-ldapauth/blob/master/lib/passport-ldapauth/strategy.js, line 195 (` var verify = function() { ... } `)
+    /*
+    function (user, done) {
+        // "verify callback", called after each passport.authenticate(...),
+        // unless missing credentials (in which case a 400 Error is returned)
+
+        // "The purpose of a verify callback is to find the user that possesses a set of credentials" (from passport doc)
+        // i.e. we query the database (in our case the LDAP) to get user's data
+        console.log("Entering passport's verify callback");
+
         if (user){
             //if user exists
+            console.log("Successfully authenticated " + user.uid);
         }
     }
+    */
 })
 );
 
@@ -129,14 +142,22 @@ server.use('/graphql', bodyParser.json(),
         let uid;
         let password;
         
-        try {
-            uid = req.user.uid;
-            password = "mythe";
-        } catch (err) {
+        if (req.isAuthenticated) {
+            try {
+                uid = req.user.uid;
+                password = "mythe";
+            } catch (err) {
+                console.log("Error: req is authenticated, but pb when trying to extract uid from req.user. Probably user was either not serialized or not deserialized properly");
+                console.log(err);
+                // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
+                //uid = defaultUser.dn.split("=")[1].split(",")[0];
+                //password = defaultUser.passwd;
+            }
+        } else {
+            // FOR DEVELOPMENT ONLY. for production, replace with a "publicUser" or "notLoggedInUser" or something.
             uid = defaultUser.dn.split("=")[1].split(",")[0];
             password = defaultUser.passwd;
         }
-
         // console.log("Accessing GraphQL as: ",uid);
 
         return {