--- a/server/repository.py	Mon Feb 13 12:16:37 2012 +0100
+++ b/server/repository.py	Tue Feb 14 09:49:13 2012 +0100
@@ -451,8 +451,10 @@
         """validate authentication, raise AuthenticationError on failure, return
         associated CWUser's eid on success.
         """
-        for source in self.sources:
-            if source.support_entity('CWUser'):
+        # iter on sources_by_uri then check enabled source since sources doesn't
+        # contain copy based sources
+        for source in self.sources_by_uri.itervalues():
+            if self.config.source_enabled(source) and source.support_entity('CWUser'):
                 try:
                     return source.authenticate(session, login, **authinfo)
                 except AuthenticationError: