diff --git a/src/ldaptool/search/_search.py b/src/ldaptool/search/_search.py
index 124f1f5..dcd577b 100644
--- a/src/ldaptool/search/_search.py
+++ b/src/ldaptool/search/_search.py
@@ -26,7 +26,10 @@ def search(*, config: Config, arguments: Arguments) -> typing.Iterable[Result]:
     if arguments.krb:
         ldap_con.sasl_gssapi_bind_s()
     else:
-        ldap_con.simple_bind_s(realm.account, config.get_password(realm))
+        password = config.get_password(realm)
+        # use only first line (and without whitespace); assume remaining lines are comments/...
+        password = password.splitlines()[0].strip()
+        ldap_con.simple_bind_s(realm.account, password)
 
     assert arguments.base
     assert arguments.filter
diff --git a/src/ldaptool/search/config.py b/src/ldaptool/search/config.py
index 7c99562..3f9b490 100644
--- a/src/ldaptool/search/config.py
+++ b/src/ldaptool/search/config.py
@@ -121,7 +121,10 @@ class Keyringer(PasswordManager):
             check=True,
             encoding="utf-8",
         )
-        return result.stdout.strip()
+        password = result.stdout.strip()
+        if "Nothing matches , try again." in password:
+            raise SystemExit(f"No password stored for {secretname}")
+        return password
 
 
 @dataclasses.dataclass