diff --git a/product/ERP5/mixin/extensible_traversable.py b/product/ERP5/mixin/extensible_traversable.py
index cf251fe40cc6cc5c7089e723dd4da7475e80fc67..5d64d60cde359c78596c779296caa2388ca1fa1d 100644
--- a/product/ERP5/mixin/extensible_traversable.py
+++ b/product/ERP5/mixin/extensible_traversable.py
@@ -96,11 +96,18 @@ class BaseExtensibleTraversableMixin(ExtensibleTraversableMixIn):
             else:
               has_published = True
             try:
-              auth = request._auth
-              # this logic is copied from identify() in
-              # AccessControl.User.BasicUserFolder.
-              if auth and auth.lower().startswith('basic '):
-                name = decodestring(auth.split(' ')[-1]).split(':', 1)[0]
+              name = None
+              acl_users = self.getPortalObject().acl_users
+              user_list = acl_users._extractUserIds(request, acl_users.plugins)
+              if len(user_list) > 0:
+                name = user_list[0][0]
+              else:
+                auth = request._auth
+                # this logic is copied from identify() in
+                # AccessControl.User.BasicUserFolder.
+                if auth and auth.lower().startswith('basic '):
+                  name = decodestring(auth.split(' ')[-1]).split(':', 1)[0]
+              if name is not None:
                 user = portal_membership._huntUser(name, self)
               else:
                 user = None
diff --git a/product/ERP5Security/tests/testERP5Security.py b/product/ERP5Security/tests/testERP5Security.py
index badd67fbc31575f131dd162e20f6594e5860cfe8..4e70688cfeb95dcd6919cacc78e946980c1ef743 100644
--- a/product/ERP5Security/tests/testERP5Security.py
+++ b/product/ERP5Security/tests/testERP5Security.py
@@ -762,6 +762,12 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
     response = self.publish('%s/%s?__ac_key=%s' %(base_url, web_page.getReference(),
                                                   key))
     self.assertEqual(response.getStatus(), 200)
+    response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % (
+      base_url, web_page.getReference(), reference, 'guest'))
+    self.assertEqual(response.getStatus(), 200)
+    response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % (
+      base_url, web_page.getReference(), 'ERP5TypeTestCase', ''))
+    self.assertEqual(response.getStatus(), 200)
 
   def testERP5ExternalAuthenticationPlugin(self):
     """