Symfony version(s) affected

5.3

Description

In case the configured LDAP server is not currently reachable, the json_login_ldap authenticator returns this to the user:

{
    "code": 401,
    "message": "Invalid credentials."
}

Internally, a PHP notice is logged:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server

and symfony/ldap throws Symfony\Component\Security\Core\Exception\BadCredentialsException, which doesn't seem quite right.

I think it would make more sense for the server to return a 500 stating something went wrong while attempting to verify credentials.

How to reproduce

• Have a working LDAP authentication setup
• Introduce connectivity issues (firewall, stop the ldap server, what have you)
• Try to authenticate using valid credentials

Possible Solution

When ldap_bind() finds it is Unable to bind to server: Can't contact LDAP server, instead of throwing a BadCredentialsException we could throw something else to indicate there was an issue while attempting to verify credentials. Various authenticators (like json_login_ldap could then return meaningful errors to the user.

Additional Context

No response