Follow-up 78edc32 - Fixes #4471 - Support LDAP interfaces that always need authentication (e.g. OKTA LDAP).

app/controllers/integration/ldap_controller.rb

@@ -7,6 +7,7 @@ class Integration::LdapController < ApplicationController
 
   EXCEPTIONS_SPECIAL_TREATMENT = {
     '48, Inappropriate Authentication' => {}, # workaround for issue #1114
+    '50, Insufficient Access Rights'   => { error: 'disallow-bind-anon' },
     '53, Unwilling to perform'         => { error: 'disallow-bind-anon' },
   }.freeze
 

spec/requests/integration/ldap_spec.rb

@@ -26,6 +26,35 @@ RSpec.describe 'Ldap', type: :request do
 
         expect(json_response).to eq('result' => 'ok', 'error' => 'disallow-bind-anon')
       end
+
+      context 'with other error code' do
+        let(:ldap_instance) { instance_double(Net::LDAP) }
+        let(:params) do
+          {
+            name:   'Example LDAP',
+            host:   'localhost',
+            ssl:    'off',
+            active: 'true'
+          }
+        end
+        let(:operation_result_struct) { Struct.new(:code, :message) }
+
+        before do
+          allow(Net::LDAP).to receive(:new).with({ host: params[:host], port: 389 }).and_return(ldap_instance)
+          allow(ldap_instance).to receive_messages(
+            bind:                 false,
+            get_operation_result: operation_result_struct.new(50, 'Insufficient Access Rights')
+          )
+        end
+
+        it 'returns special exception treatment for not allowed anonymous bind' do
+          authenticated_as(admin)
+
+          post '/api/v1/integration/ldap/discover', params: params, as: :json
+
+          expect(json_response).to eq('result' => 'ok', 'error' => 'disallow-bind-anon')
+        end
+      end
     end
   end
 end