Some LDAP servers (wrongly) return LDAP_CONSTRAINT_VIOLATION if a user is locked due to too many password retries. This should not cause an internal server error but be treated as "auth denied".