Comment 2 for bug 1684994

I agree with Boris. I don't think there's a better HTTP status code to return, and I don't think we should expose to the caller that the LDAP credentials are invalid... that is something that only an admin should be privy to.