Comment 3 for bug 1684994

I agree that we should not reveal to user that LDAP credentials are incorrect, but the error in the logs leaks information to user that keystone is configured with LDAP as identity backend. so I think it's better we handle ldap.INVALID_CREDENTIALS like we do at [0] and give a generic message at [1] something like "unable to connect to identity repository" with 500 error instead of 504.

[0] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1285

[1]https://github.com/openstack/keystone/blob/master/keystone/exception.py#L598