diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index f8c6d00..32799e4 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -45,7 +45,7 @@ class AuthLDAP(AuthPlugin):
 
         # TODO: might not be set if modify is called
         self.root_dn = config.get("root_dn", None)
-        self.root_secret = self.root_dn = config.get("root_secret", None)
+        self.root_secret = config.get("root_secret", None)
 
         @after_role_updated
         def _role_updated(role, new_name):
@@ -219,8 +219,11 @@ class AuthLDAP(AuthPlugin):
                 else:
                     ldap_conn.delete(dn)
 
-        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+        except LDAPPasswordIsMandatoryError:
             raise BadRequest
+        except LDAPBindError:
+            logger.debug(f"Could not bind to LDAP server", exc_info=True)
+            raise InternalServerError
 
     def __hash(self, password):
         if self.password_hash == "ARGON2":