diff --git a/src/Auth/ListensForLdapBindFailure.php b/src/Auth/ListensForLdapBindFailure.php
index 12422ffa..552819a5 100644
--- a/src/Auth/ListensForLdapBindFailure.php
+++ b/src/Auth/ListensForLdapBindFailure.php
@@ -72,6 +72,13 @@ protected function ldapBindFailed(string $errorMessage, string $diagnosticMessag
                 $this->handleLdapBindError($errorMessage);
 
                 return;
+
+            case is_null($diagnosticMessage):
+                // If there is no diagnostic message to work with, we
+                // cannot make any further attempts to determine
+                // the error. We will bail here in such case.
+                return;
+
             case $this->causedByInvalidCredentials($errorMessage, $diagnosticMessage):
                 // We'll bypass any invalid LDAP credential errors and let
                 // the login controller handle it. This is so proper
diff --git a/tests/Unit/ListenForLdapBindFailureTest.php b/tests/Unit/ListenForLdapBindFailureTest.php
index 0336894c..c25fdfe3 100644
--- a/tests/Unit/ListenForLdapBindFailureTest.php
+++ b/tests/Unit/ListenForLdapBindFailureTest.php
@@ -41,6 +41,7 @@ public function test_validation_exception_is_not_thrown_when_invalid_credentials
 
         /** @var \LdapRecord\Testing\LdapFake $ldap */
         $ldap = $fake->getLdapConnection();
+        $ldap->shouldReturnDiagnosticMessage(null);
         $ldap->shouldReturnError('Invalid credentials');
 
         $this->assertFalse($fake->auth()->attempt('user', 'secret'));