diff --git a/src/externalldap.js b/src/externalldap.js
index c636546bf..e16f64453 100644
--- a/src/externalldap.js
+++ b/src/externalldap.js
@@ -83,17 +83,18 @@ async function getClient(externalLdapConfig, options) {
         throw new BoxError(BoxError.INTERNAL_ERROR, e);
     }
 
-    // skip bind auth if none exist or if not wanted
-    if (!externalLdapConfig.bindDn || !options.bind) return client;
-
     return await new Promise((resolve, reject) => {
         reject = once(reject);
 
         // ensure we don't just crash
         client.on('error', function (error) {
+            console.error('ExternalLdap client error:', error);
             reject(new BoxError(BoxError.EXTERNAL_ERROR, error));
         });
 
+        // skip bind auth if none exist or if not wanted
+        if (!externalLdapConfig.bindDn || !options.bind) return resolve(client);
+
         client.bind(externalLdapConfig.bindDn, externalLdapConfig.bindPassword, function (error) {
             if (error instanceof ldap.InvalidCredentialsError) return reject(new BoxError(BoxError.INVALID_CREDENTIALS));
             if (error) return reject(new BoxError(BoxError.EXTERNAL_ERROR, error));