diff --git a/src/ldap.js b/src/ldap.js
index 89ca6a347..633e8f2ba 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -591,7 +591,6 @@ async function authenticateService(serviceId, dn, req, res, next) {
     if (appPasswordError.reason !== BoxError.NOT_FOUND) return next(new ldap.OperationsError(appPasswordError.message));
 
     if (!mailbox || !mailbox.active) return next(new ldap.NoSuchObjectError(dn.toString())); // user auth requires active mailbox
-    if (mailbox.ownerType !== mailbox.OWNERTYPE_USER && mailbox.ownerType !== mailbox.OWNERTYPE_GROUP) return next(new ldap.InvalidCredentialsError(dn.toString())); // app mailboxes don't have a real password
     const [verifyError, result] = await safe(verifyMailboxPassword(mailbox, req.credentials || ''));
     if (verifyError && verifyError.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(dn.toString()));
     if (verifyError && verifyError.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(dn.toString()));
diff --git a/src/routes/test/settings-test.js b/src/routes/test/settings-test.js
index 55e5be2cd..1dba5cee3 100644
--- a/src/routes/test/settings-test.js
+++ b/src/routes/test/settings-test.js
@@ -82,7 +82,8 @@ describe('Settings API', function () {
     describe('exposed_ldap_config', function () {
         // keep in sync with defaults in settings.js
         let defaultConfig = {
-            enabled: false
+            enabled: false,
+            allowlist: ''
         };
 
         it('can get exposed_ldap_config (default)', async function () {
@@ -124,7 +125,7 @@ describe('Settings API', function () {
                 .query({ access_token: owner.token });
 
             expect(response.statusCode).to.equal(200);
-            expect(response.body).to.eql({ enabled: true });
+            expect(response.body).to.eql({ enabled: true, allowlist: '' });
         });
     });
 
diff --git a/src/test/ldap-test.js b/src/test/ldap-test.js
index f5f9bc5ae..75eab7cee 100644
--- a/src/test/ldap-test.js
+++ b/src/test/ldap-test.js
@@ -344,7 +344,7 @@ describe('Ldap', function () {
         });
     });
 
-    describe('user mailbox bind', function () {
+    describe('sogo mailbox bind', function () {
         it('email disabled - cannot auth', async function () {
             const [error] = await safe(ldapBind(`cn=${mailbox},domain=example.com,ou=mailboxes,dc=cloudron`, 'badpassword'));
             expect(error).to.be.a(ldap.NoSuchObjectError);