diff --git a/internal/outpost/ldap/bind/memory/memory.go b/internal/outpost/ldap/bind/memory/memory.go
index b75c073bdfb1..4c6dfcc0fb56 100644
--- a/internal/outpost/ldap/bind/memory/memory.go
+++ b/internal/outpost/ldap/bind/memory/memory.go
@@ -47,7 +47,7 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
 		DN:       req.BindDN,
 		Password: req.BindPW,
 	})
-	if item != nil {
+	if item != nil && item.Value() != ldap.LDAPResultOperationsError {
 		sb.log.WithField("bindDN", req.BindDN).Info("authenticated from session")
 		return item.Value(), nil
 	}
@@ -56,7 +56,7 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
 	// Only cache the result if there's been an error
 	if err == nil {
 		flag := sb.si.GetFlags(req.BindDN)
-		if flag == nil  || (flag.UserInfo == nil && flag.UserPk == flags.InvalidUserPK) {
+		if flag == nil || (flag.UserInfo == nil && flag.UserPk == flags.InvalidUserPK) {
 			sb.log.Error("user flags not set after bind")
 			return result, err
 		}