Avoid updating password and sending email notification in case of AuthenticationException: [LDAP: Error code 49 - INVALID_CREDENTIALS]

A customer reported a behavior where Users receive an internal server error upon password change.

Steps to reproduce:

• Set up Liferay DXP 7.1 FP28 with mail config and Apache DS for LDAP
• Make sure to use the LDAP password policy
• Create a password policy in LDAP
• Create a user in LDAP
• Log in with the User to check if it is successful
• Sign out and try to sing in again, but click on the Forgot Password button instead
• You should receive an email with the password reset link
• Try creating a new password with the given link and make sure that it will not pass the LDAP password check

Actual behavior: Internal Server Error occurs on the UI, but still the "Your Password Has Been Changed" mail is sent
Expected Result: A more User friendly error could be shown on the UI, so the User knows why it happened, and also the mail should not be sent

Root cause: This problem is related to the Apache DS LDAP authentication. If the Microsoft AD LDAP is used, the login performs successfully.

Console log:

2022-11-22 15:40:39.597 WARN  [http-nio-8080-exec-5][DefaultPortalLDAP:184] Unable to bind to the LDAP server
javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user ou=system]
2022-11-22 15:44:53.615 INFO  [http-nio-8080-exec-9][LoginMVCActionCommand:128] Authentication failed

Reproduced:
liferay-dxp-7.1.10-dxp-28
master
7.1.x
7.3.x