diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.invalid_credentials/ldap.log b/testing/btest/Baseline/scripts.base.protocols.ldap.invalid_credentials/ldap.log
new file mode 100644
index 0000000000..4ca02e8489
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.invalid_credentials/ldap.log
@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ldap
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcode	result	diagnostic_message	object	argument
+#types	time	string	addr	port	addr	port	int	int	string	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	65	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	66	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	83	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	84	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	101	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	102	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	119	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	120	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	137	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	138	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	155	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	156	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	173	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	174	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	191	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	192	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	209	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	210	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	227	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	228	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	245	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	246	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	263	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	264	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	349	-	unbind	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Traces/README b/testing/btest/Traces/README
index 818e32bd8b..0b2ccd1db1 100644
--- a/testing/btest/Traces/README
+++ b/testing/btest/Traces/README
@@ -21,9 +21,11 @@ Trace Index/Sources:
 - ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap: Harvested from CTU-SME-11
   (Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 389 and port 50041.
   https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
+- ldap/ldap_invalid_credentials.pcap
+  Provided by Martin van Hensbergen in issue #3919.
 - dns/tkey.pcap: Harvested from CTU-SME-11
   (Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 53.
   https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
 - dns/dynamic-update.pcap: : Harvested from CTU-SME-11
   (Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 53.
-  https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
\ No newline at end of file
+  https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
diff --git a/testing/btest/Traces/ldap/ldap_invalid_credentials.pcap b/testing/btest/Traces/ldap/ldap_invalid_credentials.pcap
new file mode 100644
index 0000000000..b273b140bd
Binary files /dev/null and b/testing/btest/Traces/ldap/ldap_invalid_credentials.pcap differ
diff --git a/testing/btest/scripts/base/protocols/ldap/invalid_credentials.zeek b/testing/btest/scripts/base/protocols/ldap/invalid_credentials.zeek
new file mode 100644
index 0000000000..041d03464d
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ldap/invalid_credentials.zeek
@@ -0,0 +1,5 @@
+# @TEST-DOC: Regression test case for #3919 for invalid credentials.
+#
+# @TEST-REQUIRES: have-spicy
+# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap_invalid_credentials.pcap %INPUT
+# @TEST-EXEC: btest-diff ldap.log