I found that it was due to the allowed_groups testing the "memberOf" attribute, as the LDAP server only has the memberUid option, and the attempted search of LDAP3 on memberOf raises an exception now. This either needs a try.. except in the LDAP administrator, or the ability to specify which of the three group searches to try.
That to me sounds like a somewhat clear description of a bug, but I'm not sure if its still relevant. If it is, it should be something we should fix.
From https://github.com/jupyterhub/ldapauthenticator/issues/165#issuecomment-742982125:
That to me sounds like a somewhat clear description of a bug, but I'm not sure if its still relevant. If it is, it should be something we should fix.