diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index f7ea98b41..3f8b8e618 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -119,6 +119,8 @@ async function getUser (usernameOrEmail?: string, password?: string) {
       // This user does not belong to this plugin, skip it
       if (user.pluginAuth !== obj.pluginName) return null
 
+      checkUserValidityOrThrow(user)
+
       return user
     }
   }
@@ -132,7 +134,7 @@ async function getUser (usernameOrEmail?: string, password?: string) {
   const passwordMatch = await user.isPasswordMatch(password)
   if (passwordMatch !== true) return null
 
-  if (user.blocked) throw new AccessDeniedError('User is blocked.')
+  checkUserValidityOrThrow(user)
 
   if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) {
     throw new AccessDeniedError('User email is not verified.')
@@ -238,3 +240,7 @@ async function createUserFromExternal (pluginAuth: string, options: {
 
   return user
 }
+
+function checkUserValidityOrThrow (user: MUser) {
+  if (user.blocked) throw new AccessDeniedError('User is blocked.')
+}
diff --git a/server/tests/external-plugins/auth-ldap.ts b/server/tests/external-plugins/auth-ldap.ts
index 4ce8e82cb..e4eae7e8c 100644
--- a/server/tests/external-plugins/auth-ldap.ts
+++ b/server/tests/external-plugins/auth-ldap.ts
@@ -4,9 +4,11 @@ import 'mocha'
 import { expect } from 'chai'
 import { User } from '@shared/models/users/user.model'
 import {
+  blockUser,
   getMyUserInformation,
   installPlugin,
   setAccessTokensToServers,
+  unblockUser,
   uninstallPlugin,
   updatePluginSettings,
   uploadVideo,
@@ -17,6 +19,7 @@ import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/ext
 describe('Official plugin auth-ldap', function () {
   let server: ServerInfo
   let accessToken: string
+  let userId: number
 
   before(async function () {
     this.timeout(30000)
@@ -90,12 +93,26 @@ describe('Official plugin auth-ldap', function () {
 
     expect(body.username).to.equal('fry')
     expect(body.email).to.equal('fry@planetexpress.com')
+
+    userId = body.id
   })
 
   it('Should upload a video', async function () {
     await uploadVideo(server.url, accessToken, { name: 'my super video' })
   })
 
+  it('Should not be able to login if the user is banned', async function () {
+    await blockUser(server.url, userId, server.accessToken)
+
+    await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }, 400)
+  })
+
+  it('Should be able to login if the user is unbanned', async function () {
+    await unblockUser(server.url, userId, server.accessToken)
+
+    await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' })
+  })
+
   it('Should not login if the plugin is uninstalled', async function () {
     await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' })