I have three findings that I would like to share that seem to work for me as a workaround. YMMV, please try this out first in a test environment.
These findings were made on a site that had unsuccesfully been updated to authorization 1.4.
1. After I cancel and delete all LDAP-provided user accounts from my site, the 'authorization' update 8004 works (drush updb -y). For me this is a valid workaround, as in my case all users are provided via LDAP, and are recreated the next time a valid user logs in.
2. If I manually set the 'authorisation' module version in composer.json back to to "drupal/authorization": "1.3", and run composer update, the login functionality is restored (for as far as I can see), without having to delete the user accounts as in step 1. Not sure what the effect of the failed update 8004 is in this case. This step requires you to manually change composer.json again when the 'authorization' module provides a valid 1.4 update path.
3. Overwriting the unsuccesful update 1.4 with the dev version of [16 Sep 2024 at 21:45 CEST] did not provide a working update 8004 for me.
Hoping for a resolution shortly,
Mark.
Also, the checked value of config key 'acctCreation' has changed from 'ldap_behaviour' to 'ldap_behavior'. This prevented my automated install routine from setting the correct value for this config key.