Improve error outputs (#8740)

pcman312 · pcman312 · commit acfd765024fa · 2020-04-24T13:48:26.000-06:00
Makes "ldap operation failed" error messages a little more useful. Also
makes the errors unique so it's easier to debug where an error is coming
from when one occurs.
diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
@@ -93,7 +93,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("error getting user bind DN", "error", err)
 		}
-		return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+		return nil, logical.ErrorResponse("ldap operation failed: unable to retrieve user bind DN"), nil, nil
 	}
 
 	if b.Logger().IsDebug() {
@@ -110,7 +110,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("ldap bind failed", "error", err)
 		}
-		return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+		return nil, logical.ErrorResponse("ldap operation failed: failed to bind as user"), nil, nil
 	}
 
 	// We re-bind to the BindDN if it's defined because we assume
@@ -120,7 +120,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 			if b.Logger().IsDebug() {
 				b.Logger().Debug("error while attempting to re-bind with the BindDN User", "error", err)
 			}
-			return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+			return nil, logical.ErrorResponse("ldap operation failed: failed to re-bind with the BindDN user"), nil, nil
 		}
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("re-bound to original binddn")
@@ -135,7 +135,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 	if cfg.AnonymousGroupSearch {
 		c, err = ldapClient.DialLDAP(cfg.ConfigEntry)
 		if err != nil {
-			return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+			return nil, logical.ErrorResponse("ldap operation failed: failed to connect to LDAP server"), nil, nil
 		}
 		defer c.Close() // Defer closing of this connection as the deferal above closes the other defined connection
 	}

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ func (b backend) Login(ctx context.Context, req logical.Request, username stri`
`93`	`93`	`if b.Logger().IsDebug() {`
`94`	`94`	`b.Logger().Debug("error getting user bind DN", "error", err)`
`95`	`95`	`}`
`96`		`- return nil, logical.ErrorResponse("ldap operation failed"), nil, nil`
	`96`	`+ return nil, logical.ErrorResponse("ldap operation failed: unable to retrieve user bind DN"), nil, nil`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`if b.Logger().IsDebug() {`
`@@ -110,7 +110,7 @@ func (b backend) Login(ctx context.Context, req logical.Request, username stri`
`110`	`110`	`if b.Logger().IsDebug() {`
`111`	`111`	`b.Logger().Debug("ldap bind failed", "error", err)`
`112`	`112`	`}`
`113`		`- return nil, logical.ErrorResponse("ldap operation failed"), nil, nil`
	`113`	`+ return nil, logical.ErrorResponse("ldap operation failed: failed to bind as user"), nil, nil`
`114`	`114`	`}`
`115`	`115`
`116`	`116`	`// We re-bind to the BindDN if it's defined because we assume`
`@@ -120,7 +120,7 @@ func (b backend) Login(ctx context.Context, req logical.Request, username stri`
`120`	`120`	`if b.Logger().IsDebug() {`
`121`	`121`	`b.Logger().Debug("error while attempting to re-bind with the BindDN User", "error", err)`
`122`	`122`	`}`
`123`		`- return nil, logical.ErrorResponse("ldap operation failed"), nil, nil`
	`123`	`+ return nil, logical.ErrorResponse("ldap operation failed: failed to re-bind with the BindDN user"), nil, nil`
`124`	`124`	`}`
`125`	`125`	`if b.Logger().IsDebug() {`
`126`	`126`	`b.Logger().Debug("re-bound to original binddn")`
`@@ -135,7 +135,7 @@ func (b backend) Login(ctx context.Context, req logical.Request, username stri`
`135`	`135`	`if cfg.AnonymousGroupSearch {`
`136`	`136`	`c, err = ldapClient.DialLDAP(cfg.ConfigEntry)`
`137`	`137`	`if err != nil {`
`138`		`- return nil, logical.ErrorResponse("ldap operation failed"), nil, nil`
	`138`	`+ return nil, logical.ErrorResponse("ldap operation failed: failed to connect to LDAP server"), nil, nil`
`139`	`139`	`}`
`140`	`140`	`defer c.Close() // Defer closing of this connection as the deferal above closes the other defined connection`
`141`	`141`	`}`