From a934957f1d66d15e6c2de6564c0db60954013354 Mon Sep 17 00:00:00 2001
From: Michael Golowka <72365+pcman312@users.noreply.github.com>
Date: Fri, 24 Apr 2020 15:02:13 -0600
Subject: [PATCH] Improve error outputs (#8740) (#8842)

Backporting https://github.com/hashicorp/vault/pull/8740 to 1.4.x

Makes "ldap operation failed" error messages a little more useful. Also
makes the errors unique so it's easier to debug where an error is coming
from when one occurs.
---
 builtin/credential/ldap/backend.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index 74adacb253cea..22f63fbb70795 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -93,7 +93,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("error getting user bind DN", "error", err)
 		}
-		return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+		return nil, logical.ErrorResponse("ldap operation failed: unable to retrieve user bind DN"), nil, nil
 	}
 
 	if b.Logger().IsDebug() {
@@ -110,7 +110,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("ldap bind failed", "error", err)
 		}
-		return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+		return nil, logical.ErrorResponse("ldap operation failed: failed to bind as user"), nil, nil
 	}
 
 	// We re-bind to the BindDN if it's defined because we assume
@@ -120,7 +120,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 			if b.Logger().IsDebug() {
 				b.Logger().Debug("error while attempting to re-bind with the BindDN User", "error", err)
 			}
-			return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+			return nil, logical.ErrorResponse("ldap operation failed: failed to re-bind with the BindDN user"), nil, nil
 		}
 		if b.Logger().IsDebug() {
 			b.Logger().Debug("re-bound to original binddn")
@@ -135,7 +135,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 	if cfg.AnonymousGroupSearch {
 		c, err = ldapClient.DialLDAP(cfg.ConfigEntry)
 		if err != nil {
-			return nil, logical.ErrorResponse("ldap operation failed"), nil, nil
+			return nil, logical.ErrorResponse("ldap operation failed: failed to connect to LDAP server"), nil, nil
 		}
 		defer c.Close() // Defer closing of this connection as the deferal above closes the other defined connection
 	}