Vault 27392 log ldap warning - remove from warning from response (#29134)

* log ldap warnings instead of returning them to end user

* add cl

* code review

* Update changelog/29134.txt

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update changelog/29134.txt

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* fix test

---------

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

builtin/credential/ldap/backend.go

@@ -121,14 +121,12 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug(errString)
 		}
-		ldapResponse.AddWarning(errString)
 	}
 
 	for _, warning := range c.Warnings {
 		if b.Logger().IsDebug() {
 			b.Logger().Debug(string(warning))
 		}
-		ldapResponse.AddWarning(string(warning))
 	}
 
 	var allGroups []string

builtin/credential/ldap/backend_test.go

@@ -1183,8 +1183,8 @@ func testAccStepLoginNoGroupDN(t *testing.T, user string, pass string) logicalte
 
 		// Verifies a search without defined GroupDN returns a warning rather than failing
 		Check: func(resp *logical.Response) error {
-			if len(resp.Warnings) != 1 {
-				return fmt.Errorf("expected a warning due to no group dn, got: %#v", resp.Warnings)
+			if len(resp.Warnings) != 0 {
+				return fmt.Errorf("expected a no warnings, got: %#v", resp.Warnings)
 			}
 
 			return logicaltest.TestCheckAuth([]string{"bar", "default"})(resp)

changelog/29134.txt

@@ -0,0 +1,3 @@
+```release-note:change
+auth/ldap: No longer return authentication warnings to client.
+```