From f5f9c098b705b929be68d6ee9741ef81c02a394d Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Sat, 2 Apr 2016 13:33:00 -0400
Subject: [PATCH] Some fixups around error/warning in LDAP

---
 builtin/credential/ldap/backend.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index b4517b46f0..ad29bd5a5b 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -180,7 +180,7 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 			allgroups = append(allgroups, gname)
 		}
 	} else {
-		resp.AddWarning("No group DN configured; only policies from locally-defined groups added")
+		resp.AddWarning("no group DN configured; only policies from locally-defined groups available")
 	}
 
 	for _, gname := range allgroups {
@@ -191,7 +191,12 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 	}
 
 	if len(policies) == 0 {
-		resp.Data["error"] = "user is not a member of any authorized group"
+		errStr := "user is not a member of any authorized group"
+		if len(resp.Warnings()) > 0 {
+			errStr = fmt.Sprintf("%s; additionally, %s", errStr, resp.Warnings()[0])
+		}
+
+		resp.Data["error"] = errStr
 		return nil, resp, nil
 	}