Vault 27392 log ldap warning - remove from warning from response (#29134)

* log ldap warnings instead of returning them to end user * add cl * code review * Update changelog/29134.txt Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update changelog/29134.txt Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * fix test --------- Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2025-10-31 10:37:56 +00:00 · 2025-01-07 16:51:15 -05:00
parent 035b7e6d8e
commit f18801693b
3 changed files with 5 additions and 4 deletions
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -121,14 +121,12 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
 		if b.Logger().IsDebug() {
 			b.Logger().Debug(errString)
 		}
-		ldapResponse.AddWarning(errString)
 	}

 	for _, warning := range c.Warnings {
 		if b.Logger().IsDebug() {
 			b.Logger().Debug(string(warning))
 		}
-		ldapResponse.AddWarning(string(warning))
 	}

 	var allGroups []string
--- a/builtin/credential/ldap/backend_test.go
+++ b/builtin/credential/ldap/backend_test.go
@@ -1183,8 +1183,8 @@ func testAccStepLoginNoGroupDN(t *testing.T, user string, pass string) logicalte

 		// Verifies a search without defined GroupDN returns a warning rather than failing
 		Check: func(resp *logical.Response) error {
-			if len(resp.Warnings) != 1 {
-				return fmt.Errorf("expected a warning due to no group dn, got: %#v", resp.Warnings)
+			if len(resp.Warnings) != 0 {
+				return fmt.Errorf("expected a no warnings, got: %#v", resp.Warnings)
 			}

 			return logicaltest.TestCheckAuth([]string{"bar", "default"})(resp)
--- a/changelog/29134.txt
+++ b/changelog/29134.txt
@@ -0,0 +1,3 @@
+```release-note:change
+auth/ldap: No longer return authentication warnings to client.
+```