[OPENDJ-5798] Allow a customizable Bind Message when ds-cfg-return-bind-error-messages: true is set Created: 06/Dec/18  Updated: 08/Nov/19  Resolved: 10/Jan/19

Status: Done
Project: OpenDJ
Component/s: config, core apis, core server, security
Affects Version/s: 7.0.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Lee Trujillo Assignee: Ludovic Poitou
Resolution: Won't Fix Votes: 0
Labels: None

Story Points: 0
Support Ticket IDs:

 Description   

The DS configuration should allow for a customizable BIND message when ds-cfg-return-bind-error-messages: true is set.

Currently we only allow

{"code":401,"reason":"Unauthorized","message":"Authentication Failed","

This would allow the BIND message to match that of other products allowing for ease of application transitioning.

An example of a customizable message from DSEE would be.

{"code":401,"reason":"Unauthorized","message":"Exceed Password Retry Limits in DS - Constraint Violation"} 


 Comments   
Comment by Ludovic Poitou [ 10/Jan/19 ]

Closing as will not fix.
The current message is explicitly not giving any details about the reason as it would leak information about the presence of the user account.
There is already a flag (global config param return-bind-error-messages) to provide the same detailed information that we log in files, to the client application; and this flag is off by default for the reason above. In no way, we can make the error message customisable to return the same string as some other proprietary product. This is not a sustainable feature.

Generated at Tue Oct 20 02:23:52 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.