From 2f6dd6f1027547cc4ec3ade63fb85527a29fd981 Mon Sep 17 00:00:00 2001
From: Tan Jiang <jiangd@vmware.com>
Date: Wed, 26 Apr 2017 14:05:06 +0800
Subject: [PATCH] do not return error when ldap bind failed

---
 src/ui/auth/ldap/ldap.go      | 3 ++-
 src/ui/auth/ldap/ldap_test.go | 9 ++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/ui/auth/ldap/ldap.go b/src/ui/auth/ldap/ldap.go
index b1fd9883a..16f8cb48b 100644
--- a/src/ui/auth/ldap/ldap.go
+++ b/src/ui/auth/ldap/ldap.go
@@ -79,7 +79,8 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 
 	log.Debugf("username: %s, dn: %s", u.Username, dn)
 	if err := ldapUtils.Bind(ldapConfs, dn, m.Password); err != nil {
-		return nil, fmt.Errorf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
+		log.Warningf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
+		return nil, nil
 	}
 	exist, err := dao.UserExists(u, "username")
 	if err != nil {
diff --git a/src/ui/auth/ldap/ldap_test.go b/src/ui/auth/ldap/ldap_test.go
index 5557ddb97..e979c9d11 100644
--- a/src/ui/auth/ldap/ldap_test.go
+++ b/src/ui/auth/ldap/ldap_test.go
@@ -124,8 +124,11 @@ func TestAuthenticate(t *testing.T) {
 	}
 	person.Principal = "test"
 	person.Password = "1"
-	_, err = auth.Authenticate(person)
-	if err == nil {
-		t.Errorf("Expected error for wrong password")
+	user, err = auth.Authenticate(person)
+	if err != nil {
+		t.Errorf("unexpected ldap error: %v", err)
+	}
+	if user != nil {
+		t.Errorf("Nil user expected for wrong password")
 	}
 }