From e6bca3ac8fdf9e34ce618ad7f51689ab74be42b2 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Mon, 16 Mar 2026 17:07:41 +0700
Subject: [PATCH] fix(ldap): split ambiguous error messages in SearchDN and
 GetEntry

Distinguish between "not found" and "multiple entries found" instead of
the generic "User does not exist or too many entries returned", making
it easier to diagnose issues in logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 ldap.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/ldap.go b/ldap.go
index 0f7ad15..c9e6b25 100644
--- a/ldap.go
+++ b/ldap.go
@@ -4,7 +4,6 @@ import (
 	"crypto/rand"
 	"crypto/tls"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -99,8 +98,11 @@ func (l LDAPConn) SearchDN(username string, person bool) (string, error) {
 		return "", err
 	}
 
-	if len(sr.Entries) != 1 {
-		return "", errors.New("User does not exist or too many entries returned")
+	if len(sr.Entries) == 0 {
+		return "", fmt.Errorf("user %q not found", username)
+	}
+	if len(sr.Entries) > 1 {
+		return "", fmt.Errorf("multiple entries (%d) found for user %q", len(sr.Entries), username)
 	}
 
 	return sr.Entries[0].DN, nil
@@ -118,8 +120,11 @@ func (l LDAPConn) GetEntry(dn string) ([]*ldap.EntryAttribute, error) {
 		return nil, err
 	}
 
-	if len(sr.Entries) != 1 {
-		return nil, errors.New("User does not exist or too many entries returned")
+	if len(sr.Entries) == 0 {
+		return nil, fmt.Errorf("entry not found for DN %q", dn)
+	}
+	if len(sr.Entries) > 1 {
+		return nil, fmt.Errorf("multiple entries (%d) found for DN %q", len(sr.Entries), dn)
 	}
 
 	return sr.Entries[0].Attributes, nil