Method org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin() catches any exception and raises a new LoginException
However in case something is wrong with the LDAP configuration (e.g. wrong SSL certificates) the root cause will be lost as e.getMessage() only returns a fairly generic message, like
whereas the root cause really is
We should somehow ensure this root cause is getting logged as well.
Unfortunately the call stack to calling LDAPLoginModule.doLogin() includes the javax.security.auth.login.LoginContext which completely swallows the original LoginException raised in doLogin(). It only re-raises a very generic LoginException with the message:
The original exception message is lost.
So there is no point in wrapping the root cause exception message in the LoginException to be thrown by LDAPLoginModule.doLogin().
Instead I suggest to log the root cause in doLogin() as a warning as in the attached patch.