vesse
commented
9 years ago I don't feel comfortable with this because because if err is not handled properly by caller they could eg. accidentally allow login with incorrect password. In addition I think the value is not usually returned in case there was an error.
cvillemure
If you bind to a non compliant LDAP directory, a bind attempt to a locked account return an error 49 (InvalidCredentials) instead of a constraint violation error. By returning the user object even on error, this allows the caller to inspect user's attribute to further debug the bind error. This will be usefull in our implementation of passport-ldapauth