diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
index 8e741b328..562cfe2f5 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@@ -127,6 +127,11 @@ class LDAP extends Base implements IAuthConnector
      */
     private $lastAuthProperties = array();
 
+    /**
+     * @var array internal list of LDAP errors 
+     */
+    private $lastAuthErrors = array();
+
     /**
      * close ldap handle if open
      */
@@ -194,7 +199,10 @@ class LDAP extends Base implements IAuthConnector
         $error_string = "";
         if ($this->ldapHandle !== false) {
             ldap_get_option($this->ldapHandle, LDAP_OPT_ERROR_STRING, $error_string);
-            syslog(LOG_ERR, sprintf($message . " [%s,%s]", $error_string, ldap_error($this->ldapHandle)));
+            $error_string = str_replace(array("\n","\r","\t"), ' ', $error_string);
+            syslog(LOG_ERR, sprintf($message . " [%s; %s]", $error_string, ldap_error($this->ldapHandle)));
+            $this->lastAuthErrors['error'] = $error_string;
+            $this->lastAuthErrors['ldap_error'] = ldap_error($this->ldapHandle);
         } else {
             syslog(LOG_ERR, $message);
         }
@@ -431,6 +439,7 @@ class LDAP extends Base implements IAuthConnector
         if ($this->ldapHandle !== false) {
             $searchResults = $this->search("(|(ou=*)(cn=Users))");
             if ($searchResults !== false) {
+                $this->logLdapError("LDAP containers search result count: " . $searchResults["count"]);
                 for ($i = 0; $i < $searchResults["count"]; $i++) {
                     $result[] = $searchResults[$i]['dn'];
                 }
@@ -451,6 +460,14 @@ class LDAP extends Base implements IAuthConnector
         return $this->lastAuthProperties;
     }
 
+    /**
+     * @return array of LDAP errors
+     */
+    public function getLastAuthErrors()
+    {
+        return $this->lastAuthErrors;
+    }
+
     /**
      * update user group policies when configured
      * @param string $username authenticated username
@@ -561,6 +578,8 @@ class LDAP extends Base implements IAuthConnector
                 if ($result !== false && count($result) > 0) {
                     $user_dn = $result[0]['dn'];
                     $ldap_is_connected = $this->connect($this->ldapBindURL, $result[0]['dn'], $password);
+                } else {
+                    $this->lastAuthErrors['error'] = "User DN not found";
                 }
             }
         }
diff --git a/src/www/diag_authentication.php b/src/www/diag_authentication.php
index 7a8bdb29d..549248d5e 100644
--- a/src/www/diag_authentication.php
+++ b/src/www/diag_authentication.php
@@ -73,6 +73,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         } else {
             $input_errors[] = gettext("Authentication failed.");
+            foreach ($authenticator->getLastAuthErrors() as $err_name => $err_value) {
+                if (is_array($err_value)) {
+                    $err_value = implode(",", $err_value);
+                }
+                $input_errors[] = "{$err_name}: {$err_value}";
+            }
         }
     }
 }
diff --git a/src/www/system_authservers.php b/src/www/system_authservers.php
index c16325e0e..b510f3255 100644
--- a/src/www/system_authservers.php
+++ b/src/www/system_authservers.php
@@ -449,15 +449,19 @@ $( document ).ready(function() {
             $.post('system_usermanager_settings_ldapacpicker.php', request_data, function(data) {
                 var tbl = $("<table/>");
                 var tbl_body = $("<tbody/>");
-                for (var i=0; i < data.length ; ++i) {
-                    var tr = $("<tr/>");
-                    tr.append($("<td/>").append(
-                        $("<input type='checkbox' class='ldap_item_select'>")
-                            .prop('checked', data[i].selected)
-                            .prop('value', data[i].value)
-                    ));
-                    tr.append($("<td/>").text(data[i].value));
-                    tbl_body.append(tr);
+                if (data.length > 0) {
+                    for (var i=0; i < data.length ; ++i) {
+                       var tr = $("<tr/>");
+                       tr.append($("<td/>").append(
+                           $("<input type='checkbox' class='ldap_item_select'>")
+                               .prop('checked', data[i].selected)
+                               .prop('value', data[i].value)
+                       ));
+                       tr.append($("<td/>").text(data[i].value));
+                       tbl_body.append(tr);
+                    }
+                } else {
+                    tbl_body.append("<tr><td><?=gettext("No results. Check General log for details"); ?></td></tr>");
                 }
                 tbl.append(tbl_body);
                 BootstrapDialog.show({
@@ -465,15 +469,19 @@ $( document ).ready(function() {
                   title: "<?=gettext("Please select which containers to Authenticate against:");?>",
                   message: tbl,
                   buttons: [{
-                            label: "<?= gettext("Close");?>",
+                            label: "<?= gettext("Save");?>",
+                            cssClass: 'btn-primary',
                             action: function(dialogRef) {
                                 var values = $(".ldap_item_select:checked").map(function(){
                                     return $(this).val();
                                 }).get().join(';');
                                 $("#ldapauthcontainers").val(values);
                                 dialogRef.close();
-                            }
-                        }]
+                            }}, {
+                            label: "<?= gettext("Cancel");?>",
+                            action: function(dialogRef) {
+                                dialogRef.close();
+                        }}]
                 });
             }, "json");
         }
@@ -688,8 +696,8 @@ endif; ?>
                     </ul>
                     <br/>
                     <div class="hidden" data-for="help_for_ldapauthcontainers">
-                        <br/><?= gettext('Semicolon-separated list of distinguished names optionally containing DC= components.') ?>
-                        <br/><?=gettext("Example:");?> OU=Freelancers,O=Company,DC=example,DC=com;CN=Users,OU=Staff,O=Company
+                        <br/><?= gettext('Semicolon-separated list of distinguished names containing DC= components.') ?>
+                        <br/><?=gettext("Example:");?> OU=Freelancers,O=Company,DC=example,DC=com;CN=Users,OU=Staff,O=Company,DC=example,DC=com
                     </div>
                   </td>
                 </tr>

").append( - $("") - .prop('checked', data[i].selected) - .prop('value', data[i].value) - )); - tr.append($("	").text(data[i].value)); - tbl_body.append(tr); + if (data.length > 0) { + for (var i=0; i < data.length ; ++i) { + var tr = $("
").append( + $("") + .prop('checked', data[i].selected) + .prop('value', data[i].value) + )); + tr.append($("	").text(data[i].value)); + tbl_body.append(tr); + } + } else { + tbl_body.append("