I am extending an ldap (e-directory) authenticator to give specific
error codes related to the directory, ie (grace logins, unknown user,
wrong password, in a denied group, multiple uid's, login hours.....) to
help our users and help desk understand the exact problem with the auth
failure.

But, it seems that I can only have one deny_info per acl or
external_acl.

I was attempting the following (also have tried with an external_acl):

auth_param basic program /etc/squid/dirauth
acl Allowed proxy_auth REQUIRED

deny_info CUSTOM_ERR_USER_NONEXIST Allowed
deny_info CUSTOM_ERR_USER_DENIED Allowed
deny_info CUSTOM_ERR_MULTIPLE_UIDS Allowed
deny_info CUSTOM_ERR_GRACE_LOGINS Allowed

I get the custom error page CUSTOM_ERR_USER_NONEXIST, when any ERR
error= is sent.

Is there any way that I can get multiple error codes out of an acl or
external_acl with a deny_info? Or am I doing something wrong?

Is there another way?

Thanks,
J.J. Scott