Providing a custom UnknownUsername message with a ldap directAuthenticator

[Cantor, Scott]

> In passing, I've also realised that the logic in our login-error.vm is also failing
> to deal with the fact that we have multiple validators that can return
> classified errors.

That logic generally often has to be fine tuned.

> We're just using getClassifiedErrors().iterator().next() as per the sample so
> presumably are only looking at the first error.

That was part of the bug. Among other things, it wasn't ordered, now it is. So the "last" one added will be consistently accessible.

-- Scott