configurable cert-check for the ldap auth provider (#12)

2025-02-26 05:49:14 +00:00 · 2021-04-21 11:07:16 +02:00 · 2021-04-21 11:07:16 +02:00 · 7042523c54
commit 7042523c54
parent e65a4a8148
1 changed files with 3 additions and 2 deletions
--- a/internal/authentication/providers/ldap/provider.go
+++ b/internal/authentication/providers/ldap/provider.go
@ -175,14 +175,15 @@ func (provider Provider) GetUserModel(ctx *authentication.AuthContext) (*authent
 }

 func (provider Provider) open() (*ldap.Conn, error) {
-	conn, err := ldap.DialURL(provider.config.URL)
+	tlsConfig := &tls.Config{InsecureSkipVerify: !provider.config.CertValidation}
+	conn, err := ldap.DialURL(provider.config.URL, ldap.DialWithTLSConfig(tlsConfig))
 	if err != nil {
 		return nil, err
 	}

 	if provider.config.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !provider.config.CertValidation})
+		err = conn.StartTLS(tlsConfig)
 		if err != nil {
 			return nil, err
 		}