From e65a4a8148ff955f6dc258c5f1571b5650cfe300 Mon Sep 17 00:00:00 2001
From: Christoph Haas <christoph.h@sprinternet.at>
Date: Wed, 21 Apr 2021 10:04:10 +0200
Subject: [PATCH] disable cert-check should also work for ldap via ssl (#12)

---
 internal/ldap/ldap.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/ldap/ldap.go b/internal/ldap/ldap.go
index 75ce72b..85b0bb5 100644
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@@ -16,14 +16,15 @@ type RawLdapData struct {
 }
 
 func Open(cfg *Config) (*ldap.Conn, error) {
-	conn, err := ldap.DialURL(cfg.URL)
+	tlsConfig := &tls.Config{InsecureSkipVerify: !cfg.CertValidation}
+	conn, err := ldap.DialURL(cfg.URL, ldap.DialWithTLSConfig(tlsConfig))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to connect to LDAP")
 	}
 
 	if cfg.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !cfg.CertValidation})
+		err = conn.StartTLS(tlsConfig)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to star TLS on connection")
 		}