fix: do not make TLS strict based on serverName (#13372)

LDAP TLS dialer shouldn't be strict with ServerName, there
maybe many certs talking to common DNS endpoint it is
better to allow Dialer to choose appropriate public cert.
This commit is contained in:
Harshavardhana 2021-10-06 14:19:32 -07:00 committed by GitHub
parent 421160631a
commit cb2c2905c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -319,9 +319,8 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
return nil, errors.New("LDAP is not configured")
}
serverHost, _, err := net.SplitHostPort(l.ServerAddr)
_, _, err = net.SplitHostPort(l.ServerAddr)
if err != nil {
serverHost = l.ServerAddr
// User default LDAP port if none specified "636"
l.ServerAddr = net.JoinHostPort(l.ServerAddr, "636")
}
@ -333,7 +332,6 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
tlsConfig := &tls.Config{
InsecureSkipVerify: l.tlsSkipVerify,
RootCAs: l.rootCAs,
ServerName: serverHost,
}
if l.serverStartTLS {