From f898bdaf2d08682d462c5935ab93ca9820e18cba Mon Sep 17 00:00:00 2001 From: kolaente Date: Mon, 27 Jan 2025 15:30:20 +0100 Subject: [PATCH] feat(auth): use config variable to check if we should verify tls --- pkg/modules/auth/ldap/ldap.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/modules/auth/ldap/ldap.go b/pkg/modules/auth/ldap/ldap.go index 69570b7fe..c4c1828ac 100644 --- a/pkg/modules/auth/ldap/ldap.go +++ b/pkg/modules/auth/ldap/ldap.go @@ -17,6 +17,7 @@ package ldap import ( + "crypto/tls" "fmt" "strings" @@ -71,7 +72,16 @@ func ConnectAndBindToLDAPDirectory() (l *ldap.Conn, err error) { config.AuthLdapHost.GetString(), config.AuthLdapPort.GetInt(), ) - l, err = ldap.DialURL(url) + + opts := []ldap.DialOpt{} + if config.AuthLdapUseTLS.GetBool() { + // #nosec G402 + opts = append(opts, ldap.DialWithTLSConfig(&tls.Config{ + InsecureSkipVerify: !config.AuthLdapVerifyTLS.GetBool(), + })) + } + + l, err = ldap.DialURL(url, opts...) if err != nil { log.Fatalf("Could not connect to LDAP server: %s", err) }