From ca89f12be644ea155d5d56d020a82e26bcfd78d6 Mon Sep 17 00:00:00 2001
From: Jakob Borg <jakob@kastelo.net>
Date: Tue, 24 Mar 2020 12:56:43 +0100
Subject: [PATCH] lib/api: Set ServerName on LDAPS connections (fixes #6450)
 (#6451)

tls.Dial needs it for certificate verification.
---
 lib/api/api_auth.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/api/api_auth.go b/lib/api/api_auth.go
index 9d4607918..9f68f38d7 100644
--- a/lib/api/api_auth.go
+++ b/lib/api/api_auth.go
@@ -11,6 +11,7 @@ import (
 	"crypto/tls"
 	"encoding/base64"
 	"fmt"
+	"net"
 	"net/http"
 	"strings"
 	"time"
@@ -130,10 +131,16 @@ func authStatic(username string, password string, configUser string, configPassw
 
 func authLDAP(username string, password string, cfg config.LDAPConfiguration) bool {
 	address := cfg.Address
+	hostname, _, err := net.SplitHostPort(address)
+	if err != nil {
+		hostname = address
+	}
 	var connection *ldap.Conn
-	var err error
 	if cfg.Transport == config.LDAPTransportTLS {
-		connection, err = ldap.DialTLS("tcp", address, &tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify})
+		connection, err = ldap.DialTLS("tcp", address, &tls.Config{
+			ServerName:         hostname,
+			InsecureSkipVerify: cfg.InsecureSkipVerify,
+		})
 	} else {
 		connection, err = ldap.Dial("tcp", address)
 	}