From ca89f12be644ea155d5d56d020a82e26bcfd78d6 Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Tue, 24 Mar 2020 12:56:43 +0100 Subject: [PATCH] lib/api: Set ServerName on LDAPS connections (fixes #6450) (#6451) tls.Dial needs it for certificate verification. --- lib/api/api_auth.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/api/api_auth.go b/lib/api/api_auth.go index 9d4607918..9f68f38d7 100644 --- a/lib/api/api_auth.go +++ b/lib/api/api_auth.go @@ -11,6 +11,7 @@ import ( "crypto/tls" "encoding/base64" "fmt" + "net" "net/http" "strings" "time" @@ -130,10 +131,16 @@ func authStatic(username string, password string, configUser string, configPassw func authLDAP(username string, password string, cfg config.LDAPConfiguration) bool { address := cfg.Address + hostname, _, err := net.SplitHostPort(address) + if err != nil { + hostname = address + } var connection *ldap.Conn - var err error if cfg.Transport == config.LDAPTransportTLS { - connection, err = ldap.DialTLS("tcp", address, &tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify}) + connection, err = ldap.DialTLS("tcp", address, &tls.Config{ + ServerName: hostname, + InsecureSkipVerify: cfg.InsecureSkipVerify, + }) } else { connection, err = ldap.Dial("tcp", address) }