k-space/dex
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

connector/ldap: Always set tls.Config.ServerName, to support LDAP servers with public CA certs.

Browse Source
This commit is contained in:
Chris Jones 2016-11-15 13:31:04 -07:00
parent a2b78c28fc
commit 384ac87deb
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
connector/ldap/ldap.go
View File

@ -212,7 +212,7 @@ func (c *Config) OpenConnector() (interface {
}
}
tlsConfig := new(tls.Config)
tlsConfig := &tls.Config{ServerName: host}
if c.RootCA != "" || len(c.RootCAData) != 0 {
data := c.RootCAData
if len(data) == 0 {
@ -226,9 +226,6 @@ func (c *Config) OpenConnector() (interface {
return nil, fmt.Errorf("ldap: no certs found in ca file")
}
tlsConfig.RootCAs = rootCAs
// NOTE(ericchiang): This was required for our internal LDAP server
// but might be because of an issue with our root CA.
tlsConfig.ServerName = host
}
userSearchScope, ok := parseScope(c.UserSearch.Scope)
if !ok {