Merge pull request #580 from Litrop/master

Clone tlsCfg with ServerName because ServerName is needed by StartTLS
foxcpp · May 4, 2023 · 13a210f · 13a210f
2 parents f5def9c + 6401870
commit 13a210f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/internal/auth/ldap/ldap.go b/internal/auth/ldap/ldap.go
@@ -147,8 +147,8 @@ func (a *Auth) newConn() (*ldap.Conn, error) {
 			return nil, fmt.Errorf("auth.ldap: invalid server URL: %w", err)
 		}
 		hostname := parsedURL.Host
+		a.tlsCfg.ServerName = strings.Split(hostname, ":")[0]
 		tlsCfg = a.tlsCfg.Clone()
-		a.tlsCfg.ServerName = hostname
 
 		conn, err = ldap.DialURL(u, ldap.DialWithDialer(a.dialer), ldap.DialWithTLSConfig(tlsCfg))
 		if err != nil {