use DialTLS instead of StartTLS on ldap.Conn

2020-11-03 12:36:34 +08:00 · 2020-11-03 12:36:34 +08:00 · 0523e6777d
commit 0523e6777d
parent a85e11574d
1 changed files with 8 additions and 15 deletions
--- a/pkg/ldap/connection.go
+++ b/pkg/ldap/connection.go
@ -22,27 +22,20 @@ var conn *ldap.Conn
 func ldapConnection() (err error) {
 	var ldapConn = fmt.Sprintf("%v:%v", viper.GetString("settings.ldap.host"), viper.GetString("settings.ldap.port"))

-	conn, err = ldap.Dial(
-		"tcp",
-		ldapConn,
-	)
+	if viper.GetBool("settings.ldap.tls") {
+		tlsconf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		conn, err = ldap.DialTLS("tcp", ldapConn, tlsconf)
+	} else {
+		conn, err = ldap.Dial("tcp", ldapConn)
+	}
 	if err != nil {
 		err = errors.New(fmt.Sprintf("无法连接到ldap服务器，%v", err))
 		logger.Error(err)
 		return
 	}

-	if viper.GetBool("settings.ldap.tls") {
-		err = conn.StartTLS(&tls.Config{
-			InsecureSkipVerify: true,
-		})
-		if err != nil {
-			err = errors.New(fmt.Sprintf("升级到加密方式失败，%v", err))
-			logger.Error(err)
-			return
-		}
-	}
-
 	//设置超时时间
 	conn.SetTimeout(5 * time.Second)