From 0523e6777d7115432376aefeb96238589d62e610 Mon Sep 17 00:00:00 2001
From: aleiphoenix <aleiphoenix@gmail.com>
Date: Tue, 3 Nov 2020 12:36:34 +0800
Subject: [PATCH] use DialTLS instead of StartTLS on ldap.Conn

---
 pkg/ldap/connection.go | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/pkg/ldap/connection.go b/pkg/ldap/connection.go
index f449225..36810b3 100644
--- a/pkg/ldap/connection.go
+++ b/pkg/ldap/connection.go
@@ -22,27 +22,20 @@ var conn *ldap.Conn
 func ldapConnection() (err error) {
 	var ldapConn = fmt.Sprintf("%v:%v", viper.GetString("settings.ldap.host"), viper.GetString("settings.ldap.port"))
 
-	conn, err = ldap.Dial(
-		"tcp",
-		ldapConn,
-	)
+	if viper.GetBool("settings.ldap.tls") {
+		tlsconf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		conn, err = ldap.DialTLS("tcp", ldapConn, tlsconf)
+	} else {
+		conn, err = ldap.Dial("tcp", ldapConn)
+	}
 	if err != nil {
 		err = errors.New(fmt.Sprintf("无法连接到ldap服务器，%v", err))
 		logger.Error(err)
 		return
 	}
 
-	if viper.GetBool("settings.ldap.tls") {
-		err = conn.StartTLS(&tls.Config{
-			InsecureSkipVerify: true,
-		})
-		if err != nil {
-			err = errors.New(fmt.Sprintf("升级到加密方式失败，%v", err))
-			logger.Error(err)
-			return
-		}
-	}
-
 	//设置超时时间
 	conn.SetTimeout(5 * time.Second)