From dad5a17d3695dfa7003df0a0756d266678aec10f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Beno=C3=AEt?= <tseeker@nocternity.net>
Date: Sun, 5 Dec 2021 17:21:52 +0100
Subject: [PATCH] Configuration - Fixed tls_skip_verify

---
 config.go | 6 ++++--
 ldap.go   | 5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/config.go b/config.go
index bac8fe5..a114c5f 100644
--- a/config.go
+++ b/config.go
@@ -30,7 +30,7 @@ type (
 	tLdapConnectionConfig struct {
 		Port         uint16 `yaml:"port"`
 		TLS          string `yaml:"tls"`
-		TLSNoVerify  bool   `yaml:"tls_skip_verify"`
+		TLSNoVerify  *bool  `yaml:"tls_skip_verify"`
 		CaChain      string `yaml:"ca_chain"`
 		BindUser     string `yaml:"bind_user"`
 		BindPassword string `yaml:"bind_password"`
@@ -168,7 +168,9 @@ func (c *tLdapServerConfig) ApplyDefaults(dft tLdapConnectionConfig) {
 	if c.TLS == "" {
 		c.TLS = dft.TLS
 	}
-	// FIXME: I have no clue how I should handle TLSNoVerify
+	if c.TLSNoVerify == nil {
+		c.TLSNoVerify = dft.TLSNoVerify
+	}
 	if c.CaChain == "" {
 		c.CaChain = dft.CaChain
 	}
diff --git a/ldap.go b/ldap.go
index da74b60..e21da6a 100644
--- a/ldap.go
+++ b/ldap.go
@@ -62,8 +62,9 @@ func getLdapServerConnection(cfg tLdapConfig, server int) *tLdapConn {
 	})
 	log.Trace("Establishing LDAP connection")
 
-	tlsConfig := &tls.Config{
-		InsecureSkipVerify: scfg.TLSNoVerify,
+	tlsConfig := &tls.Config{}
+	if scfg.TLSNoVerify != nil {
+		tlsConfig.InsecureSkipVerify = *scfg.TLSNoVerify
 	}
 	if scfg.TLS != "no" && scfg.CaChain != "" {
 		log := log.WithField("cachain", scfg.CaChain)