diff --git a/http-utils.go b/http-utils.go
index 04b5fc2..832996f 100644
--- a/http-utils.go
+++ b/http-utils.go
@@ -6,8 +6,8 @@ package main
 
 import (
 	"crypto/tls"
-	"fmt"
 	"log"
+	"net"
 	"net/http"
 
 	"github.com/go-ldap/ldap/v3"
@@ -20,21 +20,22 @@ func logRequest(handler http.Handler) http.Handler {
 	})
 }
 
-func ldapOpen(w http.ResponseWriter) *ldap.Conn {
-	l, err := ldap.DialURL(config.LdapServerAddr)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		log.Printf(fmt.Sprintf("27: %v %v", err, l))
-		return nil
-	}
-
+func ldapOpen(w http.ResponseWriter) (*ldap.Conn, error) {
 	if config.LdapTLS {
-		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return nil
+		tlsConf := &tls.Config{
+			ServerName:         config.LdapServerAddr,
+			InsecureSkipVerify: true,
 		}
+		return ldap.DialTLS("tcp", net.JoinHostPort(config.LdapServerAddr, "636"), tlsConf)
+	} else {
+		return ldap.DialURL("ldap://" + config.LdapServerAddr)
 	}
 
-	return l
+	// if err != nil {
+	// 	http.Error(w, err.Error(), http.StatusInternalServerError)
+	// 	log.Printf(fmt.Sprintf("27: %v %v", err, l))
+	// 	return nil
+	// }
+
+	// return l
 }
diff --git a/invite.go b/invite.go
index 867a8e7..04c1a0b 100644
--- a/invite.go
+++ b/invite.go
@@ -39,7 +39,7 @@ func checkInviterLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 // New account creation directly from interface
 
 func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) {
-	l := ldapOpen(w)
+	l, err := ldapOpen(w)
 	l.Bind(config.NewUserDN, config.NewUserPassword)
 
 	// login := checkInviterLogin(w, r)
diff --git a/login.go b/login.go
index 3a417fa..5352300 100644
--- a/login.go
+++ b/login.go
@@ -62,7 +62,7 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 		}
 	}
 
-	l := ldapOpen(w)
+	l, err := ldapOpen(w)
 	if l == nil {
 		return nil
 	}
@@ -236,10 +236,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
 }
 
 func doLogin(w http.ResponseWriter, r *http.Request, username string, user_dn string, password string) (*LoginInfo, error) {
-	l := ldapOpen(w)
-	if l == nil {
-		return nil, nil
-	}
+	l, _ := ldapOpen(w)
 
 	err := l.Bind(user_dn, password)
 	if err != nil {