From f66f51019bf6aee2a56f179e754d028aec363645 Mon Sep 17 00:00:00 2001
From: Chris Mann <chris@lesgrandsvoisins.com>
Date: Sun, 23 Jul 2023 13:02:09 +0200
Subject: [PATCH] G Pas

---
 gpas.go   |  7 +++++--
 invite.go |  8 ++++++--
 utils.go  | 28 +++++++++++++++++++---------
 3 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/gpas.go b/gpas.go
index 1bf61e2..db301fc 100644
--- a/gpas.go
+++ b/gpas.go
@@ -84,8 +84,11 @@ func passwordLost(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
 }
 
 func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (bool, error) {
-	l := openLdap(config)
-	err := l.Bind(user.DN, user.Password)
+	l, err := openLdap(config)
+	if err != nil {
+		return false, err
+	}
+	err = l.Bind(user.DN, user.Password)
 	if err != nil {
 		return false, err
 	}
diff --git a/invite.go b/invite.go
index aba1431..4a4a554 100644
--- a/invite.go
+++ b/invite.go
@@ -55,8 +55,12 @@ type PasswordLostData struct {
 }
 
 func openNewUserLdap(config *ConfigFile) (*ldap.Conn, error) {
-	l := openLdap(config)
-	err := l.Bind(config.NewUserDN, config.NewUserPassword)
+	l, err := openLdap(config)
+	if err != nil {
+		log.Printf(fmt.Sprintf("openNewUserLdap : %v %v", err, l))
+		// data.ErrorMessage = err.Error()
+	}
+	err = l.Bind(config.NewUserDN, config.NewUserPassword)
 	if err != nil {
 		log.Printf(fmt.Sprintf("openNewUserLdap : %v %v", err, l))
 		// data.ErrorMessage = err.Error()
diff --git a/utils.go b/utils.go
index 1511694..379db53 100644
--- a/utils.go
+++ b/utils.go
@@ -1,8 +1,8 @@
 package main
 
 import (
-	"fmt"
-	"log"
+	"crypto/tls"
+	"net"
 
 	"math/rand"
 
@@ -10,15 +10,25 @@ import (
 	// "golang.org/x/text/encoding/unicode"
 )
 
-func openLdap(config *ConfigFile) *ldap.Conn {
-	l, err := ldap.DialURL(config.LdapServerAddr)
-	if err != nil {
-		log.Printf(fmt.Sprint("Erreur connect LDAP %v", err))
-		log.Printf(fmt.Sprint("Erreur connect LDAP %v", config.LdapServerAddr))
-		return nil
+func openLdap(config *ConfigFile) (*ldap.Conn, error) {
+	if config.LdapTLS {
+		tlsConf := &tls.Config{
+			ServerName:         config.LdapServerAddr,
+			InsecureSkipVerify: true,
+		}
+		return ldap.DialTLS("tcp", net.JoinHostPort(config.LdapServerAddr, "636"), tlsConf)
 	} else {
-		return l
+		return ldap.DialURL("ldap://" + config.LdapServerAddr)
 	}
+
+	// l, err := ldap.DialURL(config.LdapServerAddr)
+	// if err != nil {
+	// 	log.Printf(fmt.Sprint("Erreur connect LDAP %v", err))
+	// 	log.Printf(fmt.Sprint("Erreur connect LDAP %v", config.LdapServerAddr))
+	// 	return nil
+	// } else {
+	// 	return l
+	// }
 }
 
 func suggestPassword() string {