fix(ldap): exiting by peer exception occurred during the TLS connection(#5977)

server/handles/ldap_login.go

@@ -50,31 +50,13 @@ func loginLdap(c *gin.Context, req *LoginReq) {
 	ldapUserSearchBase := setting.GetStr(conf.LdapUserSearchBase)
 	ldapUserSearchFilter := setting.GetStr(conf.LdapUserSearchFilter) // (uid=%s)
 
-	var tlsEnabled bool = false
+	// Connect to LdapServer
-	if strings.HasPrefix(ldapServer, "ldaps://") {
+	l, err := dial(ldapServer)
-		tlsEnabled = true
-		ldapServer = strings.TrimPrefix(ldapServer, "ldaps://")
-	} else if strings.HasPrefix(ldapServer, "ldap://") {
-		ldapServer = strings.TrimPrefix(ldapServer, "ldap://")
-	}
-
-	l, err := ldap.Dial("tcp", ldapServer)
 	if err != nil {
 		utils.Log.Errorf("failed to connect to LDAP: %v", err)
 		common.ErrorResp(c, err, 500)
 		return
 	}
-	defer l.Close()
-
-	if tlsEnabled {
-		// Reconnect with TLS
-		err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			utils.Log.Errorf("failed to start tls: %v", err)
-			common.ErrorResp(c, err, 500)
-			return
-		}
-	}
 
 	// First bind with a read only user
 	if ldapManagerDN != "" && ldapManagerPassword != "" {
@@ -157,3 +139,19 @@ func ladpRegister(username string) (*model.User, error) {
 	}
 	return user, nil
 }
+
+func dial(ldapServer string) (*ldap.Conn, error) {
+	var tlsEnabled bool = false
+	if strings.HasPrefix(ldapServer, "ldaps://") {
+		tlsEnabled = true
+		ldapServer = strings.TrimPrefix(ldapServer, "ldaps://")
+	} else if strings.HasPrefix(ldapServer, "ldap://") {
+		ldapServer = strings.TrimPrefix(ldapServer, "ldap://")
+	}
+
+	if tlsEnabled {
+		return ldap.DialTLS("tcp", ldapServer, &tls.Config{InsecureSkipVerify: true})
+	} else {
+		return ldap.Dial("tcp", ldapServer)
+	}
+}