From 5a86eb872b3f4aee6a32bb4e1f967a390de0fb21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=A6Ltorio?= <aeltorio@universidadatlantico.org>
Date: Sun, 1 Sep 2024 18:43:23 +0200
Subject: [PATCH] chore: Update appVersion to 1.2.1 in Chart.yaml and add TLS
 support for LDAP connection

---
 helm/nginx-ad-auth/Chart.yaml | 2 +-
 nginx-ad-auth-go.go           | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/helm/nginx-ad-auth/Chart.yaml b/helm/nginx-ad-auth/Chart.yaml
index a892d94..1ecae6f 100644
--- a/helm/nginx-ad-auth/Chart.yaml
+++ b/helm/nginx-ad-auth/Chart.yaml
@@ -5,5 +5,5 @@ apiVersion: v2
 name: nginx-ad-auth
 description: A Helm chart for deploying nginx-ad-auth
 version: 0.1.0
-appVersion: "1.0.0"
+appVersion: "1.2.1"
 icon: https://avatars.githubusercontent.com/u/165936401?v=4
\ No newline at end of file
diff --git a/nginx-ad-auth-go.go b/nginx-ad-auth-go.go
index d289a0f..08955b4 100644
--- a/nginx-ad-auth-go.go
+++ b/nginx-ad-auth-go.go
@@ -3,6 +3,7 @@
 package main
 
 import (
+	"crypto/tls"
 	_ "embed"
 	"flag"
 	"fmt"
@@ -161,8 +162,16 @@ func authenticateUser(username, password string) (bool, error) {
 	}
 	defer l.Close()
 
+	// Reconnect with TLS
+	err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
+	if err != nil {
+		// If the server does not support StartTLS, return an error
+		return false, fmt.Errorf("failed to start TLS: %w", err)
+	}
+
 	err = l.Bind(fmt.Sprintf("%s\\%s", adDomain, username), password)
 	if err != nil {
+		log.Printf("Failed to bind to LDAP: %v", err)
 		return false, nil
 	}