Merge pull request #48 from wiltonsr/improve-conn

Improve connections

examples/conf-from-tls-toml-file.yml

@@ -0,0 +1,40 @@
+version: "3.3"
+
+services:
+
+  traefik:
+    # build:
+    #   context: .
+    image: traefik:v2.10.0
+    container_name: "traefik"
+    command:
+      #- "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--entrypoints.web.address=:80"
+      # Load ldapAuth from local private plugins format ===============================#
+      # https://github.com/traefik/traefik/pull/8224                                   #
+      # "A plugin must be declared in the static configuration"                        #
+      # https://doc.traefik.io/traefik-pilot/plugins/overview/#installing-plugins      #
+      - "--experimental.localPlugins.ldapAuth.moduleName=github.com/wiltonsr/ldapAuth" #
+      # ===============================================================================#
+      # Load ldapAuth Dynamic conf from file ==========================================#
+      # https://doc.traefik.io/traefik/providers/file/#filename                        #
+      - "--providers.file.filename=/dynamic-conf/ldapAuth-tls-conf.toml"                   #
+      # ===============================================================================#
+    ports:
+      - "80:80"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "../../ldapAuth:/plugins-local/src/github.com/wiltonsr/ldapAuth:ro"
+      - "./dynamic-conf/ldapAuth-tls-conf.toml:/dynamic-conf/ldapAuth-tls-conf.toml:ro"
+
+  whoami:
+    image: "traefik/whoami"
+    container_name: "whoami"
+    labels:
+      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
+      - "traefik.http.routers.whoami.entrypoints=web"
+      # Enable LDAP Auth Middleware defined in ldapAuth-tls-conf.toml
+      - "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"

examples/conf-from-tls-yml-file.yml

@@ -0,0 +1,40 @@
+version: "3.3"
+
+services:
+
+  traefik:
+    # build:
+    #   context: .
+    image: traefik:v2.10.0
+    container_name: "traefik"
+    command:
+      #- "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--entrypoints.web.address=:80"
+      # Load ldapAuth from local private plugins format ===============================#
+      # https://github.com/traefik/traefik/pull/8224                                   #
+      # "A plugin must be declared in the static configuration"                        #
+      # https://doc.traefik.io/traefik-pilot/plugins/overview/#installing-plugins      #
+      - "--experimental.localPlugins.ldapAuth.moduleName=github.com/wiltonsr/ldapAuth" #
+      # ===============================================================================#
+      # Load ldapAuth Dynamic conf from file ==========================================#
+      # https://doc.traefik.io/traefik/providers/file/#filename                        #
+      - "--providers.file.filename=/dynamic-conf/ldapAuth-tls-conf.yml"                    #
+      # ===============================================================================#
+    ports:
+      - "80:80"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "../../ldapAuth:/plugins-local/src/github.com/wiltonsr/ldapAuth:ro"
+      - "./dynamic-conf/ldapAuth-tls-conf.yml:/dynamic-conf/ldapAuth-tls-conf.yml:ro"
+
+  whoami:
+    image: "traefik/whoami"
+    container_name: "whoami"
+    labels:
+      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
+      - "traefik.http.routers.whoami.entrypoints=web"
+      # Enable LDAP Auth Middleware defined in ldapAuth-tls-conf.yml
+      - "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"

examples/conf-from-toml-file.yml

@@ -36,5 +36,5 @@ services:
     labels:
       - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
       - "traefik.http.routers.whoami.entrypoints=web"
-      # Enable LDAP Auth Middleware defined in ldapAuth-conf.yml
+      # Enable LDAP Auth Middleware defined in ldapAuth-conf.toml
       - "traefik.http.routers.whoami.middlewares=my-ldapAuth@file"

examples/dynamic-conf/ldapAuth-tls-conf.toml

@@ -0,0 +1,68 @@
+[http.middlewares]
+[http.middlewares.my-ldapAuth.plugin.ldapAuth]
+Attribute = "uid"
+BaseDN = "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
+Enabled = true
+LogLevel = "DEBUG"
+Port = "636"
+Url = "ldaps://ipa.demo1.freeipa.org"
+CertificateAuthority = '''
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
+RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
+duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
+J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
+y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
++RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
+HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
+AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
+AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
+aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
+ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
+BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
+VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
+ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
+LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
+REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
+ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
+VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
+mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
+VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
+lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
+RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
+Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
+3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
+uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
+RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
+RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
++2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
+0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
+keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
+mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
+Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
+bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
+FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
+MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
+BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
+YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
+GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
+TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
+S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
+wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
+v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
+VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
+JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
+4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
+-----END CERTIFICATE-----
+'''

examples/dynamic-conf/ldapAuth-tls-conf.yml

@@ -0,0 +1,70 @@
+http:
+  middlewares:
+    my-ldapAuth:
+      plugin:
+        ldapAuth:
+          Enabled: true
+          LogLevel: "DEBUG"
+          Url: "ldaps://ipa.demo1.freeipa.org"
+          Port: 636
+          BaseDN: "cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org"
+          Attribute: "uid"
+          CertificateAuthority: |-
+            -----BEGIN CERTIFICATE-----
+            MIIFWzCCA8OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+            MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+            DTIzMDQyMDEzMzYxNFoXDTI1MDQyMDEzMzYxNFowPDEaMBgGA1UECgwRREVNTzEu
+            RlJFRUlQQS5PUkcxHjAcBgNVBAMMFWlwYS5kZW1vMS5mcmVlaXBhLm9yZzCCASIw
+            DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEzBE9i2gqOMM2HKyNnM7Ih5+mv
+            duVmE5D+5raJtqA1eNZkNrQmSaKwS9cnHGX+2/zSY1FDkZnIhGXySPf0/7fxCuG/
+            J9MvRlecGnJTWOCvPIVhkvd5PyTKkClmsk4ojx2IwCU6q2nvy0zvSxhhzd2UpOL6
+            y7fNtS3VBYYZjWNEv0K7F+pGtW40MauGDotsP1zQmyVW5J1IszDDlRgTLC6azdBs
+            +RP0vYCyKkgh1tpWLYfFnQhNVOlja79QcnlKdvnZu4sFdDSvOqext28mBJuCm8ib
+            HLnQQcxTqg2jMx8AW2zh9F8sMoEsn/mjDHI41oGGsHeZt3j5a8Ab7jtlz8MCAwEA
+            AaOCAeYwggHiMB8GA1UdIwQYMBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MEMGCCsG
+            AQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kZW1vMS5mcmVl
+            aXBhLm9yZy9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEF
+            BQcDAQYIKwYBBQUHAwIwfAYDVR0fBHUwczBxoDmgN4Y1aHR0cDovL2lwYS1jYS5k
+            ZW1vMS5mcmVlaXBhLm9yZy9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAM
+            BgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYD
+            VR0OBBYEFGsje2irExO4AvvLW6jv2oEkrZfSMIGtBgNVHREEgaUwgaKCFWlwYS5k
+            ZW1vMS5mcmVlaXBhLm9yZ6A8BgorBgEEAYI3FAIDoC4MLGxkYXAvaXBhLmRlbW8x
+            LmZyZWVpcGEub3JnQERFTU8xLkZSRUVJUEEuT1JHoEsGBisGAQUCAqBBMD+gExsR
+            REVNTzEuRlJFRUlQQS5PUkehKDAmoAMCAQGhHzAdGwRsZGFwGxVpcGEuZGVtbzEu
+            ZnJlZWlwYS5vcmcwDQYJKoZIhvcNAQELBQADggGBADO5SovCVFoVJQOKxrePdh5y
+            VIQ45UQSjmfXT+FlzbzlX47ejpvdqDKDl0yj5JBUKtKxv3Mj6natUQAVnveRcXlo
+            mjzEOQsozCaWcCrtnIW8AOny78DjxnSdwPqd/TRV4r2/T2cRndd0GCg6LrQxEdTf
+            VNKJAMAYin6xmopsarpXwVJVd7YweFUMd7Tu5Tvpde1oubnBtb7ZEGixb6AB200g
+            lHQroWz6s+a/d7BxsyM0DA5bOk728LqroIJ8m/9xIbnACoyeVdmM5BF/1/cUsX4N
+            RkRJIfcITNB3zr/4WUldKsM/7bfEA5S0GQUjTd4njt5r7d8j2r6V88maN9ANgXZ4
+            Vf1RbjmTOw4OovwGXtRu8DkQ4kSqnyd1COelH48EfGxtOYbzqNNgnip+95mmMoFr
+            3BkxKP8G/lQ3kGOYqBIQ+1ICtvx29Smllo87RkJ3KltHy7RKVMZry7inLTqCNBAA
+            uIdew6R5uJhBBrfjmXGyGjba9wtxDPiPoTa9gGAu7w==
+            -----END CERTIFICATE-----
+            -----BEGIN CERTIFICATE-----
+            MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFERU1P
+            MS5GUkVFSVBBLk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+            DTIzMDQyMDEzMzM1NFoXDTQzMDQyMDEzMzM1NFowPDEaMBgGA1UECgwRREVNTzEu
+            RlJFRUlQQS5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw
+            DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALLzV665748bW3Da/ZVTZ4BVHrCW
+            RuuT+7bgT6CZOUMri8F+KuQ6sT+o3hQuyrp4qWn0sU3bO9TCXjkQ4B8uo8ZR3RvR
+            +2FXENtUQukI4PTXXoKjqJkGrgWVyISfkvNZvsl/bOEtVJ6nh3DBLhYM0HEENccL
+            0b1SALdntQwGFJfWkRD0FbjBo7CPxePm7L2VViDMY0cYeUdgETcqc9Zw90gUEqTt
+            keHqPmBkiOUVk09f3qtdoukRqAvx3nKhUu7vHEf+DJJoQtr3ilUXZQZ/6lKkYl9k
+            mdwjt+9YeCaKV0s7RI4G+25xo1ZSB3IfMMGISGf/0mOyg4LgWyuuDF/ip5+gI46b
+            Ol85DrhJAfeYoFbjx+zsoY9mn0kiMBnxg+NkvJitsb5EFexXtqfLLeGjFTu2a9rw
+            bB6mM3GKmMszwif/i9uO/NeK1LlmN6g1vy07HtjQWh2LUa9AbeIp6s1UUcruCGem
+            FSzLRmcOY4wi0gGm8Vwg9MRtS6sUe7bfM7uPXwIDAQABo4GpMIGmMB8GA1UdIwQY
+            MBaAFKFAgcvZmgX3tnFhcPQ5i4jZ+xE9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+            AQH/BAQDAgHGMB0GA1UdDgQWBBShQIHL2ZoF97ZxYXD0OYuI2fsRPTBDBggrBgEF
+            BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGVtbzEuZnJlZWlw
+            YS5vcmcvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAH0du998ux4CkH/W9/2l0
+            GnnHE5GbBBcGd4zEIxxoe0kYm7MKJjXL9gDRZ3RMseEhy0mAX8cixA7xmg/IFgM9
+            TFHoHbTUNgEzLZtOYl5Qccp48ZV1XLrzfK1DorEH6tgza0X2rNJ7RU25sq9i687Y
+            S0Tt6W3CNkOnQed7blDbxfZJOq7gvqiTFy09a5OXv2AxpkmRrLwFWd/+4Whbsji1
+            wiwTD+t7gDTGizqINEsJ3lT+2dDp+mAxPKTd4XiTE4aBPVc4LBxHDnMzqFxa1qzG
+            v/BL+aa3FkahD/zMm6/B70iApFOFeCrng/1Q7DxUsBWWuzS+oVdm8MEUWtHxANC5
+            VG91hbzs4jBAig6AY1hGe49oOabkM1IGhp/TIySAaogA4BFS9DNV1TyNZ4Y9PO61
+            JZHjzfXOLIdSlluwsBJem4Lj6Xdw8epzANA0CVnEQ5R1Aql0uRlSsAuhcsleCYJC
+            4gbTjx3PDQLm4BUvsNZ62knVDJPvjAX4nOybumpLAVKg
+            -----END CERTIFICATE-----

ldapauth.go

@@ -46,7 +46,6 @@ type Config struct {
 	CacheCookiePath            string   `json:"cacheCookiePath,omitempty" yaml:"cacheCookiePath,omitempty"`
 	CacheCookieSecure          bool     `json:"cacheCookieSecure,omitempty" yaml:"cacheCookieSecure,omitempty"`
 	CacheKey                   string   `json:"cacheKey,omitempty" yaml:"cacheKey,omitempty"`
-	UseTLS                     bool     `json:"useTls,omitempty" yaml:"useTls,omitempty"`
 	StartTLS                   bool     `json:"startTls,omitempty" yaml:"startTls,omitempty"`
 	CertificateAuthority       string   `json:"certificateAuthority,omitempty" yaml:"certificateAuthority,omitempty"`
 	InsecureSkipVerify         bool     `json:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty"`
@@ -79,7 +78,6 @@ func CreateConfig() *Config {
 		CacheCookiePath:            "",
 		CacheCookieSecure:          false,
 		CacheKey:                   "super-secret-key",
-		UseTLS:                     false,
 		StartTLS:                   false,
 		CertificateAuthority:       "",
 		InsecureSkipVerify:         false,
@@ -180,7 +178,7 @@ func (la *LdapAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		certPool.AppendCertsFromPEM([]byte(la.config.CertificateAuthority))
 	}
 
-	conn, err := Connect(la.config.URL, la.config.Port, la.config.UseTLS, la.config.StartTLS, la.config.InsecureSkipVerify, certPool)
+	conn, err := Connect(la.config.URL, la.config.Port, la.config.StartTLS, la.config.InsecureSkipVerify, certPool)
 	if err != nil {
 		LoggerERROR.Printf("%s", err)
 		RequireAuth(rw, req, la.config, err)
@@ -399,11 +397,11 @@ func RequireAuth(w http.ResponseWriter, req *http.Request, config *Config, err .
 }
 
 // Connect return a LDAP Connection.
-func Connect(addr string, port uint16, useTLS bool, startTLS bool, skipVerify bool, ca *x509.CertPool) (*ldap.Conn, error) {
+func Connect(addr string, port uint16, startTLS bool, skipVerify bool, ca *x509.CertPool) (*ldap.Conn, error) {
 	var conn *ldap.Conn = nil
 	var err error = nil
-	u, err := url.Parse(addr)
 
+	u, err := url.Parse(addr)
 	if err != nil {
 		return nil, err
 	}
@@ -413,58 +411,32 @@ func Connect(addr string, port uint16, useTLS bool, startTLS bool, skipVerify bo
 		// we assume that error is due to missing port.
 		host = u.Host
 	}
-	LoggerDEBUG.Printf("Host: %s ", host)
 
-	address := net.JoinHostPort(host, strconv.FormatUint(uint64(port), 10))
+	address := u.Scheme + "://" + net.JoinHostPort(host, strconv.FormatUint(uint64(port), 10))
+	LoggerDEBUG.Printf("Connect Address: '%s'", address)
 
-	LoggerDEBUG.Printf("Connect Address: %s ", address)
+	tlsCfg := &tls.Config{
+		InsecureSkipVerify: skipVerify,
+		ServerName:         host,
+		RootCAs:            ca,
+	}
 
-	if useTLS {
-		tlsCfg := &tls.Config{
-			InsecureSkipVerify: skipVerify,
-			ServerName:         host,
-			RootCAs:            ca,
-		}
-		if startTLS {
-			conn, err = dial("tcp", address)
-			if err == nil {
-				err = conn.StartTLS(tlsCfg)
-			}
-		} else {
-			conn, err = dialTLS("tcp", address, tlsCfg)
+	if u.Scheme == "ldap" && startTLS {
+		conn, err = ldap.DialURL(address)
+		if err == nil {
+			err = conn.StartTLS(tlsCfg)
 		}
+	} else if u.Scheme == "ldaps" {
+		conn, err = ldap.DialURL(address, ldap.DialWithTLSConfig(tlsCfg))
 	} else {
-		conn, err = dial("tcp", address)
+		conn, err = ldap.DialURL(address)
 	}
 
 	if err != nil {
 		return nil, err
 	}
 
 	return conn, nil
-
-}
-
-// dial applies connects to the given address on the given network using net.Dial.
-func dial(network, addr string) (*ldap.Conn, error) {
-	c, err := net.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-	conn := ldap.NewConn(c, false)
-	conn.Start()
-	return conn, nil
-}
-
-// dialTLS connects to the given address on the given network using tls.Dial.
-func dialTLS(network, addr string, config *tls.Config) (*ldap.Conn, error) {
-	c, err := tls.Dial(network, addr, config)
-	if err != nil {
-		return nil, err
-	}
-	conn := ldap.NewConn(c, true)
-	conn.Start()
-	return conn, nil
 }
 
 // SearchMode make search to LDAP and return results.

readme.md

@@ -162,15 +162,10 @@ _Optional, Default: `super-secret-key`_
 
 The key used to encrypt session cookie information. You `must` use a strong value here.
 
-##### `useTLS`
-_Optional, Default: `false`_
-
-Set to true if LDAP server should use an encrypted TLS connection, either with STARTTLS or LDAPS.
-
 ##### `startTLS`
 _Optional, Default: `false`_
 
-If set to true, instruct `ldapAuth` to issue a `StartTLS` request when initializing the connection with the LDAP server. This is not used if the `useTLS` option is set to `false`.
+If set to true, instruct `ldapAuth` to issue a `StartTLS` request when initializing the connection with the LDAP server.
 
 ##### `certificateAuthority`
 _Optional, Default: `""`_
@@ -199,7 +194,7 @@ Example:
 ##### `insecureSkipVerify`
 _Optional, Default: `false`_
 
-When `useTLS` is enabled, the connection to the LDAP server is verified to be secure. This option allows `ldapAuth` to proceed and operate even for server connections otherwise considered insecure.
+When connecting to a `ldaps` server or `startTLS` is enabled, the connection to the LDAP server is verified to be secure. This option allows `ldapAuth` to proceed and operate even for server connections otherwise considered insecure.
 
 ##### `attribute`