From 215c3160f8ee867f6ff91c9280d05e4bf36007c4 Mon Sep 17 00:00:00 2001
From: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Date: Mon, 28 Jun 2021 17:49:40 +0200
Subject: [PATCH] fix(connector/ldap): explicit anonymus ldap bind

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
---
 connector/ldap/ldap.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index d3bc20ab..eaee078d 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -331,10 +331,11 @@ func (c *ldapConnector) do(_ context.Context, f func(c *ldap.Conn) error) error
 	defer conn.Close()
 
 	// If bindDN and bindPW are empty this will default to an anonymous bind.
-	if err := conn.Bind(c.BindDN, c.BindPW); err != nil {
-		if c.BindDN == "" && c.BindPW == "" {
+	if c.BindDN == "" && c.BindPW == "" {
+		if err := conn.UnauthenticatedBind(""); err != nil {
 			return fmt.Errorf("ldap: initial anonymous bind failed: %v", err)
 		}
+	} else if err := conn.Bind(c.BindDN, c.BindPW); err != nil {
 		return fmt.Errorf("ldap: initial bind for user %q failed: %v", c.BindDN, err)
 	}