From 384ac87debc7c901f54b091ac95a6479e2310671 Mon Sep 17 00:00:00 2001
From: Chris Jones <christian.jones@sri.com>
Date: Tue, 15 Nov 2016 13:31:04 -0700
Subject: [PATCH] connector/ldap: Always set tls.Config.ServerName, to support
 LDAP servers with public CA certs.

---
 connector/ldap/ldap.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index d2bce31b..fd8f1dc3 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -212,7 +212,7 @@ func (c *Config) OpenConnector() (interface {
 		}
 	}
 
-	tlsConfig := new(tls.Config)
+	tlsConfig := &tls.Config{ServerName: host}
 	if c.RootCA != "" || len(c.RootCAData) != 0 {
 		data := c.RootCAData
 		if len(data) == 0 {
@@ -226,9 +226,6 @@ func (c *Config) OpenConnector() (interface {
 			return nil, fmt.Errorf("ldap: no certs found in ca file")
 		}
 		tlsConfig.RootCAs = rootCAs
-		// NOTE(ericchiang): This was required for our internal LDAP server
-		// but might be because of an issue with our root CA.
-		tlsConfig.ServerName = host
 	}
 	userSearchScope, ok := parseScope(c.UserSearch.Scope)
 	if !ok {