From 54fb570ffa9b81986279a668c6382f518036978b Mon Sep 17 00:00:00 2001
From: Maksim Nabokikh <maksim.nabokikh@flant.com>
Date: Tue, 6 Aug 2024 07:57:51 +0200
Subject: [PATCH] Fix scheme for DialURL ldap connection (#3677)

* Use scheme without :// suffix
* Make test ldap server listen on custom ports to avoid stepping into go-ldap defaults

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
---
 .github/workflows/ci.yaml | 4 ++--
 connector/ldap/ldap.go    | 6 +++---
 docker-compose.test.yaml  | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 8cf94a64f9..534edea15f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -121,8 +121,8 @@ jobs:
           DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }}
 
           DEX_LDAP_HOST: localhost
-          DEX_LDAP_PORT: 389
-          DEX_LDAP_TLS_PORT: 636
+          DEX_LDAP_PORT: 3890
+          DEX_LDAP_TLS_PORT: 6360
 
           DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }}
           DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }}
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index 897f30cff1..856949d240 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -322,10 +322,10 @@ func (c *ldapConnector) do(_ context.Context, f func(c *ldap.Conn) error) error
 
 	switch {
 	case c.InsecureNoSSL:
-		u := url.URL{Scheme: "ldap://", Host: c.Host}
+		u := url.URL{Scheme: "ldap", Host: c.Host}
 		conn, err = ldap.DialURL(u.String())
 	case c.StartTLS:
-		u := url.URL{Scheme: "ldap://", Host: c.Host}
+		u := url.URL{Scheme: "ldap", Host: c.Host}
 		conn, err = ldap.DialURL(u.String())
 		if err != nil {
 			return fmt.Errorf("failed to connect: %v", err)
@@ -334,7 +334,7 @@ func (c *ldapConnector) do(_ context.Context, f func(c *ldap.Conn) error) error
 			return fmt.Errorf("start TLS failed: %v", err)
 		}
 	default:
-		u := url.URL{Scheme: "ldaps://", Host: c.Host}
+		u := url.URL{Scheme: "ldaps", Host: c.Host}
 		conn, err = ldap.DialURL(u.String(), ldap.DialWithTLSConfig(c.tlsConfig))
 	}
 	if err != nil {
diff --git a/docker-compose.test.yaml b/docker-compose.test.yaml
index 46dfd84c4d..933ff80164 100644
--- a/docker-compose.test.yaml
+++ b/docker-compose.test.yaml
@@ -11,8 +11,8 @@ services:
             LDAP_TLS: "true"
             LDAP_TLS_VERIFY_CLIENT: try
         ports:
-            - 389:389
-            - 636:636
+            - 3890:389
+            - 6360:636
         volumes:
             - ./connector/ldap/testdata/certs:/container/service/slapd/assets/certs
             - ./connector/ldap/testdata/schema.ldif:/container/service/slapd/assets/config/bootstrap/ldif/99-schema.ldif