From 0ad03908d0a1bde5ca5d6a292c37af14d673b9f2 Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Thu, 1 Jul 2021 17:41:01 -0700
Subject: [PATCH] LDAP Test connection was not using GlobalRootCAs (#12612)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
---
 internal/config/identity/ldap/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/config/identity/ldap/config.go b/internal/config/identity/ldap/config.go
index 3fac0dd49..600b48de2 100644
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@@ -474,6 +474,7 @@ func Lookup(kvs config.KVS, rootCAs *x509.CertPool) (l Config, err error) {
 		return l, nil
 	}
 	l.Enabled = true
+	l.rootCAs = rootCAs
 	l.ServerAddr = ldapServer
 	l.stsExpiryDuration = defaultLDAPExpiry
 	if v := env.Get(EnvSTSExpiry, kvs.Get(STSExpiry)); v != "" {
@@ -565,6 +566,5 @@ func Lookup(kvs config.KVS, rootCAs *x509.CertPool) (l Config, err error) {
 		l.GroupSearchBaseDistNames = strings.Split(l.GroupSearchBaseDistName, dnDelimiter)
 	}
 
-	l.rootCAs = rootCAs
 	return l, nil
 }