From cb2c2905c5c6182920003f1dfc1ae281d187ba0b Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Wed, 6 Oct 2021 14:19:32 -0700
Subject: [PATCH] fix: do not make TLS strict based on serverName (#13372)

LDAP TLS dialer shouldn't be strict with ServerName, there
maybe many certs talking to common DNS endpoint it is
better to allow Dialer to choose appropriate public cert.
---
 internal/config/identity/ldap/config.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/internal/config/identity/ldap/config.go b/internal/config/identity/ldap/config.go
index 3144a73db..1df6c8f7f 100644
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@@ -319,9 +319,8 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
 		return nil, errors.New("LDAP is not configured")
 	}
 
-	serverHost, _, err := net.SplitHostPort(l.ServerAddr)
+	_, _, err = net.SplitHostPort(l.ServerAddr)
 	if err != nil {
-		serverHost = l.ServerAddr
 		// User default LDAP port if none specified "636"
 		l.ServerAddr = net.JoinHostPort(l.ServerAddr, "636")
 	}
@@ -333,7 +332,6 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
 	tlsConfig := &tls.Config{
 		InsecureSkipVerify: l.tlsSkipVerify,
 		RootCAs:            l.rootCAs,
-		ServerName:         serverHost,
 	}
 
 	if l.serverStartTLS {