From a5be6683599a9ebf840a32cbadd67e8011063b45 Mon Sep 17 00:00:00 2001
From: Feng_Qi <freedomkk_qfeng@qq.com>
Date: Mon, 23 Mar 2020 00:04:15 +0800
Subject: [PATCH] ldap login support anonymous search mode

---
 src/model/ldap.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/model/ldap.go b/src/model/ldap.go
index c1a22bb1..d932933f 100644
--- a/src/model/ldap.go
+++ b/src/model/ldap.go
@@ -45,15 +45,16 @@ func ldapReq(user, pass string) (*ldap.SearchResult, error) {
 	defer conn.Close()
 
 	if !lc.TLS && lc.StartTLS {
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
-		if err != nil {
+		if err := conn.StartTLS(&tls.Config{InsecureSkipVerify: true}); err != nil {
 			return nil, fmt.Errorf("ldap.conn startTLS fail: %v", err)
 		}
 	}
-
-	err = conn.Bind(lc.BindUser, lc.BindPass)
-	if err != nil {
-		return nil, fmt.Errorf("bind ldap fail: %v, use %s", err, lc.BindUser)
+	//if bindUser is empty, anonymousSearch mode
+	if lc.BindUser != "" {
+		//BindSearch mode
+		if err := conn.Bind(lc.BindUser, lc.BindPass); err != nil {
+			return nil, fmt.Errorf("bind ldap fail: %v, use %s", err, lc.BindUser)
+		}
 	}
 
 	searchRequest := ldap.NewSearchRequest(