From 0762f2e322bcc8be14a567d6994943d642a17385 Mon Sep 17 00:00:00 2001
From: Rvn0xsy <rvn0xsy@gmail.com>
Date: Sat, 9 Oct 2021 16:11:58 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0TLS=E8=BF=9E=E6=8E=A5?=
 =?UTF-8?q?=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 main.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 1776eb2..d1f73a4 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"github.com/go-ldap/ldap"
@@ -36,6 +37,8 @@ type FlagStruct struct{
 	OutputMarkdown bool
 	Filter string
 	Columns string
+	TLSConnection bool
+	VerifyTLS bool
 }
 
 
@@ -74,10 +77,16 @@ func (ldapClient  * LdapClient )SetLDAPBaseDN(baseDN string) {
 	ldapClient.baseDN = baseDN
 }
 
-func (ldapClient  * LdapClient )ConnectLDAP(){
+func (ldapClient  * LdapClient )ConnectLDAP(enableTLS bool,skipVerify bool){
 	var err error
 	connectAddr := fmt.Sprintf("%s:%d", ldapClient.ldapServerHost, ldapClient.ldapServerPort)
-	ldapClient.ldapCon ,err = ldap.Dial(ldapClient.ldapServerConnectProtocol,connectAddr)
+
+	if enableTLS {
+		ldapClient.ldapCon, err = ldap.DialTLS(ldapClient.ldapServerConnectProtocol,connectAddr,&tls.Config{InsecureSkipVerify: skipVerify})
+	}else{
+		ldapClient.ldapCon ,err = ldap.Dial(ldapClient.ldapServerConnectProtocol,connectAddr)
+	}
+
 	ldapClient.checkErrorPrintExit(err)
 
 	err = ldapClient.ldapCon.Bind(ldapClient.bindUsername, ldapClient.bindPassword)
@@ -276,6 +285,8 @@ func init()  {
 	flag.BoolVar(&flagStruct.OutputMarkdown,"markdown",false,"Output Markdown Format")
 	flag.StringVar(&flagStruct.Filter,"filter","","LDAP Filter Query")
 	flag.StringVar(&flagStruct.Columns,"columns","","LDAP Result Columns e.g. DN,name,SID")
+	flag.BoolVar(&flagStruct.TLSConnection,"tls",false,"Enable TLS Connection")
+	flag.BoolVar(&flagStruct.VerifyTLS,"skip-verify",true,"SkipVerify TLS Connection")
 	flag.Parse()
 	if flagStruct.LDAPHost == "" || flagStruct.Username == "" || flagStruct.Password == ""{
 		flag.Usage()
@@ -297,7 +308,7 @@ func main() {
 	Dumper.SetLDAPBaseDN(flagStruct.BaseDN)
 
 	Dumper.SetLDAPServerConnect(flagStruct.LDAPHost, flagStruct.LDAPPort,connectPro)
-	Dumper.ConnectLDAP()
+	Dumper.ConnectLDAP(flagStruct.TLSConnection, flagStruct.VerifyTLS)
 	if flagStruct.GetComputer {
 		ldapResult := Dumper.Search(FilterComputerQuery)
 		Dumper.GetComputers(ldapResult)