Support multiple space-separated LDAP hosts

Signed-off-by: Alex Bligh <alex@alex.org.uk>

conf/ldap.toml

@@ -2,7 +2,7 @@
 verbose_logging = false
 
 [[servers]]
-# Ldap server host
+# Ldap server host (specify multiple hosts space separated)
 host = "127.0.0.1"
 # Default port is 389 or 636 if use_ssl = true
 port = 389

pkg/login/ldap.go

@@ -24,18 +24,23 @@ func NewLdapAuthenticator(server *LdapServerConf) *ldapAuther {
 }
 
 func (a *ldapAuther) Dial() error {
-	address := fmt.Sprintf("%s:%d", a.server.Host, a.server.Port)
 	var err error
-	if a.server.UseSSL {
+	for _, host := range strings.Split(a.server.Host, " ") {
-		tlsCfg := &tls.Config{
+		address := fmt.Sprintf("%s:%d", host, a.server.Port)
-			InsecureSkipVerify: a.server.SkipVerifySSL,
+		if a.server.UseSSL {
-			ServerName:         a.server.Host,
+			tlsCfg := &tls.Config{
+				InsecureSkipVerify: a.server.SkipVerifySSL,
+				ServerName:         host,
+			}
+			a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
+		} else {
+			a.conn, err = ldap.Dial("tcp", address)
 		}
-		a.conn, err = ldap.DialTLS("tcp", address, tlsCfg)
-	} else {
-		a.conn, err = ldap.Dial("tcp", address)
-	}
 
+		if err == nil {
+			return nil
+		}
+	}
 	return err
 }