make ldap cert check configurable, fix CodeQL warnings

internal/authentication/providers/ldap/provider.go

@@ -182,7 +182,7 @@ func (provider Provider) open() (*ldap.Conn, error) {
 
 	if provider.config.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !provider.config.CertValidation})
 		if err != nil {
 			return nil, err
 		}

internal/ldap/config.go

@@ -8,11 +8,12 @@ const (
 )
 
 type Config struct {
-	URL      string `yaml:"url" envconfig:"LDAP_URL"`
-	StartTLS bool   `yaml:"startTLS" envconfig:"LDAP_STARTTLS"`
-	BaseDN   string `yaml:"dn" envconfig:"LDAP_BASEDN"`
-	BindUser string `yaml:"user" envconfig:"LDAP_USER"`
-	BindPass string `yaml:"pass" envconfig:"LDAP_PASSWORD"`
+	URL            string `yaml:"url" envconfig:"LDAP_URL"`
+	StartTLS       bool   `yaml:"startTLS" envconfig:"LDAP_STARTTLS"`
+	CertValidation bool   `yaml:"certcheck" envconfig:"LDAP_CERT_VALIDATION"`
+	BaseDN         string `yaml:"dn" envconfig:"LDAP_BASEDN"`
+	BindUser       string `yaml:"user" envconfig:"LDAP_USER"`
+	BindPass       string `yaml:"pass" envconfig:"LDAP_PASSWORD"`
 
 	Type                 Type   `yaml:"typ" envconfig:"LDAP_TYPE"` // AD for active directory, OpenLDAP for OpenLDAP
 	UserClass            string `yaml:"userClass" envconfig:"LDAP_USER_CLASS"`

internal/ldap/ldap.go

@@ -23,7 +23,7 @@ func Open(cfg *Config) (*ldap.Conn, error) {
 
 	if cfg.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !cfg.CertValidation})
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to star TLS on connection")
 		}
@@ -92,7 +92,7 @@ func IsActiveDirectoryUserDisabled(userAccountControl string) bool {
 		return false
 	}
 
-	uacInt, err := strconv.Atoi(userAccountControl)
+	uacInt, err := strconv.ParseInt(userAccountControl, 10, 32)
 	if err != nil {
 		return true
 	}