make ldap cert check configurable, fix CodeQL warnings

internal/authentication/providers/ldap/provider.go

@@ -182,7 +182,7 @@ func (provider Provider) open() (*ldap.Conn, error) {
 
 	if provider.config.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !provider.config.CertValidation})
 		if err != nil {
 			return nil, err
 		}

internal/ldap/config.go

@@ -10,6 +10,7 @@ const (
 type Config struct {
 	URL            string `yaml:"url" envconfig:"LDAP_URL"`
 	StartTLS       bool   `yaml:"startTLS" envconfig:"LDAP_STARTTLS"`
+	CertValidation bool   `yaml:"certcheck" envconfig:"LDAP_CERT_VALIDATION"`
 	BaseDN         string `yaml:"dn" envconfig:"LDAP_BASEDN"`
 	BindUser       string `yaml:"user" envconfig:"LDAP_USER"`
 	BindPass       string `yaml:"pass" envconfig:"LDAP_PASSWORD"`

internal/ldap/ldap.go

@@ -23,7 +23,7 @@ func Open(cfg *Config) (*ldap.Conn, error) {
 
 	if cfg.StartTLS {
 		// Reconnect with TLS
-		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		err = conn.StartTLS(&tls.Config{InsecureSkipVerify: !cfg.CertValidation})
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to star TLS on connection")
 		}
@@ -92,7 +92,7 @@ func IsActiveDirectoryUserDisabled(userAccountControl string) bool {
 		return false
 	}
 
-	uacInt, err := strconv.Atoi(userAccountControl)
+	uacInt, err := strconv.ParseInt(userAccountControl, 10, 32)
 	if err != nil {
 		return true
 	}