From 12c318f0b1924e2b895eb19e4a0c16d9527b7c0d Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 4 Sep 2022 14:04:08 +0200
Subject: [PATCH] sources/ldap: start_tls before binding but without reading
 server info

with read_server_info=True (default), this errors out on active directory

closes #3509 #1049

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/ldap/models.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py
index a6cb1a283..166131cdc 100644
--- a/authentik/sources/ldap/models.py
+++ b/authentik/sources/ldap/models.py
@@ -139,9 +139,9 @@ class LDAPSource(Source):
             receive_timeout=LDAP_TIMEOUT,
         )
 
-        connection.bind()
         if self.start_tls:
-            connection.start_tls()
+            connection.start_tls(read_server_info=False)
+        connection.bind()
         return connection
 
     class Meta: