From 67e63df987cf7b3987a4073064f413e14d9bea88 Mon Sep 17 00:00:00 2001
From: panxunying <641770806@qq.com>
Date: Thu, 21 Jul 2022 10:38:22 +0800
Subject: [PATCH] skip check ldap email

Signed-off-by: panxunying <641770806@qq.com>
---
 connector/ldap/ldap.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index eaee078d37..921bc5a2da 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -383,14 +383,13 @@ func (c *ldapConnector) identityFromEntry(user ldap.Entry) (ident connector.Iden
 			missing = append(missing, c.UserSearch.PreferredUsernameAttrAttr)
 		}
 	}
-
+	// TODO(ericchiang): Let this value be set from an attribute.
+	ident.EmailVerified = false
 	if c.UserSearch.EmailSuffix != "" {
 		ident.Email = ident.Username + "@" + c.UserSearch.EmailSuffix
-	} else if ident.Email = getAttr(user, c.UserSearch.EmailAttr); ident.Email == "" {
+	} else if ident.Email = getAttr(user, c.UserSearch.EmailAttr); ident.Email == "" && ident.EmailVerified {
 		missing = append(missing, c.UserSearch.EmailAttr)
 	}
-	// TODO(ericchiang): Let this value be set from an attribute.
-	ident.EmailVerified = true
 
 	if len(missing) != 0 {
 		err := fmt.Errorf("ldap: entry %q missing following required attribute(s): %q", user.DN, missing)