Avoid potential panic in LDAP client (#8047)

* fix potential panic

* add comment

* vendor the ldap update

* use localhost in test

sdk/helper/ldaputil/client.go

@@ -85,12 +85,13 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
 		}
 		retErr = multierror.Append(retErr, errwrap.Wrapf(fmt.Sprintf("error connecting to host %q: {{err}}", uut), err))
 	}
-
+	if retErr != nil {
+		return nil, retErr
+	}
 	if timeout := cfg.RequestTimeout; timeout > 0 {
 		conn.SetTimeout(time.Duration(timeout) * time.Second)
 	}
-
-	return conn, retErr.ErrorOrNil()
+	return conn, nil
 }
 
 /*

sdk/helper/ldaputil/client_test.go

@@ -2,8 +2,28 @@ package ldaputil
 
 import (
 	"testing"
+
+	"github.com/hashicorp/go-hclog"
 )
 
+// TestDialLDAP duplicates a potential panic that was
+// present in the previous version of TestDialLDAP,
+// then confirms its fix by passing.
+func TestDialLDAP(t *testing.T) {
+	ldapClient := Client{
+		Logger: hclog.NewNullLogger(),
+		LDAP:   NewLDAP(),
+	}
+
+	ce := &ConfigEntry{
+		Url:            "ldap://localhost:384654786",
+		RequestTimeout: 3,
+	}
+	if _, err := ldapClient.DialLDAP(ce); err == nil {
+		t.Fatal("expected error")
+	}
+}
+
 func TestLDAPEscape(t *testing.T) {
 	testcases := map[string]string{
 		"#test":       "\\#test",

vendor/github.com/hashicorp/vault/sdk/helper/ldaputil/client.go

@@ -85,12 +85,13 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
 		}
 		retErr = multierror.Append(retErr, errwrap.Wrapf(fmt.Sprintf("error connecting to host %q: {{err}}", uut), err))
 	}
-
+	if retErr != nil {
+		return nil, retErr
+	}
 	if timeout := cfg.RequestTimeout; timeout > 0 {
 		conn.SetTimeout(time.Duration(timeout) * time.Second)
 	}
-
-	return conn, retErr.ErrorOrNil()
+	return conn, nil
 }
 
 /*