fix auth_ldap_prefix and auth_ldap_suffix handling to make it all behave predicably

[VVelox]

No longer requires the admin to wonder WTF is going on when it comes to auth_ldap_prefix and auth_ldap_suffix as requiring = and ',' is very non-standard and confusing.

Use trim where applicable.

DO NOT DELETE THE UNDERLYING TEXT

Please note

Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.

• Have you followed our code guidelines?
• If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
• If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

[PipoCanaja]

Looks good to me, but not tested

[murrant]

Are you sure there aren't people using this without =?

[VVelox]

Are you sure there aren't people using this without =?

Yeah. Requiring using = when specifying the attribute to use is highly non-standard and makes setting up LDAP annoying as this is very non-intuitive. Same for needing to use a ,.

In general most LDAP auth stuff does not require you to put string fragments together like this. It expects to be told what to sue for the various bases, attributes, as well as possible anything to append to a search to further restrict matches.

This allows the current settings to continue to work and makes it easier to actually configure as one does not have to begin debugging the code to actually configure it as it is not working as expected.

Honestly this is why I wrote the PAM stuff a few years back. That was quicker than digging through the LDAP code and figuring out why it was not working.

[VVelox]

Yeah, some one may be abusing the current one due to lack of proper statement forming currently.

From Discord...

murrant
—
Today at 10:26 AM
@VVelox I'm saying you are assuming everyone wants =, when the code doesn't really indicate that is the case.
VVelox
—
Today at 10:29 AM
What sort of setup is this not going to be the case? The prefix/postfix stuff like we are doing is just broken as hell.
Or do you mean that there is a chance some one is abusing it to add in additional requirements given our LDAP implementation lacks proper statement forming for that?
Drek. Just double checked. That... it does.
Does hint at that, so some one may be.