Fix LDAP login for dn which is not uid=${username},${base}

[maxnoe]

Description

Fixes #9903, can be used as a basis to potentially fix more LDAP issues.

The existing code assumes that a user's dn (distinguished name) is build from their uid like so:

dn = ${uid_attribute}=${provided_username},${base}

which is not the case for our LDAP setup. This assumption is completely unnecessary to make, the correct solution is to:

• Query users using the provided username and the filter queries to get dn
• Bind using that received DN

This also allows for example login using the email using a filter like:

(| (uid=%username) (mail=%username))

Which would require a change in the ldap options, so I didn't do that for now.

Note: I removed for now the special cases for active directory. I think these are not necessary with the fixed flow, but I have no AD I can use to test.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• [?] New feature (non-breaking change which adds functionality)
• [?] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Manually tested using using local LDAP server.

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines not yet, this is WIP, I am looking for feedback and will rebase
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[welcome]

💖 Thanks for this pull request! 💖

We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already.

Examples of commit messages with semantic prefixes:

• Fixed #<issue number>: don't overwrite prevent_default if default wasn't prevented
• Added #<issue number>: add checkout functionality to assets
• Improved Asset Checkout: use new notification method for checkout

Things that will help get your PR across the finish line:

• Document any user-facing changes you've made.
• Include tests when adding/changing behavior.
• Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

[what-the-diff]

PR Summary

• Improved Debugging Capabilities
  The code now includes additional logging statements that will assist in detecting and resolving issues faster. This includes logs for situations where there are no user matches for an LDAP query and cases where the LDAP bind operation is unsuccessful.

• Simplification of User Verification Process
  The check for is_ad and the logic related to ldap_username_field were found to be unnecessary and have been removed. This streamlines the process, reducing complexity.

• Updated User Filter Calculation
  Modifications have been made to the calculation of $filterQuery, including additions to the filter. This ensures a more accurate user filtering process.

• Enhanced Assignment of User Domain Names (userDn)
  Changes have been made to how $userDn is assigned. This change improves the accuracy of the assignment, thereby enhancing the overall user authentication process.

• Robust Error-Handling Mechanisms
  The implementation now includes exception handling for cases where there are errors retrieving LDAP domain names (DN) or user attributes. This safeguards against potential system failures and ensures system stability.

[maxnoe]

Instead of concatenating the $username, I think it would be better to provide a string template in the config and then inserting the username into the template, this would allow ldap_auth_filter_query like:

| (uid=$username) (mail=$username)

which would enable people to loin with either uid or email

[maxnoe]

It would also enable using only a single config field for what is now "ldap_filter" and "ldap_auth_filter_query"

[Muiriik]

thanks, this fixes my issue with LDAP bind