FIX: ldap_authentication.sh

Summary

Fix ldap_authentication.sh script caosdb/internal/all#585

Focus

The idea of the script stays the same but this fix is nearly a complete rewrite.

Note that the answer of ldapwhoami is checked even if the script returned with exit code 0 because especially MS Active Directory is rather sloppy with the binding and returns "" and exit code 0 when passing an empty password.

Also, since MS Active Directory has a unusual DN format in the request and an unusual response format, the script has been improved to adapt to both normal LDAP behavior (e.g. OpenLDAP server) and MS Active Directory misbehavior.

Test Environment

• Tested manually with an Active Directory server @henrik
• Tested manually with OpenLDAP @timm

Check List for the Author

Please, prepare your MR for a review. Be sure to write a summary and a focus and create gitlab comments for the reviewer. They should guide the reviewer through the changes, explain your changes and also point out open questions. For further good practices have a look at our review guidelines

• All automated tests pass
• Reference related issues
• Up-to-date CHANGELOG.md (or not necessary)
• Annotations in code (Gitlab comments)
  • Intent of new code
  • Problems with old code
  • Why this implementation?

Check List for the Reviewer

• I understand the intent of this MR
• All automated tests pass
• Up-to-date CHANGELOG.md (or not necessary)
• The test environment setup works and the intended behavior is reproducible in the test environment
• In-code documentation and comments are up-to-date.
• Check: Are there specifications? Are they satisfied?

For further good practices have a look at our review guidelines.

misc/pam_authentication/ldap.conf

-# This file is sourced by the LDAP authentication script
-
-# Set the ldap server here.
-# LDAP_SERVER="example.com"
-
-# Set the ldap domain here. This is used to generate a fully qualified
-# user name: <USER>@$LDAP_DOMAIN
-# LDAP_DOMAIN="example.com"