allow user login without extra bind account

The current version of the ldap plugin uses the most common method to connect to the server with an extra bind account (ldap manager) before authenticating the user. But for ldap authentication it is also possible to directly authenticate the user without the need for that extra bind account by sending just the user's exact bind dn and password.

The most relevant disadvantage of that simple method is that usually one cannot search the ldap servers tree to find the exact user dn. So it must be fully defined in the configuration. Also applying filters (e.g. checking group memberships) usually may not work. And of course one cannot create new users or do any other write operations in the ldap tree outside the user's scope.

Still it can be very handy if one can just use an organization's LDAP for user authentication without using that extra bind account. Therefore it would be great to support the simple authentication method within the ldap plugin. The simple method should be used, when the following two config parameters are not set (empty):

dmx.ldap.manager = cn=admin,dc=example,dc=org
dmx.ldap.password = ${LDAP_ADMIN_PASSWORD}

In that case the setting of dmx.ldap.user_base must be used to aggregate the exact dn of the user account, eg. setting the user_base to ou=users,dc=example,dc=org and dmx.ldap.user_attribute = uid for user id foobar will result in the following dn: uid=foobar,ou=users,dc=example,dc=org. Together with the password this must be used to execute an authorization request at the LDAP server.

@rsc FYI