Improved ldap handling & docs; binds against AD
== New config options
- adds port and encryption options for binding over SSL/TLS
- adds 'searchattr' option, the LDAP attribute to search on, defaults to 'uid'
== LdapLoader.fetch() changes:
- uses python format() to render the search attribute and search value into the search filter
- if search filter is not specified, uses a simple attr=value search filter
- returns DN and CN of the object if found
== LdapLoader.check() changes:
- binds to the LDAP server using the DN found in fetch(). Previously it was trying to bind using 'uid' and the search base which would not work for non-POSIX accounts or objects found in sub-trees.
== LdapUser.init() changes:
- records the DN of the user in order to re-bind as that object
== LdapUser.login() changes:
- searches for the user again to prevent binding as a disabled user. In AD, a user may still be able to bind even though their userAccountControl attribute prevents them from logging in to a host. This check overrides the cached result in case the account was disabled since last login.
- disables the user if it can no longer be found in LDAP.
== Overall improvements
- better documentation of the classes and functions
- add better user documentation explaining the new config options and how search filter should be used properly.