feat: Ldap whoami switch

[NiceRath]

Greetings!

This PR adds a config-flag to disable the LDAP-WhoAmI checks that seem to break LDAP-integrations for some users: #1238

- Rath

[fiftin]

Hi @NiceRath

Will merge soon. Thank you!

[ansibleguy]

@fiftin Just a reminder - 'soon' (;

[NiceRath]

Yes - would be nice to have this merged.
This is a breaking issue if you depend on one of the affected LDAP providers.

[NiceRath]

@fiftin If you dislike the config-switch you could also just remove the 'WhiAmI' check completely.
Can't see the need for it after the LDAP server accepted the user authentication..

[Ye-Min-Tun]

Are there any ways to use encryption for ldap_bindpassword in config.json?
Is only plain text allowed currently? @NiceRath @ansibleguy

[NiceRath]

@Ye-Min-Tun No - but that has nothing to do with this PR/change.
Also: The bind user only needs read access to the LDAP directory. It does not need to have any special privileges.
Make sure to set the mode of he config.json to 0600 - so only the semaphore user can access/read it.

[NiceRath]

It seems the maintainer has no plan to implement this fix.. so I'll close the PR.
The project is unusable for me at this point

[snk26]

@fiftin Добавь, пожалуйста, эту опцию. Мы все еще ждем! Google LDAP не пускает с WhoAmi.

[fiftin]

@snk26 Я не спец в LDAP, если я вообще удаю эту проверку, это на что-то повлияет?