Use the app bind in the auth mechanism (should fix #13335)

[vincent-abel]

Description

rebind on app cn to fetch user attributes. so users don't need to have a search / read right only for snipeit.
It's mostly a way to share the "fix"

Fixes #13335

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

• [x ] Test logins

Test Configuration:

• Docker with snipeit 6.1.2

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[welcome]

💖 Thanks for this pull request! 💖

We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already.

Examples of commit messages with semantic prefixes:

• Fixed #<issue number>: don't overwrite prevent_default if default wasn't prevented
• Added #<issue number>: add checkout functionality to assets
• Improved Asset Checkout: use new notification method for checkout

Things that will help get your PR across the finish line:

• Document any user-facing changes you've made.
• Include tests when adding/changing behavior.
• Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

[what-the-diff]

PR Summary

• Improved Security in User Authentication Process
  A chunk of the changes relate to the process of binding users to the directory using LDAP (Lightweight Directory Access Protocol), improving how we authenticate users. The process is now more secure and handles potential errors better.

• Admin User Binding
  The program can now bind the Admin user to this directory. This feature could provide administrators with better access control and overall system management.

• Refactoring Search Process in LDAP
  The search process was improved and is now only initiated when a user is successfully bound. This should make LDAP searches more efficient and reduce unnecessary operations.

• Enhanced User Attribute Verification
  Before retrieving the user attributes from LDAP, some extra validation checks were included. This further improves the security in the user authentication process.

• Normalization of User Attributes
  The software now changes user attributes to lowercase before returning them. This step standardizes data processing and could help avoid potential confusion or errors due to case sensitivity.

• Added Safety Measures for Incorrect User Binding
  If a user is not bound correctly, the system will now stop and return an error statement. This condition serves as a safety measure to prevent unauthorized access.

[snipe]

Hi there - thanks for this! Can you please re-target this PR to point to the develop branch, per our Contributing documentation?

You don't need to close and re-open. After you create a pull request, you can modify the base branch so that the changes in the pull request are compared against a different branch. By changing the base branch of your original pull request rather than opening a new one with the correct base branch, you’ll be able to keep valuable work and discussion.

Thanks!

[vincent-abel]

Thanks,

Of course, I do it right away

[snipe]

Hm, looks like this might need a rebase? I don't think you actually touched 45 files, and some of those commits aren't from you. Can you rebase that for me?

[vincent-abel]

i preferred to do it the safe way so that one is closed, and i migrated in a new clean PR #13739