ldap: allow non-anonymous searches

Add LDAP_BIND_DN and LDAP_BIND_PASSWORD that allow
apps to bind before a search. There appear to be two kinds of
ldap flows:

1. App simply binds using cn=<username>,$LDAP_USERS_BASE_DN. This
   works swimmingly today.

2. App searches the username under a "bind_dn" using some admin
   credentials. It takes the result and uses the first dn in the
   result as the user dn. It then binds as step 1.

This commit tries to help out the case 2) apps. These apps really
insist on having some credentials for searching.

src/addons.js

@@ -289,7 +289,9 @@ function setupLdap(app, callback) {
         'LDAP_PORT=3002',
         'LDAP_URL=ldap://172.17.42.1:3002',
         'LDAP_USERS_BASE_DN=ou=users,dc=cloudron',
-        'LDAP_GROUPS_BASE_DN=ou=groups,dc=cloudron'
+        'LDAP_GROUPS_BASE_DN=ou=groups,dc=cloudron',
+        'LDAP_BIND_DN=cn='+ app.id + ',ou=apps,dc=cloudron',
+        'LDAP_BIND_PASSWORD=' + hat(256) // this is ignored
     ];
 
     debugApp(app, 'Setting up LDAP');