sn and givenName have as their superior the name attribute, which is of DirectoryString syntax,
that is, the syntax is 1.3.6.1.4.1.1466.115.121.1.15. Attributes which are of syntax
DirectoryString are not allowed to be null, that is, a DirectoryString is required to have
at least one character.
http://stackoverflow.com/questions/15027094/how-to-filter-null-or-empty-attributes-from-an-active-directory-query
This fixes a crash in paperwork which relies on this.
Add LDAP_BIND_DN and LDAP_BIND_PASSWORD that allow
apps to bind before a search. There appear to be two kinds of
ldap flows:
1. App simply binds using cn=<username>,$LDAP_USERS_BASE_DN. This
works swimmingly today.
2. App searches the username under a "bind_dn" using some admin
credentials. It takes the result and uses the first dn in the
result as the user dn. It then binds as step 1.
This commit tries to help out the case 2) apps. These apps really
insist on having some credentials for searching.
