Fix the code to match the documentation.

Permit for LDAP groups to be groupofuniquenames composed of uniquename (DN).
For this, propose DN as group_search_filter_user_attribute and DN also for the member_of in the server.attributes section.

DN is processed as a special attribute name which returns the LdapSearchResult.DN field instead of a member of attr array.

pkg/login/ldap.go

@@ -404,9 +404,11 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 		var groupSearchResult *ldap.SearchResult
 		for _, groupSearchBase := range a.server.GroupSearchBaseDNs {
 			var filter_replace string
-			filter_replace = getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
+
 			if a.server.GroupSearchFilterUserAttribute == "" {
 				filter_replace = getLdapAttr(a.server.Attr.Username, searchResult)
+			} else {
+				filter_replace = getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
 			}
 			filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)
 
@@ -448,6 +450,9 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 }
 
 func getLdapAttrN(name string, result *ldap.SearchResult, n int) string {
+        if name == "DN" {
+		return result.Entries[0].DN
+	}
 	for _, attr := range result.Entries[n].Attributes {
 		if attr.Name == name {
 			if len(attr.Values) > 0 {