feat(gateway): lookup user DN in LDAP

Lookup user DN in the scope of user base subtree before authentication
on LDAP directory by default. This has 2 main benefits:

- Support LDAP directory layout with users distributed in multiple
  branches in the user base.
- Support LDAP directory without the user name attribute in the user DN
  (eg. the full name).

Note this new default behavior can be reverted to the previous behavior
by setting lookup_user_dn=no in [ldap] section of the gateway
configuration.

fix #446 #447

CHANGELOG.md

@@ -20,6 +20,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Check RacksDB version executed by agent is greater or equal to the minimal
     supported version specified in gateway configuration settings (#415→#417).
   - Do not return clusters global stats in `/clusters` endpoint anymore.
+  - Lookup user DN in the scope of user base subtree before authentication on
+    LDAP directory by default (#446,447). This can be reverted to the previous
+    behavior by setting `lookup_user_dn=no` in `[ldap]` section of the gateway
+    configuration.
 - agent:
   - Skip registering of RacksDB API endpoints when disabled (#440).
   - Report error in logs instead of failing with critical error when unable to

slurmweb/apps/gateway.py

@@ -170,6 +170,7 @@ def __init__(self, seed):
                     bind_dn=self.settings.ldap.bind_dn,
                     bind_password=self.settings.ldap.bind_password,
                     restricted_groups=self.settings.ldap.restricted_groups,
+                    lookup_user_dn=self.settings.ldap.lookup_user_dn,
                 )
             else:
                 raise SlurmwebConfigurationError(