Added scope support to LDAP group and user search (#9529)

* Added scope support LDAP group and user search

* Fixed linter screwing up my markdown

* Update docs/configuration/config-options.md

* Always return correct DN for user with sub scope

api/src/auth/drivers/ldap.ts

@@ -102,17 +102,13 @@ export class LDAPAuthDriver extends AuthDriver {
 	}
 
 	private async fetchUserDn(identifier: string): Promise<string | undefined> {
-		const { userDn, userAttribute } = this.config;
+		const { userDn, userAttribute, userScope } = this.config;
 
 		return new Promise((resolve, reject) => {
 			// Search for the user in LDAP by attribute
 			this.bindClient.search(
 				userDn,
-				{
-					attributes: ['cn'],
-					filter: `(${userAttribute ?? 'cn'}=${identifier})`,
-					scope: 'one',
-				},
+				{ filter: `(${userAttribute ?? 'cn'}=${identifier})`, scope: userScope ?? 'one' },
 				(err: Error | null, res: SearchCallbackResponse) => {
 					if (err) {
 						reject(handleError(err));
@@ -120,8 +116,7 @@ export class LDAPAuthDriver extends AuthDriver {
 					}
 
 					res.on('searchEntry', ({ object }: SearchEntry) => {
-						const userCn = typeof object.cn === 'object' ? object.cn[0] : object.cn;
-						resolve(`cn=${userCn},${userDn}`.toLowerCase());
+						resolve(object.dn.toLowerCase());
 					});
 
 					res.on('error', (err: Error) => {
@@ -177,7 +172,7 @@ export class LDAPAuthDriver extends AuthDriver {
 	}
 
 	private async fetchUserGroups(userDn: string): Promise<string[]> {
-		const { groupDn, groupAttribute } = this.config;
+		const { groupDn, groupAttribute, groupScope } = this.config;
 
 		if (!groupDn) {
 			return Promise.resolve([]);
@@ -192,7 +187,7 @@ export class LDAPAuthDriver extends AuthDriver {
 				{
 					attributes: ['cn'],
 					filter: `(${groupAttribute ?? 'member'}=${userDn})`,
-					scope: 'one',
+					scope: groupScope ?? 'one',
 				},
 				(err: Error | null, res: SearchCallbackResponse) => {
 					if (err) {