feature: bind user for active_directory auth (#6255)

* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.

* missing global (but still may not be working)

* always return a value from reauthenticate()

* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.

* Refine auth_test.php a bit more
A few small cleanups in other places of the auth

* Add auth_test.php to docs
Some more improvements in the auth_test.php output.

* Update Authentication.md

doc/Extensions/Authentication.md

@@ -41,7 +41,14 @@ When using SELinux on the LibreNMS server, you need to allow Apache (httpd) to c
 setsebool -P httpd_can_connect_ldap=1
 ```
 
-#### MySQL Authentication
+#### Testing authentication
+You can test authentication with this script:
+```shell
+./scripts/auth_test.php
+```
+Enable debug output to troubleshoot issues
+
+### MySQL Authentication
 
 Config option: `mysql`
 
@@ -54,7 +61,7 @@ $config['db_pass'] = "DBPASS";
 $config['db_name'] = "DBNAME";
 ```
 
-#### HTTP Authentication
+### HTTP Authentication
 
 Config option: `http-auth`
 
@@ -69,7 +76,7 @@ $config['http_auth_guest'] = "guest";
 ```
 This will then assign the userlevel for guest to all authenticated users.
 
-#### LDAP Authentication
+### LDAP Authentication
 
 Config option: `ldap`
 
@@ -84,6 +91,8 @@ $config['auth_ldap_port']   = 389;
 $config['auth_ldap_prefix'] = "uid=";
 $config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com";
 $config['auth_ldap_group']  = "cn=groupname,ou=groups,dc=example,dc=com";
+$config['auth_ad_binduser'] = 'examplebinduser';
+$config['auth_ad_bindpassword'] = 'examplepassword';
 
 $config['auth_ldap_groupbase'] = "ou=group,dc=example,dc=com";
 $config['auth_ldap_groups']['admin']['level'] = 10;
@@ -93,6 +102,7 @@ $config['auth_ldap_groupmemberattr'] = "memberUid";
 ```
 
 Typically auth_ldap_suffix, auth_ldap_group, auth_ldap_groupbase, auth_ldap_groups are what's required to be configured.
+It is highly suggested to create a bind user, other wise "remember me", alerting AD users, and the API will not work.
 
 An example config setup for use with Jumpcloud LDAP as a service is:
 
@@ -112,7 +122,7 @@ $config['auth_ldap_groupmemberattr'] = "memberUid";
 
 Replace {id} with the unique ID provided by Jumpcloud.
 
-#### HTTP Authentication / LDAP Authorization
+### HTTP Authentication / LDAP Authorization
 
 Config option: `ldap-authorization`
 
@@ -130,7 +140,7 @@ To disabled this caching (highly discourage) set this option to 0.
 $config['auth_ldap_cache_ttl'] = 300;
 ```
 
-#### Active Directory Authentication
+### Active Directory Authentication
 
 Config option: `active_directory`
 
@@ -183,7 +193,7 @@ $config['auth_ad_group_filter'] = "(objectclass=group)";
 
 This yields `(&(objectclass=user)(sAMAccountName=$username))` for the user filter and `(&(objectclass=group)(sAMAccountName=$group))` for the group filter.
 
-#### Radius Authentication
+### Radius Authentication
 
 Please note that a mysql user is created for each user the logs in successfully. User level 1 is assigned to those accounts so you will then need to assign the relevant permissions unless you set `$config['radius']['userlevel']` to be something other than 1.
 
@@ -199,7 +209,7 @@ $config['radius']['users_purge'] = 14;//Purge users who haven't logged in for 14
 $config['radius']['default_level'] = 1;//Set the default user level when automatically creating a user.
 ```
 
-#### HTTP Authentication / AD Authorization
+### HTTP Authentication / AD Authorization
 
 Config option: `ad-authorization`