feature: Add the ability to include an LDAP filter for users/groups in AD (#4494)

* Add auth_ad_(group|user)_filter options

* use global

* Fix some AD annoyances

Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.

* remove unused variable

* update documentation

* Update Authentication.md

html/includes/functions.inc.php

@@ -1335,3 +1335,23 @@ function ipmiSensorName($hardwareId, $sensorIpmi, $rewriteArray)
         return $sensorIpmi;
     }
 }
+
+function get_auth_ad_user_filter($username)
+{
+    global $config;
+    $user_filter = "(samaccountname=$username)";
+    if ($config['auth_ad_user_filter']) {
+        $user_filter = "(&{$config['auth_ad_user_filter']}$user_filter)";
+    }
+    return $user_filter;
+}
+
+function get_auth_ad_group_filter($groupname)
+{
+    global $config;
+    $group_filter = "(samaccountname=$groupname)";
+    if ($config['auth_ad_group_filter']) {
+        $group_filter = "(&{$config['auth_ad_group_filter']}$group_filter)";
+    }
+    return $group_filter;
+}