connector/ldap: add multiple user to group mapping

Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>

examples/config-ad-kubelogin.yaml

@@ -41,10 +41,11 @@ connectors:
       baseDN: cn=Users,dc=example,dc=com
       filter: "(objectClass=group)"
 
+      userMatchers:
       # A user is a member of a group when their DN matches
       # the value of a "member" attribute on the group entity.
-      userAttr: DN
-      groupAttr: member
+      - userAttr: DN
+        groupAttr: member
 
       # The group name should be the "cn" value.
       nameAttr: cn

examples/config-ldap.yaml

@@ -37,10 +37,11 @@ connectors:
       baseDN: ou=Groups,dc=example,dc=org
       filter: "(objectClass=groupOfNames)"
 
-      # A user is a member of a group when their DN matches
-      # the value of a "member" attribute on the group entity.
-      userAttr: DN
-      groupAttr: member
+      userMatchers:
+        # A user is a member of a group when their DN matches
+        # the value of a "member" attribute on the group entity.
+      - userAttr: DN
+        groupAttr: member
 
       # The group name should be the "cn" value.
       nameAttr: cn