Bugfix and overrides

[blag]

In some cases users will need to override the account and group LDAP query patterns, and we previously did not enable this. This PR adds this feature, and it inadvertently fixes a DRY bug regarding the default value of the id_attr configuration option.

I had to refactor the _get_groups_for_user method a bit, but it converts from using filter_format, which just called escape_filter_chars:

def filter_format(filter_template, assertion_values):
  return filter_template % tuple(escape_filter_chars(v) for v in assertion_values)

to using escape_filter_chars directly:

filter_values = {
    'user_dn': ldap.filter.escape_filter_chars(user_dn),
    'username': ldap.filter.escape_filter_chars(username),
}
query = self._group_pattern % filter_values

[blag]

I will need to update the enterprise docs. I'll work on a PR for that on Monday.

[nmaludy]

Can you give an example, maybe in the README, of how one might use this?

[blag]

Added an overview of what this plugin actually does regarding LDAP, and added descriptions to the table of options for the new account_pattern and group_pattern options, as well as two more examples: one for simply specifying id_attr, and another for overriding both account_pattern and group_pattern (including a note that you don't have to override both at the same time). 👍

Also fixed a few Markdown syntax typos that GitHub was rendering properly, but should still be fixed regardless.

[nmaludy]

LGTM!

[blag]

I should also add some tests for these new options... I'll do that tomorrow.

[nmaludy]

Great work, this is an awesome change!