Since multiple LDAP attributes are supported for the user name/email,
there's no harm in having defaults that are a bit more flexible
(for example, "givenName" is commonly only the users first name,
while a full name is usually preferable as an email recipient).
ldap_connect(<host>, <port>) is deprecated and ldap_connect(<uri>) is
more expressive (for example, by allowing the use of SSL to be
mandatory using a ldaps:// URL).
Use common LDAP terminology and update comments to reflect how the
configuration options work (e.g. that all the LDAP attribute options
are multivalued).
While the LDAP search is case insensitive, the array which is returned from
ldap_get_entries() will only use lowercase. This means that if one
configures the plugin to look for e.g. "givenName", no results
will be returned.
The plugin currently supports SSL (by using a ldaps:// URI as the
hostname of the LDAP server) and unencrypted LDAP. This patch
also adds StartTLS support, which is used by many LDAP servers.
