Add LDAP/Active Directory authentication support

[Hemsby]

Summary

Adds native LDAP authentication to the DNS Server web console, enabling users to sign in with their Active Directory or LDAP directory credentials.

Features

• Three connection modes — plain LDAP, StartTLS (port 389 + SSL), and LDAPS (port 636 + SSL). Mode is selected automatically based on port: Use SSL + port 636 = LDAPS, Use SSL + any other port = StartTLS.
• Service account search — a bind DN/password locates the user in the directory before validating their credentials. Supports UPN (user@domain) and full DN formats.
• Configurable user filter — defaults to (sAMAccountName={0}) for Active Directory; any RFC 4515 filter is supported.
• Group mapping — maps LDAP groups (by CN) to local Technitium groups, e.g. Domain Admins → Administrators.
• Auto-provisioning — optionally creates a local account on first LDAP login, with optional restriction to mapped groups only.
• Ignore SSL errors — for self-signed or internal CA certificates.
• Test connection button — verifies the service account bind without saving config.
• Docker/environment variable support — full headless configuration via DNS_SERVER_LDAP_* variables.

Environment Variables

Variable	Description
DNS_SERVER_LDAP_ENABLED	true/false
DNS_SERVER_LDAP_SERVER	Hostname or IP
DNS_SERVER_LDAP_PORT	Default: 389
DNS_SERVER_LDAP_USE_SSL	true enables StartTLS (port 389) or LDAPS (port 636)
DNS_SERVER_LDAP_IGNORE_SSL_ERRORS	true/false
DNS_SERVER_LDAP_BIND_DN	Service account DN or UPN
DNS_SERVER_LDAP_BIND_PASSWORD	Service account password
DNS_SERVER_LDAP_SEARCH_BASE	e.g. DC=example,DC=com
DNS_SERVER_LDAP_USER_FILTER	Default: (sAMAccountName={0})
DNS_SERVER_LDAP_GROUP_ATTRIBUTE	Default: memberOf
DNS_SERVER_LDAP_ALLOW_SIGNUP	true/false
DNS_SERVER_LDAP_ALLOW_SIGNUP_ONLY_FOR_MAPPED_USERS	true/false
DNS_SERVER_LDAP_GROUP_MAP	JSON array, e.g. [{"remoteGroup":"Domain Admins","localGroup":"Administrators"}]

Implementation Notes

Uses Novell.Directory.Ldap.NETStandard (v3.6.0) rather than System.DirectoryServices.Protocols. The Novell library is pure managed .NET (TcpClient + SslStream) with no dependency on native OpenLDAP libraries, ensuring consistent behaviour on Linux, Windows, macOS, Docker, and ARM.

[ShreyasZare]

Thanks for the PR. Is there any specific reason to prefer using Novell.Directory.Ldap.NETStandard instead of System.DirectoryServices.Protocols? Also which LDAP servers have you tested this PR with?

[Hemsby]

I used Novell because I was under impression it was more compatible. It was tested against Microsoft Servers LDAP, 2016, 2019, and 2022.

[ShreyasZare]

Thanks for the response. The concern I have here is that Novell.Directory.Ldap.NETStandard is an independent project which may stop getting updated anytime and may have compatibility issues in future. Whereas System.DirectoryServices.Protocols being supported by Microsoft can be expected to not have such issues.

[Hemsby]

Would you like me to change it to use System.DirectoryServices.Protocols?

[ShreyasZare]

Would you like me to change it to use System.DirectoryServices.Protocols?

That will be really nice.

Also please rebase to the develop branch if possible so that merging it is easier due to too many refactoring changes. Thanks.