Recursive group member search strategy

[mtodd]

This adds a recursive search strategy to find all members of a given group, including nested groups.

This implementation has three desirable qualities for a search strategy like this:

1. tracks entries already found so circular or repeated members are queried for exactly once
2. defines a maximum (configurable) depth to recurse
3. queries for the required attributes and nothing else

Unfortunately, member attributes are DNs which requires a search per DN, resulting in as many queries as there are unique DNs to search for, resulting in potentially huge query volume. One option is to experiment with querying based on the RDN, but that could result in ill-defined behavior.

Still to do:

• generalize for various member attributes (currently hardcoded to member)
• more tests
• experiment with extracting RDNs from DNs to do bulk searches for member entries (separate PR)
• benchmark against Group#members and Group#subgroups (classic strategy) (separate issue)

cc @jch @github/ldap

[jch]

Not a blocker since this was here previously, but does it feel misleading that the method is named bind and what it actually does is search?

[mtodd]

@jch yeah, it's definitely confusing. I think I'm going to make some changes to the API for membership validators in this release which will eventually be breaking so it might be a good time to fix this (in a follow up PR).

[jch]

Tests look good. I liked your inline comments on the recursive strategy. It's more verbose, but made it much easier to understand. 👍 to ship unless you had specific areas you'd like me to review

[mtodd]

@jch right on. I'm going to generalize the attributes since it's hardcoded right now, along with better tests, and merge this. The other items can be worked on separately, after this is merged.

[mtodd]

Added this method to handle handle the various member attributes better.

[mtodd]

Pretty happy with where this is at for now. @jch one last 👓 before merge?

[jch]

🤘