Add search bind support, fix group_identifier typo, fix empty gidNumber query

- Add search_bind_enabled/search_bind_dn/search_bind_password to allow
  using a dedicated LDAP account for user and group searches. This is
  needed when regular LDAP users lack search permissions (common with
  restrictive ACLs on OpenLDAP).
- Support both group_indentifier (original) and group_identifier config
  keys, falling back to 'cn' if neither is set.
- Skip the gidNumber-based primary group query when the attribute is
  empty, avoiding broken LDAP filters on non-posixAccount setups.

languages/en.yaml

@@ -42,4 +42,11 @@ PLUGIN_LOGIN_LDAP:
   VERSION_DESC: 'LDAP Version 3 is most popular, only change this if you know what you are doing'
   BLACKLIST_FIELDS: 'Blacklist Fields'
   BLACKLIST_FIELDS_HELP: 'A list of LDAP fields to be skipped and ignored'
-  BLACKLIST_FIELDS_PLACEHOLDER: 'Field (ie, jpegPhoto, homePostalAddress)'
+  BLACKLIST_FIELDS_PLACEHOLDER: 'Field (ie, jpegPhoto, homePostalAddress)'
+  SEARCH_BIND_CONFIGURATION: 'Search Bind Configuration'
+  SEARCH_BIND_ENABLE: 'Use Search Bind'
+  SEARCH_BIND_ENABLE_DESC: 'Use a dedicated LDAP account for user/group searches (useful when regular users lack search permissions)'
+  SEARCH_BIND_DN: 'Search Bind DN'
+  SEARCH_BIND_DN_DESC: 'Full DN of the LDAP account used for searches (e.g. cn=readonly,dc=company,dc=com)'
+  SEARCH_BIND_PASSWORD: 'Search Bind Password'
+  SEARCH_BIND_PASSWORD_DESC: 'Password for the search bind account'