Improve LDAP user info retrieval

[AditiChikkali]

This PR refactors the LDAP user info retrieval logic to improve reliability and completeness of returned attributes.

Key changes:

• Implements a two-step search strategy for posix accounts: first fetches all regular attributes (*), then explicitly fetches operational attributes (e.g., objectGUID, objectSid, memberOf, whenCreated, whenChanged, manager), and merges results.
• Adds a reusable _extract_attributes helper to standardize extraction of LDAP entry attributes into Python dictionaries, handling bytes, lists, and strings.
• Updates clean_object_class to robustly handle both string and list formats for the objectClass attribute, ensuring consistent output.
• Improves generalized_time_to_str to reliably convert LDAP generalized time strings and datetime objects to readable UTC timestamps.

These changes address erratic behavior with missing attributes, ensure all required data is returned, and make downstream processing more robust and maintainable.

This PR addresses issue #8 by refactoring LDAP search logic to reliably fetch operational attributes.

[padraic-shafer]

I think this might not work as intended if the value includes spaces or escaped commas \,.

It would be fine to merge this and then update later iso needed though.

[padraic-shafer]

This should probably still get logged as f"No LDAP posix entries found for {username}" or something similar.

Is it intentional to exit here in that case, or is it supposed to try the "recovery step" with OPERATIONAL_ATTRIBUTES before exiting?

[AditiChikkali]

The previous code required additional updates, I have also discovered new observations with inconsistencies, which led to further adjustments. I hope the latest changes address this comment.

[AditiChikkali]

These changes include

• Explicitly fetching operational attributes after the initial search to avoid proxy cache issues.
• Adding fallback logic to individually query missing operational attributes, ensuring maximum data coverage.
• Enhanced logging to track missing and recovered attributes for easier debugging.

Summary of the code flow now would be

• Extract username from UPN.
• Search for posixAccount entry and fetch all standard attributes.
• Explicitly fetch operational attributes.
• Individually fetch any missing operational attributes.
• Log and return the complete user attribute dictionary.

[AditiChikkali]

Given these inconsistencies, wouldn't it be nice to enhance logging and result tracking.

• By considering setting up a logger to record which attributes are received for each user request, and which are missing, to help diagnose cache-related issues.
• Storing request/response logs or attribute snapshots could help identify patterns and persistent gaps.

What do you think?