#101 LDAPIdentityStore doesn't support different cn/uid

[vargo]

It is likely the case the the UID in LDAP is not the same as the CN in the certificate (esp. considering multi-CA authentication). Thus, there needs to be an additional mapping beyond principalUIDAttr and credentialQuery string that allows the translation something along the lines of this:
1. CN in certificate looks up in LDAP for matching entries (with certificates; may have entries without certificates)
2. Comparison of Certificate provided against those in LDAP for verification of same (i.e., instead of two certificates with the same CN crossing users)
3. Conversion of the *real* UID attribute into the username; dropping CN as the username
currently, if you use the credentialQueryString of 'credentialQueryString="cn=username,userCertificate;binary=userCertificate"', but have 'principalUidAttributeID="uid"', resolution will fail (unless, in the outside case, UID == CN).

[vargo]

Patch to LDAPIdentityStore to support DN->DN mapping

[vargo]

Patch to X509CertificateAuthScheme to support DN->UID Mapping

[vargo]

I've added patches containing some code to remap UID to the principal name per this issue. However, these patches probably aren't the best way to do things (thus I didn't submit them under the Patch tracker).

Additionally, I've avoided a NullPointerException in the event that LDAP has a match on CN without a certificate, for instance.

Note that these require the credentialQueryString maps UID so it's available in the 'credential' set being processed.