Improve ability to debug reason for auth failure (e.g. logging)

Thanks. I will submit a PR.

I also wanted to get more insight into what’s going on. I found that python-ldap was able to log every single request (and response) that it makes by using trace_level and trace_file (see ldap.initialize docs).

I used this bit of code to both turn up ldap verbosity and pipe it through the logging system:

import contextlib
import functools
import logging
from typing import Any, Dict, Iterator, NoReturn, Tuple
from unittest import mock

from django_auth_ldap.config import LDAPGroupType, MemberDNGroupType
import ldap
import ldap.dn


@contextlib.contextmanager
def enable_ldap_trace_logging() -> Iterator[None]:
    """
    Enable logging from the ``ldap`` library.

    ``ldap`` "logging" (not via :mod:`logging` by default) can only be enabled via the ``trace_level``
    and ``trace_file`` arguments to :func:`ldap.initialize` (or to the :class:`ldap.LDAPObject` constructor).
    Unfortunately, django-auth-ldap doesn't (yet) let us customize these arguments.
    This function monkeypatches ``ldap.initialize`` such that:

    - ``trace_level=2``
    - ``trace_file`` is set to a file object that will log all writes to the "ldap" logger with DEBUG level.
    """
    new = functools.partial(
        ldap.initialize,
        trace_level=2,
        trace_file=_TraceFileLogging(logging.getLogger("ldap"), logging.DEBUG),
    )
    with mock.patch.object(ldap, "initialize", new):
        yield


class _TraceFileLogging:
    def __init__(self, logger_: logging.Logger, level: int) -> None:
        self.logger = logger_
        self.level = level

    def write(self, msg: str) -> None:
        self.logger.log(self.level, msg)

    @staticmethod
    def flush() -> None:
        return

(apologies if there are unused imports, this is part of a larger module).

IMO _TraceFileLogging should be added upstream in python-ldap – and python-ldap should really just use the standard logging system.