Consider adding support for syncing group membership from LDAP

[dpage-edb]

Do we need this? If so, how will it work exactly, as there are multiple ways in which an LDAP user can be members of groups?

[bkief]

@dpage-edb I would be very supportive of this feature and willing to provide a PR. I would suggest replacing the user AD search with a new dictionary object (like the guc) that defines an AD group and maps to the appropriate Postgres role(s). Each run will add/remove users from the appropriate roles based on AD group membership and additionally add/remove from the database if necessary.

ad_mapping = {
    'db-prod-orders-admin': {'pg_roles': ['pg-admin-role'], 'isAdmin': True},
    'db-prod-orders-user': {'pg_roles': ['pg-rw-role', 'pg-ro-role'], 'isAdmin': False}
    'db-prod-orders-readonly': {'pg_roles': ['pg-ro-role'], 'isAdmin': False}
    }