outpost/ldap: Compare

[Nopey]

Is your feature request related to a problem? Please describe. When using Authentik's LDAP Outpost to secure an apache server (mod_authnz_ldap), only Require valid-user constraints are functional. Any constraint more complicated such as a group membership check is currently not possible, due to the ldap outpost not supporting the Compare operation.

Describe the solution you'd like Authentik's LDAP Outpost should support the compare message type.

Describe alternatives you've considered mod_auth_oidc is not useful here; common subversion clients such as Tortoise SVN and the svn command unfortunately do not support web-based authentication. (adding this to the list of reasons to prefer git to svn, as git does support web-based auth)

Additional context A simple repro with ldapcompare:

# ldapcompare -H ldap://my_ldap_outpost:3389 -D ${ldapsearch_user} -w ${ldapsearch_password} ${ldapsearch_user} memberOf:ldap-search
Compare Result: Insufficient access (50)
Additional info: Insufficient Access Rights
UNDEFINED

I have a proof-of-concept that implements Compare by calling Search and using beryju/ldap's filtering funcs (note: uses a patched version of beryju/ldap to expose needed fields)

Discord link to the support channel, where I posted while exploring this: https://discord.com/channels/809154715984199690/1170914395472277584

[BeryJu]

Please feel free to create a PR with the changes you've made and we can figure out how to best integrate support for this

[Nopey]

Blocked on https://github.com/BeryJu/ldap/pull/2