backends.py: Enable auth with any ldap attributes as username.

This commit enables user to authenticate with any attribute set in
AUTH_LDAP_USER_SEARCH given that LDAP_EMAIL_ATTR is set to an email
attributes in the ldap server. Thus email and username can be
completely unrelated.

With some tweaks by tabbott to squash in the documentation and make it
work on older servers.

zproject/backends.py

@@ -416,7 +416,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
         try:
             if settings.REALMS_HAVE_SUBDOMAINS:
                 self._realm = get_realm(realm_subdomain)
-            else:
+            elif settings.LDAP_EMAIL_ATTR is not None:
                 self._realm = get_realm_by_email_domain(username)
             username = self.django_to_ldap_username(username)
             user_profile = ZulipLDAPAuthBackendBase.authenticate(self, username, password)
@@ -433,6 +433,14 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
     def get_or_create_user(self, username, ldap_user):
         # type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
         try:
+            if settings.LDAP_EMAIL_ATTR is not None:
+                # Get email from ldap attributes.
+                if settings.LDAP_EMAIL_ATTR not in ldap_user.attrs:
+                    raise ZulipLDAPException("LDAP user doesn't have the needed %s attribute" % (settings.LDAP_EMAIL_ATTR,))
+
+                username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
+                self._realm = get_realm_by_email_domain(username)
+
             user_profile = get_user_profile_by_email(username)
             if not user_profile.is_active or user_profile.realm.deactivated:
                 raise ZulipLDAPException("Realm has been deactivated")