settings: Configure LDAP avatar synchronization in dev environment.

This should make it a lot more convenient to do manual testing of
these common LDAP configuration options.

docs/subsystems/auth.md

@@ -99,3 +99,32 @@ information on these modes, refer to
 - `FAKE_LDAP_NUM_USERS` in `zproject/dev_settings.py` can be used to
 specify the number of LDAP users to be added. The default value for
 the number of LDAP users is 8.
+
+### Testing avatar and custom profile field synchronization
+
+The fakeldap LDAP directories we use in the development environment
+are generated by the code in `zerver/lib/dev_ldap_directory.py`, and
+contain data one might want to sync, including avatars and custom
+profile fields.
+
+We also have configured `AUTH_LDAP_USER_ATTR_MAP` in
+`zproject/dev_settings.py` to sync several of those fields.  For
+example:
+
+* Modes `a` and `b` will set the user's avatar on account creation and
+  update it when `manage.py sync_ldap_user_data` is run.
+* Mode `b` is configured to automatically have the `birthday` and
+  `Phone number` custom profile fields populated/synced.
+* Mode `a` is configured to deactivate/reactivate users whose accounts
+  are disabled in LDAP when `manage.py sync_ldap_user_data` is run.
+  (Note that you'll likely need to edit
+  `zerver/lib/dev_ldap_directory.py` to ensure there are some accounts
+  configured to be disabled).
+
+### Automated testing
+
+For our automated tests, we generally configure custom LDAP data for
+each individual test, because that generally means one can understand
+exactly what data is being used in the test without looking at other
+resources.  It also gives us more freedom to edit the development
+environment directory without worrying about tests.

zproject/dev_settings.py

@@ -107,6 +107,8 @@ FAKE_LDAP_MODE = None  # type: Optional[str]
 # FAKE_LDAP_NUM_USERS = 8
 
 if FAKE_LDAP_MODE:
+    # To understand these parameters, read the docs in
+    # prod_settings_template.py and on ReadTheDocs.
     LDAP_APPEND_DOMAIN = None
     AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=zulip,dc=com'
 
@@ -115,10 +117,27 @@ if FAKE_LDAP_MODE:
         from django_auth_ldap.config import LDAPSearch
         AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=zulip,dc=com",
                                            ldap.SCOPE_SUBTREE, "(email=%(user)s)")
+        AUTH_LDAP_USER_ATTR_MAP = {
+            "full_name": "cn",
+            "avatar": "thumbnailPhoto",
+            # This won't do much unless one changes the fact that
+            # all users have LDAP_USER_ACCOUNT_CONTROL_NORMAL in
+            # zerver/lib/dev_ldap_directory.py
+            "userAccountControl": "userAccountControl",
+        }
     elif FAKE_LDAP_MODE == 'b':
         LDAP_APPEND_DOMAIN = 'zulip.com'
+        AUTH_LDAP_USER_ATTR_MAP = {
+            "full_name": "cn",
+            "avatar": "jpegPhoto",
+            "custom_profile_field__birthday": "birthDate",
+            "custom_profile_field__phone_number": "phoneNumber",
+        }
     elif FAKE_LDAP_MODE == 'c':
         LDAP_EMAIL_ATTR = 'email'  # type: Optional[str]
+        AUTH_LDAP_USER_ATTR_MAP = {
+            "full_name": "cn",
+        }
     AUTHENTICATION_BACKENDS += ('zproject.backends.ZulipLDAPAuthBackend',)  # type: ignore # tuple hackery
 
 THUMBOR_URL = 'http://127.0.0.1:9995'