#3791 update LDAP username check (#3906)

modules/auth/ldap/ldap.go

@@ -59,8 +59,8 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
 
 func (ls *Source) sanitizedUserDN(username string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4514: "special characters"
-	badCharacters := "\x00()*\\,='\"#+;<> "
-	if strings.ContainsAny(username, badCharacters) {
+	badCharacters := "\x00()*\\,='\"#+;<>"
+	if strings.ContainsAny(username, badCharacters) || strings.HasPrefix(username, " ") || strings.HasSuffix(username, " ") {
 		log.Debug("'%s' contains invalid DN characters. Aborting.", username)
 		return "", false
 	}