LDAP: allow tagged values to be used for sensitive settings

Plus a drive-by Dialyzer improvement.

Author: michaelklishin

deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema

@@ -120,7 +120,7 @@ end}.
     [{datatype, [string]}]}.
 
 {mapping, "auth_ldap.dn_lookup_bind.password", "rabbitmq_auth_backend_ldap.dn_lookup_bind",
-    [{datatype, [string]}]}.
+    [{datatype, [tagged_binary, binary]}]}.
 
 %%  - as_user (to bind as the authenticated user - requires a password)
 %%  - anon    (to bind anonymously)
@@ -161,7 +161,7 @@ end}.
     [{datatype, string}]}.
 
 {mapping, "auth_ldap.other_bind.password", "rabbitmq_auth_backend_ldap.other_bind",
-    [{datatype, string}]}.
+    [{datatype, [tagged_binary, binary]}]}.
 
 {translation, "rabbitmq_auth_backend_ldap.other_bind",
 fun(Conf) ->

deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl

@@ -85,6 +85,7 @@ user_login_authentication(Username, _AuthProps) ->
 %% Credentials (i.e. password) maybe directly in the password attribute in AuthProps
 %% or as a Function with the attribute rabbit_auth_backend_ldap if the user was already authenticated with http backend
 %% or as a Function with the attribute rabbit_auth_backend_cache if the user was already authenticated via cache backend
+-spec extractPassword(list()) -> rabbit_types:option(binary()).
 extractPassword(AuthProps) ->
     case proplists:get_value(password, AuthProps, none) of
         none ->