fix: AD authentication when auth_ad_base_dn is an OU (#6405)

* fix: AD authentication when auth_ad_base_dn is an OU
OUs don't have SID, so we can't use them to figure out the domain SID

* Only match leading OUs

* Actually, might be best to remove everything except the domain components.

html/includes/authentication/active_directory.inc.php

@@ -230,9 +230,12 @@ function get_domain_sid()
 {
     global $config, $ldap_connection;
 
+    // Extract only the domain components
+    $dn_candidate = preg_replace('/^.*?DC=/i', 'DC=', $config['auth_ad_base_dn']);
+
     $search = ldap_read(
         $ldap_connection,
-        $config['auth_ad_base_dn'],
+        $dn_candidate,
         '(objectClass=*)',
         array('objectsid')
     );