fix: encode ldap values to make valid UTF8 (#8210)

# Which Problems Are Solved

UUIDs stored in LDAP are Octet Strings and have to be parsed, so that
they can be stored as IDs as they are not valid UTF8.

# How the Problems Are Solved

Try to parse the RawValue from LDAP as UUID, otherwise try to base64
decode and then parse as UUID, else use the data as string as before.

# Additional Changes

None

# Additional Context

Closes #7601

internal/idp/providers/ldap/session.go

@@ -3,11 +3,13 @@ package ldap
 import (
 	"context"
 	"crypto/tls"
+	"encoding/base64"
 	"errors"
 	"net"
 	"net/url"
 	"strconv"
 	"time"
+	"unicode/utf8"
 
 	"github.com/go-ldap/ldap/v3"
 	"github.com/zitadel/logging"
@@ -262,12 +264,12 @@ func mapLDAPEntryToUser(
 	}
 
 	return NewUser(
-		user.GetAttributeValue(idAttribute),
-		user.GetAttributeValue(firstNameAttribute),
-		user.GetAttributeValue(lastNameAttribute),
-		user.GetAttributeValue(displayNameAttribute),
-		user.GetAttributeValue(nickNameAttribute),
-		user.GetAttributeValue(preferredUsernameAttribute),
+		getAttributeValue(user, idAttribute),
+		getAttributeValue(user, firstNameAttribute),
+		getAttributeValue(user, lastNameAttribute),
+		getAttributeValue(user, displayNameAttribute),
+		getAttributeValue(user, nickNameAttribute),
+		getAttributeValue(user, preferredUsernameAttribute),
 		domain.EmailAddress(user.GetAttributeValue(emailAttribute)),
 		emailVerified,
 		domain.PhoneNumber(user.GetAttributeValue(phoneAttribute)),
@@ -277,3 +279,15 @@ func mapLDAPEntryToUser(
 		user.GetAttributeValue(profileAttribute),
 	), nil
 }
+
+func getAttributeValue(user *ldap.Entry, attribute string) string {
+	// return an empty string if no attribute is needed
+	if attribute == "" {
+		return ""
+	}
+	value := user.GetAttributeValue(attribute)
+	if utf8.ValidString(value) {
+		return value
+	}
+	return base64.StdEncoding.EncodeToString(user.GetRawAttributeValue(attribute))
+}