Allow more complex LDAP user queries

[Epithumia]

As it stands, LDAP queries are limited to simple filters, since only one parameter can only be used the way formatting is done in auth.py. This PR rewrites the two culprit lines to allow a user query such as CAS_LDAP_USER_QUERY="(&(objectclass=*)(|(uid=%(username)s)(mail=%(username)s)))" plus the default value and doc line.