Merge pull request from GHSA-4w46-w44m-3jq3

* strip password after authentication to prevent cleartext password storage

* fixed forgotten testcase forcing ;-/

* added test to check if password is not stored in user record

Co-authored-by: Fabian Strachanski <fabian@fastr.de>

src/Adapters/Auth/ldap.js

@@ -23,6 +23,7 @@ function validateAuthData(authData, options) {
 
   return new Promise((resolve, reject) => {
     client.bind(userCn, authData.password, ldapError => {
+      delete(authData.password);
       if (ldapError) {
         let error;
         switch (ldapError.code) {