When using MS AD LDAP with direct binding for auth, the user credentials are verified but groups are never mapped.

After some debugging, in "ui/include/classes/ldap/CLdap.php" function "getUserAttributes" the user password appears to always be null so it is incorrectly returning an empty list (line 344). The bind call fails due to having a null password while the bind_type is BIND_DNSTRING (line 226).

Not sure what the appropriate fix would be. My current workaround was removing that bind call on line 344 as the connection is already bound from a previous credential check anyways.

Steps to reproduce:

1. Configure LDAP authentication against MS AD using direct binding ("%{user}" in the Base DN & empty Bind DN/password)
2. Enable JIT provisioning & add LDAP user group mapping
3. Test login with any valid user. No LDAP groups will be mapped

Result:
User authentication is successful but group mapping is not working
Expected:
LDAP user groups should be mapped to Zabbix groups based on the user group mapping patterns