Currently smart card / certificate-based sign-in can authenticate
against an LDAP server, unless that server is Active Directory based.
This change allows using certificates such as those hosted on smart
cards to authenticate against Active Directory servers in a basic way.

Changelog: added
EE: true