optimisations

* use pyke's re cache
* get an unlimited number of ldap attributes
* get a perturbator for the OTP secret, in case of stolen phone
* lowercase the username, to avoid strange behaviour with the OTP

httpd.go

@@ -115,7 +115,7 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	profile, _ := h.ovpn.AuthLoop(h.minProfile,
+	profile, _, _ := h.ovpn.AuthLoop(h.minProfile,
 		strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1), "", false)
 	if profile != h.neededProfile {
 		http.Error(w, fmt.Sprintf("You need the %s profile", h.neededProfile), 403)