Add ability to configure external ldap user directory

Change-Id: I95f2d5c1cc2b816cd40ecdefd0ceed49b8d4b139

README.md

@@ -192,6 +192,21 @@ clickhouse_ldap_servers:
     tls_require_cert: "demand"
 ```
 
+F: You can manage [LDAP External User Directory](https://clickhouse.com/docs/en/operations/external-authenticators/ldap/#ldap-external-user-directory)
+```yaml
+# Helpful guide on https://altinity.com/blog/integrating-clickhouse-with-ldap-part-two
+clickhouse_ldap_user_directories:
+  - server: "example_ldap_server"
+    roles:
+      - "ldap_user"
+    role_mapping:
+      base_dn: "ou=groups,dc=example,dc=com"
+      attribute: "CN"
+      scope: "subtree"
+      search_filter: "(&(objectClass=group)(member={bind_dn}))"
+      prefix: "clickhouse_
+```
+
 F: You can manage Merge Tree config. For the list of available parameters, see [MergeTreeSettings.h](https://github.com/yandex/ClickHouse/blob/master/dbms/src/Storages/MergeTree/MergeTreeSettings.h).
 ```yaml
 clickhouse_merge_tree_config:

templates/config.j2

@@ -475,4 +475,26 @@
     </ldap_servers>
 {% endif %}
 
+{% if clickhouse_ldap_user_directories is defined %}
+    <user_directories>
+    {% for ldap_user_directory in clickhouse_ldap_user_directories %}
+        <ldap>
+            <server>{{ ldap_user_directory['server'] }}</server>
+            <roles>
+            {% for role in ldap_user_directory['roles'] %}
+                <{{ role }}/>
+            {% endfor %}
+            </roles>
+            {% if ldap_user_directory['role_mapping'] is defined %}
+            <role_mapping>
+            {% for key, value in ldap_user_directory['role_mapping'].items() %}
+                <{{ key }}>{{ value }}</{{ key }}>
+            {% endfor %}
+            </role_mapping>
+            {% endif %}
+        </ldap>
+    {% endfor %}
+    </user_directories>
+{% endif %}
+
 </yandex>