Issue description:
When debug is enabled, ldap password from user is output in debug output.
IMHO it should be "atleast optional" to output the password of the user.. one should see the "error 49" response from AD if password really was wrong - so there should be no reason to output password in DEBUG by default.. that would more belong in full trace mode perhaps if one wanted that.

Are there any settings to perhaps ensure password is not output in DEBUG mode?

I'm using this library, via alerta alerta/alerta#524 (comment)

Which function or feature did you use to enable debug mode? There is trace level and OPT_DEBUG_LEVEL.

Alerta uses trace_level 2 for debug.. perhaps thats the wrong approach?

https://github.com/alerta/alerta/blob/f82d63a4f88b99385230ff62c1cd81ab95f09895/alerta/auth/basic_ldap.py#L53

Tracing logs all function calls including all arguments. It's slow and may log sensitive data like passwords. There is currently no API to suppress logging of sensitive data. It's far from trivial to figure which values should be filtered out. There might be sensitive information in LDAP URIs, function arguments, filters, or return values.

Therefore I advise against tracing on a production system.

So this won't happen if I Alerta uses OPT_DEBUG_LEVEL instead ? I agree its in general difficult to identify secret information, that does not mean one should not find atleast some way to do it - making it harder to eavesdrop users passwords, is always good :)

OPT_DEBUG_LEVEL enables low-level debugging of libldap. It's a process-wide option that will log even more data to stderr including TLS handshake information and raw ASN.1 protocol data.