adjust test code to allow for using Okta LDAP in integration tests

- Okta LDAP requires using a different groups search filter.
- It also does not support posix groups, so make that expected
  value optional.

hack/prepare-for-integration-tests.sh

@@ -517,6 +517,7 @@ export PINNIPED_TEST_LDAP_BIND_ACCOUNT_USERNAME="cn=admin,dc=pinniped,dc=dev"
 export PINNIPED_TEST_LDAP_BIND_ACCOUNT_PASSWORD=password
 export PINNIPED_TEST_LDAP_USERS_SEARCH_BASE="ou=users,dc=pinniped,dc=dev"
 export PINNIPED_TEST_LDAP_GROUPS_SEARCH_BASE="ou=groups,dc=pinniped,dc=dev"
+export PINNIPED_TEST_LDAP_GROUPS_SEARCH_FILTER=""
 export PINNIPED_TEST_LDAP_USER_DN="cn=pinny,ou=users,dc=pinniped,dc=dev"
 export PINNIPED_TEST_LDAP_USER_CN="pinny"
 export PINNIPED_TEST_LDAP_USER_PASSWORD=${ldap_test_password}

hack/prepare-supervisor-on-kind.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2021-2024 the Pinniped contributors. All Rights Reserved.
+# Copyright 2021-2025 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 #
@@ -246,6 +246,7 @@ spec:
     secretName: my-ldap-service-account
   groupSearch:
     base: "$PINNIPED_TEST_LDAP_GROUPS_SEARCH_BASE"
+    filter: "$PINNIPED_TEST_LDAP_GROUPS_SEARCH_FILTER"
     attributes:
       groupName: "cn"
   userSearch: