Previously, the LDAP support changed thus: "Use 'givenName' and 'sn' for first name and last name in LDAP auth backend
instead of splitting 'cn'."  For at least the LDAP server in my company, this actually broke the subsequent call to create a user, because the givenName and sn fields returned from ldapo.search_s are one element lists.  E.g.,

passwd[0][1] -> {..., 'sn': ['Smith'], 'givenName': ['Fred']}

and givenName then equaled ['Fred'] instead of 'Fred'.

So that change broke my installation's ability to create a new user from LDAP.  The fix I'm submitting looks for the first item in the list.  

The previous version of backends.py *also* looked for a single element list for the cn:

passwd[0][1]['cn'][0]

So I'm guessing the change to use givenName and sn either was tested against a quirky LDAP implementation or wasn't properly tested.

Able to login to RB as a new user only existing in LDAP.
Able to specify a LDAP-only (non-RB-user) user as a reviewer.