fetch full user from sql to avoid ldap lookups