(ITS#8944) Support Microsoft AD DirSync as a consumer

[hyc@openldap.org]

Full_Name: Howard Chu
Version: 2.5
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.233.39.182)
Submitted by: hyc


Code in master is now available for operating slapd as a replication consumer
against Microsoft ActiveDirectory using their DirSync protocol. Note that no
attempt has been
made to work with anything other than user and group entries.

A sample config, based on the test017 syncrepl consumer config:

####
include         ./schema/core.schema
include         ./schema/cosine.schema
include         ./schema/inetorgperson.schema
include         ./schema/nis.schema
include		./schema/msuser.schema

attributeoptions        range=

database        mdb
suffix          "dc=ldapsync,dc=local"
rootdn          "cn=Replica,dc=ldapsync,dc=local"
rootpw          secret
directory       ./testrun/db.2.a
index           objectClass     eq
index           cn,sn,uid       pres,eq,sub
index           entryUUID,entryCSN      eq

syncrepl        rid=1
                provider=ldap://ldapsync/
                binddn="cn=Administrator,cn=users,dc=ldapsync,dc=local"
                bindmethod=simple
                credentials=MSAD-secret
                searchbase="dc=ldapsync,dc=local"
                filter="(|(objectClass=user)(objectclass=group))"
                schemachecking=off
                scope=sub
                type=dirSync
                interval=00:00:00:03
updateref       ldap://ldapsync/


database        monitor
####

Note that DirSync doesn't have a persist mode, it only works by
refreshOnly-style polling. DirSync support for Modifications is quite braindead;
the protocol has no way to indicate deletion of single-valued attributes. This
has been left as-is for now, possibly some workarounds can be added for that
later.