openldap: add -h urlList in service so LDAP TLS could be enabled

[womfoo]

snip from the slapd manpage:

-h URLlist
       slapd will by default serve ldap:/// (LDAP over TCP on all interfaces on default LDAP port).  That is, it will bind using INADDR_ANY and port 389.  The -h option may be used to specify LDAP (and other  scheme)  URLs  to
       serve.   For  example,  if slapd is given -h "ldap://127.0.0.1:9009/ ldaps:/// ldapi:///", it will listen on 127.0.0.1:9009 for LDAP, 0.0.0.0:636 for LDAP over TLS, and LDAP over IPC (Unix domain sockets).  Host 0.0.0.0
       represents INADDR_ANY (any interface).  A space separated list of URLs is expected.  The URLs should be of the LDAP, LDAPS, or LDAPI schemes, and generally without a DN or other optional parameters  (excepting  as  dis‐
       cussed below).  Support for the latter two schemes depends on selected configuration options.  Hosts may be specified by name or IPv4 and IPv6 address formats.  Ports, if specified, must be numeric.  The default ldap://
       port is 389 and the default ldaps:// port is 636.

• Tested using sandboxing
  (nix.useSandbox on NixOS,
  or option build-use-sandbox in nix.conf
  on non-NixOS)
• Built on platform(s)
  • NixOS
  • OS X
  • Linux
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

I'd also like to backport this to 16.03 if no one objects.

[mention-bot]

By analyzing the blame information on this pull request, we identified @robberer, @edolstra and @jozko to be potential reviewers

[womfoo]

rebased commit to fix minor typo.

also cc'ing maintainers @lovek323 and @mornfall for more visibility :-)