Adds support for ppolicy overlay.

[tcsalameh]

This adds support for the ppolicy overlay, by adding the necessary
changes to the cn=config database. The user will be required to activate
the ppolicy schema, and any password enforcement will rely on a user
defined default password object at cn=passwordDefault,.

[coveralls]

Coverage decreased (-0.4%) to 53.165% when pulling ea42419 on tcsalameh:ppolicy-config into 99b89af on bodgit:master.

[bodgit]

I would prefer these to be exposed as native booleans and do the conversion of true -> 'TRUE' & false -> 'FALSE' within the module, (maybe add a function to do that?). I'd also rather not abbreviate the ppolicy to pp in the parameter names, yeah they're long and wordy but it matches the other parameters. I also see 'pp' and think 'pretty print' 😄

[bodgit]

The one nit with this is in the case of the server being a read-only replica, in order to increase lockout/bind failed counters in the read-write upstream directory the chain overlay needs to be enabled and configured in addition to setting the update_ref parameter. At the moment I just make the clients chase referrals themselves.

[bodgit]

I've merged this (with some minor alterations) now that I've added preliminary chain overlay support so it can work in a replicated setup. I'm not 100% convinced yet that all of these overlays are in the right order; the OpenLDAP documentation is confusing as %$*! in this regard.

Thanks for your contributions, I've been meaning to add unique and ppolicy support for a while. I'd just like to sort #22 and possibly #19 then I'll cut a v1.2.0 release.

[tcsalameh]

Thank you for merging these changes. The overlays have been working fine on our setup with this ordering, but I agree that the OpenLDAP documentation is really confusing on that topic.

We'd started working on some of these changes too, and I noticed that there's a puppet library function - bool2str - that converts a boolean to two strings. So adding another function to do this may not be necessary; something like:
bool2str($::openldap::server::ppolicy_forward_updates, 'TRUE', 'FALSE')
should also work for the conversions on lines 445-447 in config.pp.

Also, thank you for adding preliminary support for the chain overlay (another area with confusing documentation!). We had started working on this, but were running into some issues, and we'll go from what you've done so far.

[bodgit]

We'd started working on some of these changes too, and I noticed that there's a puppet library function - bool2str - that converts a boolean to two strings. So adding another function to do this may not be necessary; something like:
bool2str($::openldap::server::ppolicy_forward_updates, 'TRUE', 'FALSE')
should also work for the conversions on lines 445-447 in config.pp.

I knew there was a str2bool function but I didn't realise there's a companion bool2str, in which case I'll just refactor to use that if it works and rip out the function I added.

Also, thank you for adding preliminary support for the chain overlay (another area with confusing documentation!). We had started working on this, but were running into some issues, and we'll go from what you've done so far.

It took me most of last night to work out how to get chaining to work, as you say the documentation is confusing and I could only find examples using the old slapd.conf syntax. It turned out I had the right syntax and overlay objects but I had them configured on the *db database with the other overlays when it should apparently be configured on the frontend database. I'll probably add a ppolicy + chain example to the README.