create openldap setup utilities,

prototype ldap api interface

openldap/auth.template.ldif

@@ -0,0 +1,20 @@
+# Add permissions
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+delete: olcAccess
+-
+add: olcAccess
+olcAccess: {0}to attrs=userPassword 
+    by self write 
+    by anonymous auth 
+    by * none
+olcAccess: {1}to attrs=shadowLastChange 
+    by self write 
+    by * read
+olcAccess: {2}to dn.subtree="$BASE_DN"
+    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+    by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" write
+    by * read
+olcAccess: {3}to * 
+    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+    by * read