Plus more pthread rwlock code

Update configure and depend --enable-dnssrv upon finding res_query
Update back-dnssrv to better handle ManageDSAit control

was only of limited use with LDAPv2 (worked okay if no non-T.61
values existed) but downright dangerous in the face of LDAPv3.
Any translation must be schema aware and the BER isn't.

	If application provide one, use it.  If application doesn't
	provide one, use best of server advertised.
Fix SASL/ANONYMOUS (not normally used, but should work)
PLAIN is not currently working... might be local to me as my
Cyrus installation is a bit hosted.

nasty message if password was provided.

	add common request handler
	remove bind handler (not needed)

Fix --disable-spasswd

against Cyrus SASLdb.  Like other cleartext mechanisms,
should be protected from eavesdropping.

plus these changes unhidden changes:
	remove now meaning --enable-discreteaci configure option
	fix ITS#451, slapd filters
	Add ber_bvecadd() to support above
	constify ldap_pvt_find_wildcard() and misc slapd routines
	renamed some slap.h macros
	likely broken something

one can select NDBM as NDBM is not supported.

under "auto" selection.  If not auto, just warn.
Rebuild configure using appropriate tools.

simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.

support for DCE slash-delimited, left-to-right DNs;
support for a domain socket transport (enable with
--enable-ldapi); and extensions to URL parsing to
support the latter transport.