Add digest md5 codes to -lldap/-lldap_r (work in progress)

	Fix broken ACL macros.
	Fix o_dn/o_ndn == NULL vs "".

of a bind request and, upon failure, are left "anonymous."

Rework ACL code to hide access testing within macros to facilate additions
and eventual redesign.

Addition of #ifdef SLAPD_ACLAUTH to conditional include EXPERIMENTAL
"auth" access controls.  Adds ACL_AUTH "auth" access level (above none,
below "compare").  bind requires anonymous access at this level or above access
to "entry"/"userPassword"/"krbName".  This allows administrators to restrict
which entries can be bound to.  (This will likely become default behavior
after testing has completed).

Added configuration support for "digest-realm <realm>" configure directive.
Added connection state and bind_in_progress fields to cn=monitor connection
attribute.

Make sure the token_val argument to get_token is always initialized
to something, either newly allocated memory or NULL.

if multiple step SASL binds are in progress.

Modify ldap_result to assert returned error is not an one reserved
for API use.
Modify frontend LDAP operation routines to return an error code.
The returned value will be used to determine if an unsolicited notification
should be sent to the client.
Need to review returned error codes.  Namely some LDAP_PROTOCOL_ERROR
will like need to be changed (as they will cause unsolicited notifications).

Update error strings and cldap misuse of server error.

Add place holder for handling LDAPv3 extended operations (coming soon).

Initial version of new mail500.

changed significantly.

specific which methods may be used.  This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.

Use everywhere.
Apply search ACLs to operational attributes.
Only provide operational attributes when explicitly requested.

tests: use "ldapadd" instead of "ldapmodify -a"