Create tool to manage dogtag replication agreements

For the most part the existing replication code worked with the
following exceptions:

- Added more port options
- It assumed that initial connections were done to an SSL port. Added
  ability to use startTLS
- It assumed that the name of the agreement was the same on both sides.
  In dogtag one is marked as master and one as clone. A new option is
  added, master, the determines which side we're working on or None
  if it isn't a dogtag agreement.
- Don't set the attribute exclude list on dogtag agreements
- dogtag doesn't set a schedule by default (which is actually recommended
  by 389-ds). This causes problems when doing a force-sync though so
  if one is done we set a schedule to run all the time. Otherwise the
  temporary schedule can't be removed (LDAP operations error).

https://fedorahosted.org/freeipa/ticket/1250

freeipa.spec.in

@@ -365,6 +365,7 @@ fi
 %{_sbindir}/ipa-replica-install
 %{_sbindir}/ipa-replica-prepare
 %{_sbindir}/ipa-replica-manage
+%{_sbindir}/ipa-csreplica-manage
 %{_sbindir}/ipa-server-certinstall
 %{_sbindir}/ipa-ldap-updater
 %{_sbindir}/ipa-compat-manage
@@ -437,6 +438,7 @@ fi
 %{_mandir}/man1/ipa-replica-conncheck.1.gz
 %{_mandir}/man1/ipa-replica-install.1.gz
 %{_mandir}/man1/ipa-replica-manage.1.gz
+%{_mandir}/man1/ipa-csreplica-manage.1.gz
 %{_mandir}/man1/ipa-replica-prepare.1.gz
 %{_mandir}/man1/ipa-server-certinstall.1.gz
 %{_mandir}/man1/ipa-server-install.1.gz
@@ -504,7 +506,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
 
 %changelog
-* Wed Jul 6 2011 Adam Young <ayoung@redhat.com> - 2.0.90-5
+* Thu Jul 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.90-6
+- Add ipa-csreplica-manage tool.
+
+* Wed Jul  6 2011 Adam Young <ayoung@redhat.com> - 2.0.90-5
 - Add HTML file describing issues with HBAC deny rules
 
 * Fri Jun 17 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.90-4