Create tool to manage dogtag replication agreements

For the most part the existing replication code worked with the
following exceptions:

- Added more port options
- It assumed that initial connections were done to an SSL port. Added
  ability to use startTLS
- It assumed that the name of the agreement was the same on both sides.
  In dogtag one is marked as master and one as clone. A new option is
  added, master, the determines which side we're working on or None
  if it isn't a dogtag agreement.
- Don't set the attribute exclude list on dogtag agreements
- dogtag doesn't set a schedule by default (which is actually recommended
  by 389-ds). This causes problems when doing a force-sync though so
  if one is done we set a schedule to run all the time. Otherwise the
  temporary schedule can't be removed (LDAP operations error).

https://fedorahosted.org/freeipa/ticket/1250

ipaserver/install/dsinstance.py

@@ -305,8 +305,8 @@ class DsInstance(service.Service):
                                               self.fqdn,
                                               self.dm_password)
         repl.setup_replication(self.master_fqdn,
-                               "cn=Directory Manager",
-                               self.dm_password)
+                               r_binddn="cn=Directory Manager",
+                               r_bindpw=self.dm_password)
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())