Add ipa-custodia service

Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/installutils.py

@@ -35,6 +35,7 @@ from contextlib import contextmanager
 from dns import resolver, rdatatype
 from dns.exception import DNSException
 import ldap
+import ldapurl
 from nss.error import NSPRError
 import six
 from six.moves.configparser import SafeConfigParser, NoOptionError
@@ -1097,6 +1098,13 @@ def check_version():
 def realm_to_serverid(realm_name):
     return "-".join(realm_name.split("."))
 
+
+def realm_to_ldapi_uri(realm_name):
+    serverid = realm_to_serverid(realm_name)
+    socketname = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (serverid,)
+    return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
+
+
 def enable_and_start_oddjobd(sstore):
     oddjobd = services.service('oddjobd')
     sstore.backup_state('oddjobd', 'running', oddjobd.is_running())