Add SELinux user mapping framework.

This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.

https://fedorahosted.org/freeipa/ticket/755

ipalib/errors.py

@@ -1512,6 +1512,22 @@ class NotRegisteredError(ExecutionError):
     format = _('Not registered yet')
 
 
+class DependentEntry(ExecutionError):
+    """
+    **4307** Raised when an entry being deleted has dependencies
+
+    For example:
+    >>> raise DependentEntry(label=u'SELinux User Map', key=u'test', dependent=u'test1')
+    Traceback (most recent call last):
+      ...
+    DependentEntry: Not registered yet
+
+    """
+
+    errno = 4307
+    format = _('%(key)s cannot be deleted because %(label)s %(dependent)s requires it')
+
+
 ##############################################################################
 # 5000 - 5999: Generic errors