Support the new Winsync POSIX API.

This will sync down the POSIX attributes from AD so we need to be careful
to not mess with them when they are already set. This includes
uidNumber, gidNumber, homeDirectory, loginShell and gecos.

http://port389.org/wiki/WinSync_Posix
http://port389.org/wiki/Windows_Sync_Plugin_API#Version_3_API_functions

https://fedorahosted.org/freeipa/ticket/3007

install/updates/10-config.update

@@ -42,3 +42,8 @@ add:nsslapd-defaultNamingContext:'$SUFFIX'
 # Allow the root DSE to be searched even with minssf set
 dn: cn=config
 only:nsslapd-minssf-exclude-rootdse:on
+
+# Set the IPA winsync precedence so it will run after the DS
+# POSIX winsync plugin
+dn: cn=ipa-winsync,cn=plugins,cn=config
+only: nsslapd-pluginPrecedence: 60