Use GSSAPI for replication

Uses a temporary simple replication agreement over SSL to init the tree.
Then once all principals have been created switches replication to GSSAPI.

Fixes: https://fedorahosted.org/freeipa/ticket/690

install/tools/ipa-replica-manage

@@ -312,7 +312,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
                                         options.passsync, options.win_subtree,
                                         options.cacert)
     else:
-        repl1.setup_replication(replica2, "cn=Directory Manager", dirman_passwd)
+        repl1.setup_gssapi_replication(replica2, "cn=Directory Manager", dirman_passwd)
     print "Connected '%s' to '%s'" % (replica1, replica2)
 
 def re_initialize(realm, options):
@@ -350,7 +350,7 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
         sys.exit(1)
     if len(entry) > 1:
         logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
-    repl.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule, repl.conn)
+    repl.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule)
 
 def main():
     options, args = parse_options()