Create accounts for LDAP bind

There's also uid=nobody,ou=people,dc=jquantlib,dc=org which can be used as anonymous. In fact, Mantis is already using this account for anonymouns access.

There's also uid=administrator,ou=people,dc=jquantlib,dc=org which can be used as privileged access. MediaWiki and Mantis are already using this account for authentication but not for privileged operations. We need to decide which additional privileged this account should have and grant these privileges to this account.

At the moment, Mantis and Mediawiki are using cn=proxyagent,cn=jquantlib,cn=org for non-anonymous bind, which is necessary for checking user's password.

Mediawiki, being responsible for creating new accounts, is still using a the powerful admin account. Ideally, we should use another account which has restricted rights, like described in this article:
http://www.openldap.org/lists/openldap-software/200312/msg00351.html

Unfortunately, seems we are still missing something.
I've tried to grant cn=proxyagent the rights described by the aforementioned article but it's not working yet.

Another article of interest would be:
http://simonraven.kisikew.org/Documentation/ldap/sampleacls/

We have now a userdn for a proxyagent.

Mediawiki provides a self-service user registration workflow.
Other applications only authenticate against LDAP using the proxyagent.

We still need to grant permissions to allow the proxyagent to create new users.
At the moment we are still using the admin dn.

Kicked to v0.1.4

dropped back to the pot