LDAP Authentication

Implementation of a substitude LDAP authentication class.

The new features and changes:

• Separate LDAP login and authentication validation
• An LDAP group membership is first checked before a user can be authenticated against LDAP
• LDAP Groups are handled recursivly (groups in groups)
• LDAP Groups and their members are cached with an expiration
• LDAP attributes can update XWiki user attributes configurable at create time or on every login
• LDAP group membership can be sync'ed with XWiki group membership
• If authentication with LDAP fails it still will try to authenticate against the XWiki DB
• detailed comments in xwiki.cfg
• pretty much every detail of the behavior can be configured in xwiki.cfg
• All valuable features from the old LDAPAuthServiceImpl are reimplemented (except for LDAP bind being sufficent for login implemented by the check_level configuration)
• Any LDAP attribute can be used containing the XWiki name
• Added SSL support
• Each virtual server can have it's own LDAP configuration even enable disable LDAP

This has been tested against OpenLDAP, Novell eDirectory and ApacheDS.

I would like to ask for a code-read, verification of how the module is using the XWiki APIs and testing in various environments.
Most of all, I am looking for feedback.