merge ud-ldap with upstream

as discussed in the ldap docs, we have diverged from upstream userdir-ldap. remerge with the latest release, ideally reducing our diff to zero by contributing our patches back upstream.

this might imply some code changes to override some templates locally; through puppet instead of through the package, for example.