Harden the new MX/SRS mail setup so LDAP isn't a SPOF

The new servers mx-dal-01 and srs-dal-01 make LDAP queries to fetch email forwards. This introduces LDAP as single point of failure for mail delivery. We should mitigate this. Options are:

• add redundancy to LDAP by adding extra LDAP nodes (possibly read-only).
• run LDAP proxy caches locally on the MX and SRS servers
• generate static files based on LDAP data:
  • using UD-LDAP
  • using a custom script that queries LDAP periodically
  • in puppet, using something like https://forge.puppet.com/modules/puppet/ldapquery/readme