ticket 181 - Allow PAM passthru plug-in to have multiple config entries
    
    Previously, the PAM passthru plug-in only allowed a single configuration
    to be in place.  The only config entry was the top-level PAM plug-in
    entry in cn=config.
    
    This patch allows multiple PAM passthru configuration entries to be
    specified.  This gives the ability to have much more flexibility
    when passing authentication to PAM.  You can  do things like use
    different PAM server files for different portions of the DIT, or
    even different mapping methods and security requirements.
    
    To allow even more flexibility, I added support for a new pamFilter
    configuration attribute.  This allows an LDAP filter to be used to
    determine which entries a PAM passthru configuration should apply
    to.  This allows a flat DIT to have different PAM passthru config
    based off of the contents of the entries, such as using the objectclass
    value.
    
    Lastly, I added the ability to use an alternate plug-in configuration
    area for PAM passthru config entries.  This allows one to store the
    config entries in a replicated tree instead of cn=config.  When using
    the alternate config area, only the child entries of the alternate
    config container are considered to be PAM passthru config entries.
    When the normal area in cn=config is used, both the top-level PAM
    passthru plug-in config entry and it's children are considered to
    be config entries.  This ensures that the existing config style is
    backwards compatible.  Using an alternate config area meant getting
    rid of the DSE style config callbacks and implementing normal pre-op
    and post-op callback for dynamic config validation and loading.