Bug 602456 - Allow to add any cn=config attributes;
    allow to delete some cn=config attributes
    
    https://bugzilla.redhat.com/show_bug.cgi?id=602456
    
    Description:
    1. Originally, configuration attributes are designed not to allow
    adding or deleting, but to allow just replacing.  Due to a defect
    in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
    Instead of fixing the add checking to disallow adding, this patch
    logs the operation in the error log.
    2. On the other hand, deleting configuration attributes is rejected
    by LDAP_UNWILLING_TO_PERFORM.  We have a request that some attributes
    need to allow to delete.  This patch introduces a config attribute
    nsslapd-allowed-to-delete-attrs, which value is configuration
    attributes separated by a space ' '.  If an attribute is in the list,
    the attribute is allowed to delete.  The delete operation is also
    logged in the error log.  By default, the list contains "nsslapd-
    listenhost" and "nsslapd-securelistenhost".