Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine
whether krbLoginFailedCount existed on the entry when it was
retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT,
and don't assert an old value when not using LDAP_MOD_INCREMENT.
Also, create the krbLoginFailedCount attribute when creating new
entries. This allows us to use LDAP_MOD_INCREMENT during the first
failed login (if the server supports it), avoiding a race condition.
ticket: 6718
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24002
dc483132-0cff-0310-8789-
dd5450dbe970