LDAP support

model
   an account can optionally have an "external authorizer" (EA), described by
      authorizer type
         LDAP, OpenAuth
      authorizer URL
      authorizer account ID

if user creates account using EA,
    they shouldn't be aware of a separate BOINC account

if an account has an EA, user can remove it
    (after which they have to login with password)

if an account doesn't have an EA, user can add it

web login
    login form has "log in with LDAP" link
    handler:
        authorize account w/ LDAP server
        get back email, ID
        if acct w/ that email exists
            if authorizer info matches, OK
            else show error
                "a PROJECT account with that email address exists,
                but isn't configured to log in with LDAP.
                Please log in using email and PROJECT password."
        else
            create account
        if

database

Projects can support LDAP;
   this is exported in get_project_config.php

client attach
   current:
      do either lookup_account or create_account w/ email, passwd
      create account as needed
   new:
      GUI, attach form:
         "login with LDAP" checkbox
         LDAP name, password fields