Added systemd service file and rpm spec file

This service file assumes nginx-ldap-auth-daemon.py was installed to
/usr/bin under the name of nginx-ldap-auth-daemon.

Minor bugfixes

Minor bugfixes: password can now contain colons, log_message uses self.ctx (instead of global ctx, which does not exist)

Commit 06444b36 changed returned error
code from 403 to 401 in case of failed auth and documentaion must be
updated accordingly.

Use RFC2616 recommandation to reply 401 instead on 403 for auth_failed

self.ctx may be unset in case of bad request or other low-level error.

Cf https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html ,

401 is for: auth failed... please retry ;)
-----------
10.4.2 401 Unauthorized
 The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" [43].



403 is for: more or less auth shouldn't be repeated
-----------
10.4.4 403 Forbidden
 The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

Regards,
Pascal

Added CTL script for RedHat linux.

This allows to use anonymous bind, if binddn is not provided. Previous
default setting lead to use of unauthenticated bind, which is usually
disabled in LDAP server configurations.

Standardizing representation of hyperlink to "How Authentication Works in the Reference Implementation" section of blog post. Adding space in front of OpenLDAP hyperlink in 'Compatibility' section, hoping that makes the link look right.

Correcting link to blog post: changing https://nginx.com/blog/nginx-plus-authenticate-users#configure to .../#ldap-auth-configure