Check password expiry times in Active Directory backend

When a user logs in, the password expiry time is checked and compared to
the $conf['auth']['ad']['expirywarn'] setting (in days). If the password
is about to expire in the specified timeframe, a warning is issued on
login.

This patch adds a new method to the adLDAP class for querying domain
parameters.