Build TCP reverse proxy for LDAP over SSL, only
Uses a separate HAProxy instance to route TCP requests (SSL-only) on port 636 to the real LDAP backend. Changing LDAP backends will be easier, can just change HAProxy config and redeploy. Also, can disallow all uplink to containers and selectively give them access to LDAP! Yay!