LDAP password in cleartext in ldap-password.dat file after encrypting passwords

In 2.7.x we store LDAP password within its own file; however the content of that file is not encrypted even if password encryption is on. To approach this issue the following should be done:

• in case password encryption is enabled we will encrypt the LDAP password in the credential store and write the corresponding CS alias in the LDAP password file (just like we do with other passwords in ambari.properties)
• in case the password encryption is disabled we will write the raw password in the LDAP password file

In both cases an additional level of security can be achieved by setting the appropriate user/group access on the file system to the LDAP password file.