Extend xhLdapServiceConnectionMonitor (or add new) with more query options

[amcclain]

It would be useful to have a built-in status monitor that could validate its ability to query parameterized lists of users and/or groups. The current xhLdapServiceConnectionMonitor monitor only takes a single queryUser param. As its name indicates, this monitor is intended to validate connectivity, and that's really it.

Now that LDAP groups are used for role management, it would be helpful to have a monitor that confirms we can load the LDAP groups that are setup to back roles. We could do this by:

• Extending the existing monitor to accept a list of users and a list of groups in its params, only passing if it can query them successfully.
• Adding another monitor with those options and a different name
• Getting either the existing or a new monitor to look very particularly for LDAP group DNs encoded into role memberships, and always ensure it can query those - or check in with role service to ensure role service is resolving all directory groups successfully.

I would like to look more closely at the last option - anything that avoids manual work keeping lists in sync is going to be much better. (If we go this way, update the ticket with a better name / description)