A few improvements could be made to the log output from LDAP Authorization

• Failure to map authentication names to LDAP DNs should output the full trace of every rule that was attempted.
• LDAP name mapping rule failures should show the actual query that was executed and the failure reason
• Forgetting ldap:// yields bad parameter to ldap_ routines. We should catch this up front.
• We should try and minimize the number of reported errors when LDAP bind fails
• Provide a better message for invalid scope types
• Expected to find exactly one LDAP entity message should include the query