Ambari setup-ldap: change group member default for IPA

The new cli options we introduced in Ambari 2.7.1 seem to be causing some problems. Here's a few observations from the past couple of days putting together the Ambari 2.7.1 - IPA security labs.

• Even after encrypting passwords and persisting thekey, the ambari-server setup-ldap cli doesn't seem to store the previous settings in the database. 

• The ldap-type option seemed to cause a lot of grief and confusion for the cli users. Could we please document its behavior in the cli help menu (and let's add it to the docs, after we get clarity)? 

• The default options for IPA integration aren't quite working. Please see the IPA lab for the values we have to override to get a working group resolution (User object class and Group member attribute) https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-3.0-IPA.md#4-enable-ldap-for-ambari