Ticket #415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist
    
    Bug description:
    2 case were fixed.
    1) A group on AD has a member which is not a target of windows
       sync and exists only on AD.  The member value in the group is
       synchronized to DS.  If an operation is executed on AD so that
       the member is replaced with other members which are the target
       of the windows sync, the new member values are not synchronized.
    2) If a group on AD and DS have members which are local and are
       not synchronized and the members are removed in the group on
       the other side, the delete operation is synchronized and
       deletes all the members including the local members.
    
    Fix description:
    1) In windows_generate_update_mods, even if a sync'ed member value
       in a DS entry is not the target of windows sync and it is does
       not exist on DS, a following modify operation including the member
       value is proceeded by confirming the existence on AD.
    2) AD->DS: in windows_map_mods_for_replay
       DS->AD: in windwos_generate_update_mods
       added the code to check if an attribute is completely deleted on
       one side, then the each value on the other side is in the sync
       scope or not.  Put the value to the mod for the delete only if
       the value is in the sync scope.
    
    Reviewed by Rich (Thank you!!)
    
    https://fedorahosted.org/389/ticket/415
    (cherry picked from commit 03814dd74df7f1f0d2842c5096c6425609da6f2c)