Delegated LDAP Group Object Filter changes require restart to take effect, and are not validated

Steps to reproduce

1. Set up an Delegate LDAP directory in stash, with copy user on login, synchronise group memberships and group object filter of "(cn=Stash)"
2. Make sure that there isn't any "Default Group Memberships"
3. Create a user in LDAP as a member of LDAP groups 'Stash' and 'Stash sysadmin'
4. Confirm that you can log in as that user, and that the group membership for 'Stash' (but not 'Stash sysadmin') is synced into stash.
5. As the admin user, change the group object filter to be "(|(cn=Stash)(cn=Stash sysadmin))". Verify that the GUI edit page and "Directory Configuration summary" reflect the change
6. Log out the LDAP user, and log back in again
7. The user is not added to the 'Stash sysadmin' group
8. Restart Stash
9. Log in as the LDAP user
10. The user is in the 'Stash sysdamin' group
11. Change the group object filter to be "(|(cn=Stash)(cn=Stash sysadmin)" (NOTE the missing ")" at the end)
12. No error is reported by Stash
13. Restart Stash
14. Try to log in as the LDAP user
15. The user logs in, but the groups aren't synced, and the stash log reports:

    2014-07-09 14:02:32,929 ERROR [http-bio-7990-exec-16] 842x223x0 2fjgvu 211.29.157.13,127.0.0.1 "POST /j_stash_security_check HTTP/1.1" c.a.c.d.DelegatedAuthenticationDirectory Could not
     update remote group imported memberships of user "bradley.baetz" in directory "Delegated Authentication Directory".
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidSearchFilterException: Unbalanced parenthesis; nested exception is javax.naming.directory.Invalid
    SearchFilterException: Unbalanced parenthesis; remaining name 'ou=Groups,ou=staff,ou=OIE'
    

16. Change the ldap filter back, and then restart stash to pick up the change