fix: bind OtOpcUa LdapOptions from real Security:Ldap section; gate validator on DevStubMode

tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/LdapOptionsValidatorTests.cs

@@ -46,6 +46,25 @@ public sealed class LdapOptionsValidatorTests
         Sut.Validate(null, options).Succeeded.ShouldBeTrue();
     }
 
+    /// <summary>
+    /// When the dev stub is active the real LDAP fields are irrelevant (the bind is bypassed), so
+    /// the gate skips the Server/SearchBase/Port checks even though LDAP is nominally enabled.
+    /// </summary>
+    [Fact]
+    public void DevStubMode_options_succeed_even_when_server_blank()
+    {
+        var options = new LdapOptions
+        {
+            Enabled = true,
+            DevStubMode = true,
+            Server = string.Empty,
+            SearchBase = string.Empty,
+            Port = 0,
+        };
+
+        Sut.Validate(null, options).Succeeded.ShouldBeTrue();
+    }
+
     /// <summary>Enabled with a blank server reports the required-server failure.</summary>
     [Fact]
     public void Enabled_with_blank_server_fails()