Needs a way to interact with LdapAuthentication when it is the primary provider.
The hard part is done with the merge of rEOSTca5602fbc403: Adjust to changes to LdapAuthentication in preparation for AuthManager. The one bit remaining is the use of the AbortNewAccount hook, which technically should be turned into a PreAuthenticationProvider but I'm somewhat inclined to just let LegacyHookPreAuthenticationProvider handle this one until OpenStackManager is killed.
Should we be lazy, or should we do the PreAuthenticationProvider?
That didn't work out because the extension used some LdapAuthentication proxy hooks (e.g. LDAPModifyUITemplate instead of UserLoginForm) and those got disabled when LdapAuthentication was updated.