Replace LDAP user management with extrausers file-based system

[maltejk]

Summary

This PR removes the LDAP-based user management system and replaces it with a file-based approach using the libnss-extrausers library. User information is now synced to /var/lib/extrausers/passwd and /var/lib/extrausers/group files instead of being stored in an LDAP directory.

Key Changes

• Removed LDAP dependencies: Eliminated mprov-django-ldapdb, python-ldap, and related LDAP packages from requirements
• New extrausers module: Created src/borghive/lib/extrausers.py with sync_extrausers() function that atomically writes user data to extrausers passwd/group files
• Updated RepositoryUser model: Replaced sync_to_ldap() method with sync_to_extrausers() that regenerates extrausers files from the database
• Removed RepositoryLdapUser model: Deleted the LDAP model class and its migration, replaced with migration 0006_remove_repository_ldap_user.py to clean up the database
• Updated signal handlers: Modified repository_user_created and repository_user_deleted signals to call the new extrausers sync function
• Docker configuration:
  • Removed LDAP service from docker-compose files
  • Added extrausers-data volume to app, watcher, and borg services
  • Updated Dockerfile.borg to use libnss-extrausers instead of LDAP libraries
• SSH/PAM configuration:
  • Updated nsswitch.conf to use extrausers instead of LDAP
  • Simplified pam-sshd.conf to use pam_permit instead of pam_ldap
  • Removed nslcd configuration from borg/init.sh
• Helm charts: Removed LDAP-related environment variables and openldap dependency configuration
• Settings: Removed LDAP database configuration and replaced with EXTRAUSERS_PATH setting

Implementation Details

The new system uses atomic file writes (write to temp file, then rename) to ensure consistency when updating user files. The sync_extrausers() function is called whenever a RepositoryUser is created, updated, or deleted, ensuring the extrausers files stay in sync with the database. This approach is simpler than LDAP and doesn't require a separate directory service.

https://claude.ai/code/session_01KEFp9XaE1Rreo5drdE8w73

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 93.02326% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.21%. Comparing base (89376ff) to head (ed41319).

Files with missing lines	Patch %	Lines
...borghive/management/commands/watch_repositories.py	0.00%	1 Missing ⚠️
src/borghive/models/repository.py	75.00%	1 Missing ⚠️
src/borghive/signals.py	66.66%	1 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #16      +/-   ##
==========================================
+ Coverage   84.28%   85.21%   +0.92%     
==========================================
  Files          60       61       +1     
  Lines        1222     1224       +2     
  Branches       77       79       +2     
==========================================
+ Hits         1030     1043      +13     
+ Misses        165      154      -11     
  Partials       27       27              

Flag	Coverage Δ
unittests	85.21% <93.02%> (+0.92%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.