fix(ldap): 修复 AD 环境下用户搜索失败和密码策略冲突

- objectClasses 移除 inetOrgPerson 和 organizationalPerson，仅保留 person + top
  AD 用户的 objectClass 是 user 而非 inetOrgPerson，导致 LdapRecord 搜索过滤不到用户
- LDAP 用户首次创建本地账号时使用随机密码，避免 LDAP 密码不满足本地密码策略

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/Ldap/LdapUser.php

@@ -19,8 +19,6 @@ class LdapUser extends Model
      * @var array
      */
     public static $objectClasses = [
-        'inetOrgPerson',
-        'organizationalPerson',
         'person',
         'top',
     ];
@@ -208,7 +206,9 @@ class LdapUser extends Model
             }
             $user = User::whereEmail($email)->first();
             if (empty($user)) {
-                $user = User::reg($email, $password);
+                // LDAP 用户通过 LDAP 认证，本地密码用随机值以满足密码策略
+                $localPassword = Base::generatePassword(16) . 'Aa1!';
+                $user = User::reg($email, $localPassword);
             } elseif (!$user->isLdap()) {
                 info("[LDAP] merged with existing local account: userid={$user->userid}, email={$email}");
             }