Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by providerType + providerDomain. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The domain also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value self in all cases. Yeah, yikes.
Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world.
(On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.)