keystone ldap part 2

If you get "unable to authorize user" when you try to get an (admin) LDAP user to authenticate

You are missing the endpoint, yeah, LDAP users needs keystone endpoint to be set in order to authenticate.

It doesn't matter if you user-role-list (using token auth) shows your user having admin role, you need the endpoint configured.