Hi,
Sorry for not responding to this sooner.
That definitely sounds like a problem, but I need to know more about your setup. We communicate with LDAP and tell it to perform an authentication attempt with the provided login/password, so it's ultimately up to LDAP (and the configured settings) to permit or deny login. Only upon a successful result do we treat the LDAP authentication as valid. So knowing where this is all going wrong is going to be important.
When authenticating, Review Board first checks the configured authentication backend (LDAP in your case) as mentioned above, and if that doesn't work, it checks if there's an in-database user and tries to authenticate with that. Admin accounts are created in-database, so that you can get in if LDAP is down, but if there's a matching username configured in LDAP and authentication succeeds, it'll use that instead. Either one will be considered valid. If the one in LDAP shouldn't be used, then I'd recommend creating a dedicated Review Board admin user account for your database and then deleting the default one.
To confirm, is the authentication problem happening with any non-admin users?
Is there an 'admin' user already in LDAP? What happens if you try to use another service that authenticates to your LDAP with that same admin user?
Would you also be able to share your configured LDAP settings in Review Board?
Christian