Comment 3 for bug 1643301

@Lance, imagine the case you only have identity ldap backend in place, and user/group are from LDAP server side, how to use it? If it's SQL backend we can bootstrap an admin user (typically the user will be grant access to the resource) but is that possible for LDAP backend? The only way I think is using admin token. But
given admin token should be deprecated for security risk, any other way we can handle with the case?