Comment 3 for bug 1457533

Looks like a simple solution for this is to just relax the check for existing user a bit. Right now it checks for BOTH user name and requested tenant. But there's really no need for including the tenant in the search. If the user already exists, but is associated with a different tenant, the next step, grant_role will handle giving that use a role in a the specified tenant. I'll put up a patch with that approach shortly.