Using LDAP, the user must already have an account on the ldap server, there is nothing in mojoportal to create ldap accounts.
Automatically add LDAP users means automatically create a mojoportal user if the ldap login succeeds and the user does not already exist in the mojoportal db. Roles are still managed within mojoportal and must be assigned to the mojoportal user, we don't lookup roles in ldap. For all purposes other than authentication we are just using the mojoportal user from the db. The user in the db gets a random password in the mojoportal db but it is not the ldap password and is not used when using ldap for authentication.