If a super admin has frontend access set to internal, when he opens the LDAP authentication configuration form, he will have a list of users to test LDAP with. This list must only contain users that have frontend access set to "System default" to make sure that there's somebody who can access the frontend after the change.