Customers have asked before:

When they configure and enable LDAP, are the default admin/admin account, or other non-ldap user accounts disabled by default?

The answer is no.

The default admin/admin account, and any other non-ldap accounts are completely separate from the LDAP functionality. It is required in order to provide licensing access to the system prior to LDAP being configured, and is not designed to integrate with LDAP.

If a customer requires LDAP-only access, the "admin" account password can be changed by the IT team to something secure, and then it can simply be ignored while LDAP accounts are used.