If users are getting LDAP errors that prevent them from logging in, then Web Viewer will try to logon with mainframe single sign. That is how LDAP users are able to sign in with a default user profile. That is the way Web Viewer is designed.
Please check on the LDAP errors the users are getting to try to resolve them. Then they will get signed in with LDAP.
This is specified in the documentation:
You can select one of the following security configurations:
- Mainframe Security then LDAP Security
- LDAP Security then Mainframe Security
- External Security (Customer Supplied Authentication Exits)