In order to support bootstrapping a system with LDAP authorization turned on we need to expand the localhost exception to include role creation for the initial role mapping.

Once the first role has been created the localhost exception will be disabled (as is the case when creating the first user). In pseudo code:

exceptionEnabled = (LDAP Authz On && no roles in $external) || an admin user exists