And when LDAP is enabled in the main wiki, and disabled on the child wiki.
I think it could be great to add the following somewhere as a tooltip in the LDAP App. Or in xwiki.cfg maybe :
When the LDAP authenticator fails to authenticate to a wiki it will try in the main wiki.
on the top of that, the above only concerns LDAP users. For master wiki local users to authenticate (ie, not LDAP users) through a child wiki, "trylocal" should be set to "yes" on the child wiki, even if "trylocal" is set to "yes" on the master wiki.
Where we could think it is enough to have trylocal set to "yes" on the master wiki. We could add "...a login attempt which match a local main user credential isn't in the scope of the LDAP fallback ; trylocal should be set - per wiki - for that purpose". Or something equivalent.
Hope it is clear enough.