After changing the LDAP Identity Source domain at the Cloud Director level users that were correct working before that operation faced problems with login to Provider portal. After checking entries at tables org_member and usr we found that records for these users were marked as stranded.
WARNING: Before you start create a DB backup. For making any changes in the DB of products you should contact support and create SR to get proper assistance! Use this post at your own risk. We don’t take responsibility and/or give any warranty if you reuse this content.
For getting information about all those accounts and for removing those records (that have is_external option - these accounts are from LDAP source and passwords of these accounts is null) we can use these SQL queries:
select * from usr where password is null and is_external is true and user_id in (select member_id from org_member where is_stranded is true)
delete from usr where password is null and is_external is true and user_id in (select member_id from org_member where is_stranded is true)
select * from org_member where is_stranded is true
delete from org_member where is_stranded is true
After removing those records we tried to log in again with the domain LDAP source account and we'll get success! Awesome!