In a Service Management installation where Service Desk, Service Catalog are integrated and EEM is configured to use LDAP, some users can't log in to Service Catalog web UI and the trace view.log shows
2021/10/14 184.108.40.2067 TRACE [https-jsse-nio-443-exec-22] [DBSource] Query: select dr.*, t.path, c.contact_uuid from usm_contact_domain_role dr, usm_tenant t, ca_contact c where dr.user_id in ( N'xxxxx' ) and t.tenant_id = dr.domain and c.userid = dr.user_id
2021/10/14 220.127.116.117 TRACE [https-jsse-nio-443-exec-22] [DBSource] Query values: 
2021/10/14 18.104.22.1687 TRACE [https-jsse-nio-443-exec-22] [DBSource] Rows=0
where xxxxx is the user login id that failed to login
This tech doc gives one reason why this happens.
Release : 17.3
Component : Service Catalog
If there are some duplicate userid or their supervisor/manager has duplicate userid, though the id is inactive, the userid won't be able to login to Service Catalog web UI.
Login Service Desk as an administrator account search-->contact and enter the userid and remove the active field and see if the userid has some duplicates. If yes, rename the inactive ones.
And open the userid contact details and organization details and do the same to check if the supervisor has duplicates.