Better error message for login of users from other realms
    
    When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
    are not allowed to access this service.'.
    
    Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
    
    https://fedorahosted.org/freeipa/ticket/3252
    
    denied change