As reported at https://idempiere.atlassian.net/browse/IDEMPIERE-3866?focusedCommentId=43076&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-43076
Using LDAP is allowing users to authenticate also with AD_User.Password, this can be considered a security issue, I think most companies would like to stop login if LDAP fails.