May you report this at the issue tracker of pas.plugins.ldap? I am not sure if it is a bug or a misconfiguration, you need to provide more context, i.e. the plugins configuration.
Edit: Issue tracker is at https://github.com/collective/pas.plugins.ldap/issues