As indeed this is a bug you should be able to workaround this by specifying following properties as part of jbpm.usergroup.callback.properties file:
java.naming.security.principal=your username for ldap
java.naming.security.credentials=your password for ldap
That should allow to bind to LDAP that requires authentication.
HTH