In some cases, as an administrator you may want to require users to authenticate themselves through LDAP with their LDAP password.
However, if a user already has an internal account with a password in the system, you can set the system to fallback to use their internal password if LDAP authentication fails.
You can prevent this fallback authentication by ensuring that the Disable Internal Password checkbox in the Edit User dialog is set.