An administrator set IWSS to use the User/group name via proxy authentication option, to identify incoming connections, and to authenticate with the LDAP server using the Simple method. However, these configurations do not work because IWSS still sends the login credentials to the LDAP server in an encrypted format.
The Simple method should not be using Kerberos, as all communications with the LDAP server should be in ClearText.
These settings can be found in the IWSS web console via HTTP > Configuration > LDAP.
IWSS was designed to communicate with the LDAP server in an encrypted format, regardless of whether the Simple or Advanced method is selected. This prevents users of a Packet Sniffer to see the login credentials of other users.
Trend Micro recommends using the Advanced method when authenticating with the LDAP server.