How to Turn Off Transport Layer Authentication While Turning on LDAP auth for REST

We are using elasticsearch 1.7.5 and evaluating searchguard 1.7. We would like to lock down the REST interface using LDAP and allow applications that use the transport interface to be unauthenticated. I tried setting searchguard.transport_auth.enabled: false while also turning on LDAP auth to be used for REST. When my apps make a connection I get a RuntimeException Unauthenticated request (SEARCHGUARD_UNAUTH_REQ) for action that comes from AbstractActionFilter. Is this a bug?