In userform.py:
Change
# Check if password is given and matches with password repeat if password != password2: return _("Passwords don't match!") if not password and newuser: return _("Please specify a password!")
to
# Check if password is given and matches with password repeat from ldap_check import ldap_check if not newuser and (password or password2): return _("""Passwords can only be changed in LDAP, not here. Please ask your system administrator about how to do that.""") if password != password2: return _("Passwords don't match!") if not password and newuser: return _("Please specify a password!") # Uncomment this if you want to check the ldap on user creation. Usually, everybody can add users, but the pass will never be used # if newuser and password and ldap_check(theuser.name, password): # return _("Password doesn't match LDAP entry. Please use your LDAP password.")
This will give people a message if they're trying to change their passwords (Passwords can only be changed in LDAP) for old users.