#958074 (Bug #75933) ** LDAP-based authentication against some Active Directory servers would incorrectly authenticate successfully when an empty password was provided (non-empty passwords would validate only if they were correct). Authentication attempts against an LDAP server now fail if the password is empty. This means that you can't use the ldap AuthMethod if you don't set passwords for your users. If you want to use LDAP authentication for users without passwords then you should use an external authentication trigger. Note that this is an insecure configuration.