Some users of my Django application come from a LDAP server. These users must not be able to change their django-admin password. The best, if they don't even have one.

That's why I subclassed django_auth_ldap.backend.LDAPBackend like this:

from django_auth_ldap.backend import LDAPBackend
from django.contrib.auth import get_user_model

class CustomLDAPBackend(LDAPBackend)  

    def authenticate_ldap_user(self, ldap_user, password):
          
        user = ldap_user.authenticate(password)     
       
        print("BEFORE set_unusable_password(): ", user.has_usable_password())
        user.set_unusable_password()
        user.save()

        print("AFTER set_unusable_password(): ", user.has_usable_password())

        return user
    

By user.set_unusable_password() I try to hide the password, because I read it in several places (here in SO as well as in the

Furthermore if I login multiple times, the result of print("BEFORE set_unusable_password(): ", user.has_usable_password()) is always True, despite calling user.set_unusable_password() and saving the user. As if a new user object is getting created every time.

The other 'Change Password' area (marked by blue, in the picture below) stays intact:

To get rid of the 'blue' area we need to override a template like this:

{% extends "admin/change_form.html" %}
{% load i18n %}

{% block field_sets %}
{% for fieldset in adminform %}

  {% if forloop.first and user.has_usable_password %}
    {% include "admin/includes/fieldset.html" %}
  {% endif %}
 
  {% if not forloop.first %}
     {% include "admin/includes/fieldset.html" %}
  {% endif %}

{% endfor %}
{% endblock %}

This overriding template html needs to be called change_form.html and needs to be placed like below (red circle):