Some users of my Django application come from a LDAP server. These users must not be able to change their django-admin password. The best, if they don't even have one.
That's why I subclassed django_auth_ldap.backend.LDAPBackend like this:
from django_auth_ldap.backend import LDAPBackend
from django.contrib.auth import get_user_model
class CustomLDAPBackend(LDAPBackend)
def authenticate_ldap_user(self, ldap_user, password):
user = ldap_user.authenticate(password)
print("BEFORE set_unusable_password(): ", user.has_usable_password())
user.set_unusable_password()
user.save()
print("AFTER set_unusable_password(): ", user.has_usable_password())
return user
By user.set_unusable_password() I try to hide the password, because I read it in several places (here in SO as well as in the 
Furthermore if I login multiple times, the result of print("BEFORE set_unusable_password(): ", user.has_usable_password()) is always True, despite calling user.set_unusable_password() and saving the user. As if a new user object is getting created every time.
The other 'Change Password' area (marked by blue, in the picture below) stays intact:
To get rid of the 'blue' area we need to override a template like this:
{% extends "admin/change_form.html" %}
{% load i18n %}
{% block field_sets %}
{% for fieldset in adminform %}
{% if forloop.first and user.has_usable_password %}
{% include "admin/includes/fieldset.html" %}
{% endif %}
{% if not forloop.first %}
{% include "admin/includes/fieldset.html" %}
{% endif %}
{% endfor %}
{% endblock %}
This overriding template html needs to be called change_form.html and needs to be placed like below (red circle):



