diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index 02d74f5a2f01f0a0c65e5d700991c642e875eca0..ce0aeec9aecd76e7c34ad48bfd315a9fce2cea1d 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -291,7 +291,7 @@ if _settings.get("ldap.uri", None):
         AUTH_LDAP_BIND_PASSWORD = _settings.get("ldap.bind.password")
 
     # Keep local password for users to be required to proveide their old password on change
-    AUTH_LDAP_SET_USABLE_PASSWORD = True
+    AUTH_LDAP_SET_USABLE_PASSWORD = _settings.get("ldap.handle_passwords", True)
 
     # Keep bound as the authenticating user
     # Ensures proper read permissions, and ability to change password without admin
diff --git a/aleksis/core/util/ldap.py b/aleksis/core/util/ldap.py
index 5a17cbbb5aea91030fab467c21897826f74eb6aa..96b058ac0060975cdd08281be94ba4df371aa7db 100644
--- a/aleksis/core/util/ldap.py
+++ b/aleksis/core/util/ldap.py
@@ -20,13 +20,13 @@ class LDAPBackend(_LDAPBackend):
         Django database in order to not require it to have global admin permissions
         on the LDAP directory.
         """
-        user = ldap_user.authenticate(password)
-
-        if not user:
-            # Fail early and do not try other backends
-            raise PermissionDenied("LDAP failed to authenticate user")
+        user = super().authenticate_ldap_user(ldap_user, password)
 
         if self.settings.SET_USABLE_PASSWORD:
+            if not user:
+                # Fail early and do not try other backends
+                raise PermissionDenied("LDAP failed to authenticate user")
+
             # Set a usable password so users can change their LDAP password
             user.set_password(password)
             user.save()