Login with local Django accounts and LDAP password changes are mutually exclusive

Currently, being able to change the LDAP password requires storing the user's password in the Django database. In order to ensure that the authentication fails if the LDAP user is removed, we let the LDAP backend fail the whole authentication process if it cannot authenticate against LDAP, so users cannot use their Django password longer than their LDAP credentials are valid.

This means that if using LDAP authentication, we can either have Django accounts work, or allow users to change their passwords.