diff --git a/src/metabase/integrations/ldap.clj b/src/metabase/integrations/ldap.clj
index 40bd54bde0621e7619c2de89dcda2f7dc7b5c23e..27ba7f9cefbb92c18d28fd65708282b066d8e993 100644
--- a/src/metabase/integrations/ldap.clj
+++ b/src/metabase/integrations/ldap.clj
@@ -211,11 +211,8 @@
   (let [user (or (db/select-one [User :id :last_login] :email email)
                  (user/create-new-ldap-auth-user! {:first_name first-name
                                                    :last_name  last-name
-                                                   :email      email
-                                                   :password   password}))]
+                                                   :email      email}))]
     (u/prog1 user
-      (when password
-        (user/set-password! (:id user) password))
       (when (ldap-group-sync)
         (let [special-ids #{(:id (group/admin)) (:id (group/all-users))}
               current-ids (set (map :group_id (db/select ['PermissionsGroupMembership :group_id] :user_id (:id user))))
diff --git a/src/metabase/models/user.clj b/src/metabase/models/user.clj
index c7b930e5d68d239956c1534e91b94e81f91328c7..858558ab24621cb0c2054f02718af6fe5428580f 100644
--- a/src/metabase/models/user.clj
+++ b/src/metabase/models/user.clj
@@ -191,7 +191,10 @@
   "Convenience for creating a new user via LDAP. This account is considered active immediately; thus all active admins
   will recieve an email right away."
   [new-user :- NewUser]
-  (insert-new-user! (assoc new-user :ldap_auth true)))
+  (insert-new-user! (-> new-user
+                        ;; We should not store LDAP passwords
+                        (dissoc :password)
+                        (assoc :ldap_auth true))))
 
 (defn set-password!
   "Updates the stored password for a specified `User` by hashing the password with a random salt."