diff --git a/seahub/auth/forms.py b/seahub/auth/forms.py
index 96355a5d93..c9ee70c631 100644
--- a/seahub/auth/forms.py
+++ b/seahub/auth/forms.py
@@ -7,7 +7,7 @@ from seahub.base.accounts import User
 from seahub.auth import authenticate
 from seahub.auth.tokens import default_token_generator
 from seahub.utils import IS_EMAIL_CONFIGURED, send_html_email, \
-    is_valid_username
+    is_valid_username, is_ldap_user
 
 from captcha.fields import CaptchaField
 
@@ -75,14 +75,17 @@ class PasswordResetForm(forms.Form):
         if not IS_EMAIL_CONFIGURED:
             raise forms.ValidationError(_(u'Failed to send email, email service is not properly configured, please contact administrator.'))
         
-        email = self.cleaned_data["email"].lower()
+        email = self.cleaned_data["email"].lower().strip()
 
         # TODO: add filter method to UserManager
         try:
             self.users_cache = User.objects.get(email=email)
         except User.DoesNotExist:
             raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
-        
+
+        if is_ldap_user(self.users_cache):
+            raise forms.ValidationError(_("Can not reset password, please contact LDAP admin."))
+
         return email
 
     def save(self, domain_override=None, email_template_name='registration/password_reset_email.html',
diff --git a/seahub/auth/views.py b/seahub/auth/views.py
index 6ce8012a9c..0899348ef4 100644
--- a/seahub/auth/views.py
+++ b/seahub/auth/views.py
@@ -22,8 +22,8 @@ from seahub.auth.decorators import login_required
 from seahub.auth.forms import AuthenticationForm, CaptchaAuthenticationForm
 from seahub.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm
 from seahub.auth.tokens import default_token_generator
-
 from seahub.base.accounts import User
+from seahub.utils import is_ldap_user
 
 # Get an instance of a logger
 logger = logging.getLogger(__name__)
@@ -261,6 +261,10 @@ def password_change(request, template_name='registration/password_change_form.ht
                     post_change_redirect=None, password_change_form=PasswordChangeForm):
     if post_change_redirect is None:
         post_change_redirect = reverse('auth_password_change_done')
+
+    if is_ldap_user(request.user):
+        messages.error(request, _("Can not update password, please contact LDAP admin."))
+
     if request.method == "POST":
         form = password_change_form(user=request.user, data=request.POST)
         if form.is_valid():
diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py
index 8e99cbacfc..0eee95d318 100644
--- a/seahub/base/accounts.py
+++ b/seahub/base/accounts.py
@@ -71,6 +71,7 @@ class UserManager(object):
         user.is_active = emailuser.is_active
         user.ctime = emailuser.ctime
         user.org = emailuser.org
+        user.source = emailuser.source
 
         return user
 
diff --git a/seahub/utils/__init__.py b/seahub/utils/__init__.py
index 8cd008d9fe..bfeaca59bc 100644
--- a/seahub/utils/__init__.py
+++ b/seahub/utils/__init__.py
@@ -232,6 +232,11 @@ def is_valid_username(username):
     """
     return is_valid_email(username)
 
+def is_ldap_user(user):
+    """Check whether user is a LDAP user.
+    """
+    return user.source == 'LDAP'
+
 def check_filename_with_rename(repo_id, parent_dir, filename):
     cmmts = get_commits(repo_id, 0, 1)
     latest_commit = cmmts[0] if cmmts else None