diff --git a/ipynbsrv/core/auth/authentication_backends.py b/ipynbsrv/core/auth/authentication_backends.py
index 6fe4266..ac06b63 100644
--- a/ipynbsrv/core/auth/authentication_backends.py
+++ b/ipynbsrv/core/auth/authentication_backends.py
@@ -1,8 +1,9 @@
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
+from hashlib import md5
 from ipynbsrv.contract.errors import AuthenticationError, ConnectionError, \
     UserNotFoundError
-from ipynbsrv.core.helpers import get_user_backend_connected
+from ipynbsrv.core.helpers import get_internal_ldap_connected, get_user_backend_connected
 from ipynbsrv.core.models import BackendGroup, BackendUser, \
     CollaborationGroup
 import logging
@@ -35,11 +36,13 @@ def authenticate(self, username=None, password=None):
                 return None  # not allowed, Django only user
 
         try:
+            internal_ldap = get_internal_ldap_connected()
             user_backend = get_user_backend_connected()
             user_backend.auth_user(username, password)
             if user is not None:  # existing user
                 if not user.check_password(password):
-                    user.set_password(password)
+                    user.set_password(password)  # XXX: not needed. should we leave it empty?
+                    internal_ldap.set_user_password(username, md5(password).hexdigest())
                     user.save()
             else:  # new user
                 uid = BackendUser.generate_internal_uid()
@@ -61,6 +64,7 @@ def authenticate(self, username=None, password=None):
             return None
         finally:
             try:
+                internal_ldap.disconnect()
                 user_backend.disconnect()
             except:
                 pass
diff --git a/ipynbsrv/core/signals/backend_users.py b/ipynbsrv/core/signals/backend_users.py
index 60c359c..516f7d0 100644
--- a/ipynbsrv/core/signals/backend_users.py
+++ b/ipynbsrv/core/signals/backend_users.py
@@ -151,24 +151,6 @@ def remove_public_directory(sender, user, **kwargs):
             raise ex
 
 
-@receiver(backend_user_modified)
-def update_password_on_internal_ldap(sender, user, fields, **kwargs):
-    """
-    Update the password on the internal LDAP server on change.
-    """
-    if user is not None:
-        try:
-            internal_ldap = get_internal_ldap_connected()
-            internal_ldap.set_user_password(user.backend_pk, user.django_user.password)
-        except UserNotFoundError:
-            user.delete()  # XXX: cleanup
-        finally:
-            try:
-                internal_ldap.disconnect()
-            except:
-                pass
-
-
 @receiver(post_delete, sender=BackendUser)
 def post_delete_handler(sender, instance, **kwargs):
     """