When a new user is created, they are forced to reset their password; you cannot uncheck the box for "Password Reset Required".
Likewise, when a user is imported from LDAP, they are required to change their password.
This might be fine for new users (but annoying), but it will make the Liferay and LDAP passwords out of sync, not to mention causing confusion (since the point of LDAP is to keep the passwords the same).
Steps to reproduce:
1. Setup LDAP import in Liferay. I used Active Directory
2. Sign in with the LDAP user.
I used password of "test"
3. They will be prompted to Reset their Password
Reset it to "test1"
4. Sign in with LDAP User with "test1"
Error will be thrown (see attachment "LDAP error")
5. Sign out of LDAP user account
6. Sign in with password "test"
The passwords will be resynced.
The reason for this is because when Liferay forces the LDAP user to change their password, and Export is not enabled, then the passwords between Liferay and LDAP become out of sync.
Because the passwords are out of sync, the 2 user accounts have become independent. This is why Liferay will allow you login with "test1" even though the LDAP password is still "test".
I'm not sure why Password Reset has become mandatory, but it should not be allowed for LDAP users at least.
This issue does not happen on 6.0.x, since Password Reset is not mandatory in that version.