We are using MS AD as our LDAP provider with LR. We have set ldap.import.user.password.enabled=false (AD would not permit reading password attribute anyway). Other relevant settings considering ldap auth are:
Changing user password as admin via CP works but when user tries to changes his own password it fails in PwdAuthenticator where LR tries to verify users current password against LR DB which obviously does not match.
The suggested fix would be to add a check for auth.pipeline.enable.liferay.check=false in PwdAuthenticator#authenticate and delegate authentication to ldap.