Currently there are two options for ldapdata to update the user's LDAP entry, save the user password in clear text in the session table or use a global bind dn that can change all users entries. Both are not really desirable. A simple solution would be to ask the user for his password whenever he updates his profile, so ldapdata can use it without having to save it somewhere in clear text.