Set password of LDAP-logged-in user in database

Having a local password is needed to make changing passwords easier. In
order to catch password changes in a universal way and forward them to
backends (like LDAP, in this case), getting the old password first is
necessary to authenticate as that user to LDAP.

We buy the small insecurity of having a hash of the password in the
Django database in order to not require it to have global admin permissions
on the LDAP directory.