I've been searching for this a few days now, without luck. I believe http://www.forgelife.com/forum/-/message_boards/view_message/59959#_19_message_59959 is about the issue, but the link to the blog ( http://www.liferay.com/web/jonas.yuan/blog/-/blogs/keeping-user-password-secure-with-ldap-integration ) is broken.

So, currently I have Liferay 6.1 CE GA2 running on a Windows 2008 R2. We have Windows Active Directory running. testing the connection to LDAP works fine, as does test users(it returns users). The problem is, we do not have a admin account on AD that can see the passwords of user, nor do we want one. So what I am trying to do is import users to liferay but leave their password to blank.

I've copied the http://demo.forgelife.com/s/1Q-2Pe-hEc-3aS-hEd/lps9001-ldap-ce6101-portal-impl.jar patch to /tomcat-7.0.27/webapps/ROOT/WEB-INF/lib and I have a \tomcat-7.0.27\webapps\ROOT\WEB-INF\classes\portal-ext.properties file with text:
"
ldap.import.user.password.enabled=false
ldap.import.user.password.autogenerated=false
ldap.import.user.password.default=test
"
In it(my plan was to test if this would work, then I would replace the "test" password with something extremely long and delete the portal-ext.properties after importing users). But the users are still not being imported and I still cannot login with the credentials on our LDAP server. I have everything ticked on the portal setting/authenticate/LDAP except the "export enabled", which we do not plan to use.