diff --git a/ldap-useradmin/CHANGELOG b/ldap-useradmin/CHANGELOG
index 770af832e..1696fb52e 100644
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@@ -75,3 +75,5 @@ Added a field for editing the description for LDAP groups.
 The list of groups now includes descriptions, if any are set.
 ---- Changes since 1.520 ----
 Added Module Config options for additional LDAP filters to find users and groups, in addition to the posixAccount / posixGroup object class filters.
+---- Changes since 1.610 ----
+The userPassword attribute is now removed for users or groups that don't have a password set.
diff --git a/ldap-useradmin/save_user.cgi b/ldap-useradmin/save_user.cgi
index aa31b0d8e..6f9bbf9a4 100755
--- a/ldap-useradmin/save_user.cgi
+++ b/ldap-useradmin/save_user.cgi
@@ -360,7 +360,7 @@ else {
                               "loginShell" => $shell,
                               "homeDirectory" => $home,
                               "gidNumber" => $gid,
-                              "userPassword" => $pass,
+                              $pass ? ( "userPassword" => $pass ) : ( ),
                               "objectClass" => \@classes,
 			      @props );
 		if (&indexoflc("person", @classes) >= 0 &&
@@ -548,7 +548,7 @@ else {
 			      "loginShell" => $shell,
 			      "homeDirectory" => $home,
 			      "gidNumber" => $gid,
-			      "userPassword" => $pass,
+			      $pass ? ( "userPassword" => $pass ) : ( ),
 			      "objectClass" => \@classes,
 			      @props );
 		if (&indexoflc("person", @classes) >= 0 &&
@@ -556,6 +556,9 @@ else {
 			# Person needs 'sn'
 			$allprops{'sn'} = $real;
 			}
+		if (!$pass) {
+			push(@rprops, "userPassword");
+			}
 		$rv = $ldap->modify($newdn, 'replace' => \%allprops,
 					    'delete' => \@rprops);
 		if ($rv->code) {