ldap: use PASSWD command if old password is known (#30577)

If we do not know the old password it's better to try a MOD_REPLACE.

src/authentic2/backends/ldap_backend.py

@@ -1002,8 +1002,8 @@ class LDAPBackend(object):
     @classmethod
     def modify_password(cls, conn, block, dn, old_password, new_password):
         '''Change user password with adaptation for Active Directory'''
-        if block['use_password_modify'] and not block['active_directory']:
-            conn.passwd_s(dn, old_password or None, new_password)
+        if old_password is not None and (block['use_password_modify'] and not block['active_directory']):
+            conn.passwd_s(dn, old_password, new_password)
         else:
             modlist = []
             if block['active_directory']: