diff --git a/keystone/common/utils.py b/keystone/common/utils.py
index 51e995752c..e5d10e88e7 100644
--- a/keystone/common/utils.py
+++ b/keystone/common/utils.py
@@ -113,15 +113,6 @@ def hash_user_password(user):
     return dict(user, password=hash_password(password))
 
 
-def hash_ldap_user_password(user):
-    """Hash a user dict's password without modifying the passed-in dict."""
-    password = user.get('password')
-    if password is None:
-        return user
-
-    return dict(user, password=ldap_hash_password(password))
-
-
 def hash_password(password):
     """Hash a password. Hard."""
     password_utf8 = trunc_password(password).encode('utf-8')
@@ -129,20 +120,6 @@ def hash_password(password):
         password_utf8, rounds=CONF.crypt_strength)
 
 
-def ldap_hash_password(password):
-    """Hash a password. Hard."""
-    password_utf8 = trunc_password(password).encode('utf-8')
-    h = passlib.hash.ldap_salted_sha1.encrypt(password_utf8)
-    return h
-
-
-def ldap_check_password(password, hashed):
-    if password is None:
-        return False
-    password_utf8 = trunc_password(password).encode('utf-8')
-    return passlib.hash.ldap_salted_sha1.verify(password_utf8, hashed)
-
-
 def check_password(password, hashed):
     """Check that a plaintext password matches hashed.
 
diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py
index 7045c06714..199c1dec2c 100644
--- a/keystone/identity/backends/ldap.py
+++ b/keystone/identity/backends/ldap.py
@@ -99,7 +99,6 @@ class Identity(identity.Driver):
         if 'name' in user and old_obj.get('name') != user['name']:
             raise exception.Conflict(_('Cannot change user name'))
 
-        user = utils.hash_ldap_user_password(user)
         if self.user.enabled_mask:
             self.user.mask_enabled_attribute(user)
         self.user.update(user_id, user, old_obj)
@@ -224,7 +223,6 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
         del values['enabled_nomask']
 
     def create(self, values):
-        values = utils.hash_ldap_user_password(values)
         if self.enabled_mask:
             orig_enabled = values['enabled']
             self.mask_enabled_attribute(values)
diff --git a/keystone/tests/fakeldap.py b/keystone/tests/fakeldap.py
index 46de0890c2..77ac3f6a20 100644
--- a/keystone/tests/fakeldap.py
+++ b/keystone/tests/fakeldap.py
@@ -30,7 +30,6 @@ import six
 from six import moves
 
 from keystone.common.ldap import core
-from keystone.common import utils
 from keystone import exception
 from keystone.openstack.common.gettextutils import _
 from keystone.openstack.common import log
@@ -251,7 +250,7 @@ class FakeLdap(core.LDAPHandler):
                       core.utf8_decode(who))
             raise ldap.INAPPROPRIATE_AUTH
 
-        if not utils.ldap_check_password(cred, db_password):
+        if cred != db_password:
             LOG.debug('bind fail: password for who=%s does not match',
                       core.utf8_decode(who))
             raise ldap.INVALID_CREDENTIALS
diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py
index 4e17c86939..a07be9825a 100644
--- a/keystone/tests/test_backend_ldap.py
+++ b/keystone/tests/test_backend_ldap.py
@@ -253,6 +253,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
     def test_delete_group_with_user_project_domain_links(self):
         self.skipTest('N/A: LDAP does not support multiple domains')
 
+    def test_password_hashed(self):
+        self.skipTest('N/A: hashing is left up to the LDAP server')
+
     def test_list_projects_for_user(self):
         domain = self._get_domain_fixture()
         user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
diff --git a/keystone/tests/test_utils.py b/keystone/tests/test_utils.py
index 1426131d5d..c9867eb352 100644
--- a/keystone/tests/test_utils.py
+++ b/keystone/tests/test_utils.py
@@ -99,23 +99,6 @@ class UtilsTestCase(tests.TestCase):
         password_hashed = user_hashed['password']
         self.assertTrue(utils.check_password(password, password_hashed))
 
-    def test_hash_ldap_user_password_without_password(self):
-        user = self._create_test_user()
-        hashed = utils.hash_ldap_user_password(user)
-        self.assertEqual(user, hashed)
-
-    def test_hash_ldap_user_password_with_null_password(self):
-        user = self._create_test_user(password=None)
-        hashed = utils.hash_ldap_user_password(user)
-        self.assertEqual(user, hashed)
-
-    def test_hash_ldap_user_password_with_empty_password(self):
-        password = ''
-        user = self._create_test_user(password=password)
-        user_hashed = utils.hash_ldap_user_password(user)
-        password_hashed = user_hashed['password']
-        self.assertTrue(utils.ldap_check_password(password, password_hashed))
-
     def test_hash_edge_cases(self):
         hashed = utils.hash_password('secret')
         self.assertFalse(utils.check_password('', hashed))