Indirect LDAP resource provisioning fails on missing password

1. setting cipher algorithm to AES in conf
2. creating user with no resources
3. creating role with LDAP resource assigned
4. giving role to user and have error "missing attribute _PASSWORD_"
5. removing role from user
6. assigning the LDAP resource to user and succeeding