diff --git a/rhodecode/controllers/admin/users.py b/rhodecode/controllers/admin/users.py
--- a/rhodecode/controllers/admin/users.py
+++ b/rhodecode/controllers/admin/users.py
@@ -158,13 +158,18 @@ class UsersController(BaseController):
         # url('user', id=ID)
         user_model = UserModel()
         c.user = user_model.get(id)
+        c.ldap_dn = c.user.ldap_dn
         c.perm_user = AuthUser(user_id=id)
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
-            user_model.update(id, form_result)
+            skip_attrs = []
+            if c.ldap_dn:
+                #forbid updating username for ldap accounts
+                skip_attrs = ['username']
+            user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
@@ -233,6 +238,7 @@ class UsersController(BaseController):
         c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
         user_model = UserModel()
+        c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
             'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -246,7 +246,7 @@ class UserModel(BaseModel):
             log.error(traceback.format_exc())
             raise
 
-    def update(self, user_id, form_data):
+    def update(self, user_id, form_data, skip_attrs=[]):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self.get(user_id, cache=False)
@@ -256,6 +256,8 @@ class UserModel(BaseModel):
                                   " crucial for entire application"))
 
             for k, v in form_data.items():
+                if k in skip_attrs:
+                    continue
                 if k == 'new_password' and v:
                     user.password = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
diff --git a/rhodecode/templates/admin/users/user_edit.html b/rhodecode/templates/admin/users/user_edit.html
--- a/rhodecode/templates/admin/users/user_edit.html
+++ b/rhodecode/templates/admin/users/user_edit.html
@@ -50,7 +50,11 @@
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
-                    ${h.text('username',class_='medium')}
+                    %if c.ldap_dn:
+                        ${h.text('username',class_='medium disabled', readonly="readonly")}
+                    %else:
+                        ${h.text('username',class_='medium')}
+                    %endif:
                 </div>
              </div>