diff --git a/flaschengeist/modules/auth_ldap/__init__.py b/flaschengeist/modules/auth_ldap/__init__.py
index ddc0fb1..be99afd 100644
--- a/flaschengeist/modules/auth_ldap/__init__.py
+++ b/flaschengeist/modules/auth_ldap/__init__.py
@@ -1,6 +1,6 @@
 import ssl
 from ldap3.utils.hashed import hashed
-from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512, HASHED_SALTED_MD5
+from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from flask import current_app as app
 from flask_ldapconn import LDAPConn
@@ -32,6 +32,7 @@ class AuthLDAP(AuthPlugin):
             app.config["LDAP_SECRET"] = (config["SECRET"],)
         self.ldap = LDAPConn(app)
         self.dn = config["BASEDN"]
+        # TODO: might not be set if modify is called
         if "ADMIN_DN" in config:
             self.admin_dn = config["ADMIN_DN"]
             self.admin_secret = config["ADMIN_SECRET"]
diff --git a/flaschengeist/modules/auth_plain/__init__.py b/flaschengeist/modules/auth_plain/__init__.py
index 7d2e3a9..99acb8e 100644
--- a/flaschengeist/modules/auth_plain/__init__.py
+++ b/flaschengeist/modules/auth_plain/__init__.py
@@ -26,11 +26,11 @@ def _verify_password(stored_password, provided_password):
 class AuthPlain(AuthPlugin):
     def login(self, user: User, password: str):
         if user.has_attribute("password"):
-            return _verify_password(user.get_attributes("password"), password)
+            return _verify_password(user.get_attribute("password"), password)
         return False
 
     def modify_user(self, user, password, new_password=None):
         if password is not None and not self.login(user, password):
             raise BadRequest
         if new_password:
-            user.attributes["password"].value = _hash_password(new_password)
+            user.set_attribute("password", _hash_password(new_password))