In Admin -> General Configuration, there is an External password management flag which we recommend people turn on when using LDAP. In this case, when new users are created, it makes no sense to send the password in the email notification, since the password is unused (the LDAP password takes precedence). In fact, if users are self-registering and may enter their LDAP password, this is a security risk, as we don't want valid passwords going over unencrypted email. For people using JIRA currently, passwords in signup emails can be prevented by editing: atlassian-jira/WEB-INF/classes/templates/email/text/includes/userdetails.vm