The LDAP authentication process is more like a handshake request and based upon the response from the authorizing LDAP server as to whether the account is valid, active, and the password correct. ALM in no way caches or saves the password, so the fact that the old password is working means that something within the LDAP configuration or the authorized user account used for LDAP authorization requests is misconfigured. I would elevate the QC and SA log files to the debug level and recreate the issue noting the time and account credentials used to recreate the issue. Using the new password and getting a denial should record something that may help guide your LDAP admin where to start their investigation. This is fhe best we can do and I would recommend that the LDAP admin turn on loggin on the system to see the issue as well. These log files are the best that I can provide from an ALM side as this is definitely and LDAP specific issue that the admin needs to correct.
Hope this helps,