Have you notice that when using WebCenter Portal (Spaces/Builder) you can only modify specific things from your profile? Or how about preventing the user from changing his password?
Well this can be customized really easily for all your users, just login as an Admin user:
You can also tune your application changing the cache settings for profile sync between Portal and your LDAP: