diff --git a/phpgwapi/inc/class.auth_fallback.inc.php b/phpgwapi/inc/class.auth_fallback.inc.php
index b0e4243884..c87e7aca53 100644
--- a/phpgwapi/inc/class.auth_fallback.inc.php
+++ b/phpgwapi/inc/class.auth_fallback.inc.php
@@ -12,32 +12,32 @@
 
 /**
  * Authentication agains a LDAP Server with fallback to SQL
- * 
+ *
  * For other fallback types, simply change auth backends in constructor call
  */
 class auth_fallback implements auth_backend
 {
 	/**
 	 * Primary auth backend
-	 * 
+	 *
 	 * @var auth_backend
 	 */
 	private $primary_backend;
-	
+
 	/**
 	 * Fallback auth backend
-	 * 
+	 *
 	 * @var auth_backend
 	 */
 	private $fallback_backend;
-	
+
 	/**
 	 * Constructor
 	 */
 	function __construct($primary='auth_ldap',$fallback='auth_sql')
 	{
 		$this->primary_backend = new $primary;
-		
+
 		$this->fallback_backend = new $fallback;
 	}
 
@@ -53,6 +53,16 @@ class auth_fallback implements auth_backend
 		if ($this->primary_backend->authenticate($username, $passwd, $passwd_type))
 		{
 			egw_cache::setInstance(__CLASS__,'backend_used-'.$username,'primary');
+			// check if fallback has correct password, if not update it
+			if (($account_id = $GLOBALS['egw']->accounts->name2id($username)) &&
+				!$this->fallback_backend->authenticate($username,$passwd, $passwd_type))
+			{
+				$backup_currentapp = $GLOBALS['egw_info']['flags']['currentapp'];
+				$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';	// otherwise
+				$ret = $this->fallback_backend->change_password('', $passwd, $account_id);
+				$GLOBALS['egw_info']['flags']['currentapp'] = $backup_currentapp;
+				error_log(__METHOD__."('$username', \$passwd) updated password for #$account_id on fallback ".($ret ? 'successfull' : 'failed!'));
+			}
 			return true;
 		}
 		if ($this->fallback_backend->authenticate($username,$passwd, $passwd_type))
@@ -88,7 +98,12 @@ class auth_fallback implements auth_backend
 		}
 		if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary')
 		{
-			return $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id);
+			if ($ret = $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id))
+			{
+				// if password successfully changed on primary, also update fallback
+				$this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id);
+			}
+			return $ret;
 		}
 		return $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id);
 	}