I'm not sure if this is a valid issue because this depends on custom code we use to prevent the password fields in the Create User and Edit User details form from being rendered if the user logged via single sign on (ldap) because we don't those users changing their password through sakai.

However, looking at the code in userEditValidation.js, perhaps this was something other institutions may have also done in the past

Notice that is says "If there's a password field"

But then later in the code, regardless of whether or not there's a password field it tries to validate that the passwords match. And the matching must be run even if there's no password field because I believe there's another form validation check later on that will fail if the password matching hasn't been validated (again, even if there's no password field)

But between 11.x and 12.0, there was a change in userEditValidation.js ( Merge velocity admin tools together)

So now, because we don't render the password fields, the passwords will never match and the Save or Update details buttons are always greyed out

I'm not sure, but this might also happen if USER.isPasswordPolicyEnabled = false, but I tried reviewing the code that sets that, but it was a bit confusing.