diff --git a/ldap_frontend/__init__.py b/ldap_frontend/__init__.py
index d64b11e..0df32c8 100644
--- a/ldap_frontend/__init__.py
+++ b/ldap_frontend/__init__.py
@@ -12,6 +12,7 @@ from .helpers.ldap import (
     login_required,
     try_auth,
     update_user,
+    update_user_password,
 )
 
 app = Flask(__name__)
@@ -63,32 +64,72 @@ def logout():
 @login_required
 def selfservice(ldap):
     if request.method == "POST":
-        try:
-            update_user(
-                ldap,
-                session["username"],
-                {
-                    "givenName": request.form["givenName"],
-                    "sn": request.form["sn"],
-                    "cn": "{} {}".format(
-                        request.form["givenName"],
-                        request.form["sn"],
+        if request.form.get("userdata"):
+            try:
+                update_user(
+                    ldap,
+                    session["username"],
+                    {
+                        "givenName": request.form["givenName"],
+                        "sn": request.form["sn"],
+                        "cn": "{} {}".format(
+                            request.form["givenName"],
+                            request.form["sn"],
+                        ),
+                        "mail": request.form["mail"],
+                    },
+                )
+                flash("data updated")
+            except LDAPException as e:
+                app.logger.error(
+                    "Updating {} failed: {}\n{}".format(
+                        APP_CONFIG["template"]["user_dn"].format(session["username"]),
+                        repr(e),
+                        repr(request.form),
                     ),
-                    "mail": request.form["mail"],
-                },
-            )
-            flash("data updated")
-            return redirect(url_for("selfservice"))
-        except LDAPException as e:
-            app.logger.error(
-                "Updating {} failed: {}\n{}".format(
-                    APP_CONFIG["template"]["user_dn"].format(session["username"]),
-                    repr(e),
-                    repr(request.form),
-                ),
-            )
-            flash(e)
+                )
+                flash(e)
+        elif request.form.get("passwordchange"):
+            validated = (True,)
+            if not try_auth(
+                session["username"],
+                request.form["current"],
+            ):
+                validated = False
+                flash("current password does not match")
 
+            if request.form["new"] != request.form["repeat"]:
+                validated = False
+                flash("new passwords do not match")
+
+            if len(request.form["new"]) < 12:
+                validated = False
+                flash("new password must be atleast 12 characters")
+
+            if validated:
+                try:
+                    update_user_password(
+                        ldap,
+                        session["username"],
+                        request.form["new"],
+                    )
+                    session["password"] = request.form["new"]
+                    flash("password changed")
+                except LDAPException as e:
+                    app.logger.error(
+                        "Updating {} failed: {}\n{}".format(
+                            APP_CONFIG["template"]["user_dn"].format(
+                                session["username"]
+                            ),
+                            repr(e),
+                            repr(request.form),
+                        ),
+                    )
+                    flash(e)
+
+        return redirect(url_for("selfservice"))
+
+    print(session)
     return template(ldap, "selfservice.html")
 
 
diff --git a/ldap_frontend/helpers/ldap.py b/ldap_frontend/helpers/ldap.py
index f3e8db2..b02d0f6 100644
--- a/ldap_frontend/helpers/ldap.py
+++ b/ldap_frontend/helpers/ldap.py
@@ -3,8 +3,15 @@ from json import load
 from os import environ
 
 from flask import redirect, session, url_for
-from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server
+from ldap3 import (
+    ALL_ATTRIBUTES,
+    HASHED_SALTED_SHA512,
+    MODIFY_REPLACE,
+    Connection,
+    Server,
+)
 from ldap3.core.exceptions import LDAPException
+from ldap3.utils.hashed import hashed
 
 with open(environ["APP_CONFIG"]) as f:
     APP_CONFIG = load(f)
@@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
     )
 
 
+def update_user_password(ldap, username, password):
+    return update_user(
+        ldap,
+        username,
+        {
+            "userPassword": hashed(HASHED_SALTED_SHA512, password),
+        },
+    )
+
+
 class UserNotFoundException(Exception):
     pass
diff --git a/ldap_frontend/templates/selfservice.html b/ldap_frontend/templates/selfservice.html
index 7fc8e9b..fd6126a 100644
--- a/ldap_frontend/templates/selfservice.html
+++ b/ldap_frontend/templates/selfservice.html
@@ -42,7 +42,7 @@
                         </div>
                     </div>
 
-                    <input type="submit" value="update" class="btn btn-primary mb-3"><br>
+                    <input type="submit" name="userdata" value="update" class="btn btn-primary mb-3"><br>
                 </fieldset>
             </form>
 
@@ -71,7 +71,7 @@
                         </div>
                     </div>
 
-                    <input type="submit" value="change password" class="btn btn-primary mb-3"><br>
+                    <input type="submit" name="passwordchange" value="change password" class="btn btn-primary mb-3"><br>
                 </fieldset>
             </form>
 {% endblock %}