Results 1 to 3 of 3

Thread: [SOLVED] External LDAP Authentication failover

  1. #1
    Join Date
    Sep 2008
    Location
    Boston
    Posts
    6
    Rep Power
    7

    Default [SOLVED] External LDAP Authentication failover

    I am using Zimbra 5.0.10 on Ubuntu 8.04 on Xen 3.2. I have External LDAP Authentication setup against another server in my domain and that is all working fine.

    However, I would like to create some mailboxes (support, info, etc) that are shared mailboxes between multiple users. As a result, I would like to avoid creating these mailboxes as "users" in my LDAP store. I believe, from various sources and specifically from the LDAP Auth wiki page (LDAP Authentication - Zimbra :: Wiki towards the bottom), that I should be able to create the account in Zimbra and *assign* a password (for normal users I do not assign a password so that they are forced to use the LDAP password) and avoid the user creation in LDAP.

    Problem is, I get authentication errors when I try to log in as the user. Upon review of the LDAP logs, I can clearly see that Zimbra is attempting to look up the user in LDAP which is, obviously, failing. Is there a way to convince Zimbra that users auth'ing against just Zimbra are legit?

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Welcome to the forums,

    su - zimbra
    zmprov md domain.com zimbraAuthFallbackToLocal TRUE

    Global & domain admin accounts automatically have fallback auth 'set' (both admin console and web-client) in-case your external LDAP/AD auth is unavailable or configured improperly.

    If you have any accounts with passwords besides '' (null) & your external ldap auth is down they can use that password - you may want to set:
    zmprov mc COSname zimbraFeatureChangePasswordEnabled FALSE

  3. #3
    Join Date
    Sep 2008
    Location
    Boston
    Posts
    6
    Rep Power
    7

    Default

    Looks like I made a good guess on the name of the thread . Worked like a charm.

    On the other aspect, I already do have "change pass" disabled, I am looking forward to seeing the write-through on passwords as are others elsewhere on the forums

Similar Threads

  1. External LDAP with GSSAPI authentication method
    By izvictor in forum Installation
    Replies: 17
    Last Post: 03-11-2009, 09:14 AM
  2. The Mysteries of External LDAP Authentication
    By bubarooni in forum Installation
    Replies: 7
    Last Post: 05-21-2008, 03:07 PM
  3. External LDAP authentication problem
    By mchamboredon in forum Installation
    Replies: 2
    Last Post: 01-16-2008, 10:02 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •