I'm now using External LDAP as an authentication method for Zimbra. Is there a way to disable internal authentication for non-admin account? From my knowledge, Having two password that can be used to enter same services is not considered safe.
As far as I know, If I enter no password for user when I create new account on Zimbra. When user successfully logon via external authen, Password will be set on Zimbra. Then user can change internal zimbra password. But existing user that has an zimbra account will be able to use both password to enter zimbra.
Currently, I think it is not easy to do some password sync between Zimbra and external LDAP. Disabling Zimbra internal auth might be a better way to do - But can I do that?
PS. Admin might have to be able to login using internal auth, In case of emergency (LDAP down).