Results 1 to 7 of 7

Thread: Native & Active Directory password

  1. #1
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default Native & Active Directory password

    hi,
    I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
    I don't know where is my mistake!!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by qsdk View Post
    hi,
    I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
    I don't know where is my mistake!!
    There is currently no method of synchronising the passwords in an external ldap & Zimbra. You may want to vote on this bug: Bug 6353 – Unable to change password when using External LDAP authentication and use the script in comment #19 to sync the passwords.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default change in AD

    Dear Phoenix
    My Users change their password on Domain Controller ( MS Active Directory) and then they can login by new password and old password too !!!
    I want to know how can i sync my local ldap and external AD? or disable my local ldap authenticate
    Last edited by qsdk; 03-02-2010 at 05:09 AM.

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Code:
    su - zimbra
    zmprov md domain.com zimbraAuthFallbackToLocal FALSE

  5. #5
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by qsdk View Post
    I want to know how can i sync my local ldap and external AD?
    I've already given you the answer to that, there's a script in the bug report that will do it. Have you actually tried it?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default

    yes ,
    I do this job but doesnt work.
    I describe my problem : I have a Shell script that add AD user to my ZImbra by ldapsearch
    #!/bin/bash
    # zsync_ad.sh is a script thant syncs AD users and Zimbra users
    # It is unidirectional, just replicates changes from AD to ZCS
    # Developed on by Eduardo Gonzalez <egrueda at gmail dot com>
    # Testing version 0.6 - Use at your own risk

    LDAPSEARCH=ldapsearch
    ZMPROV=/opt/zimbra/bin/zmprov
    DOMAIN_NAME="test.com"
    TIMESTAMP=`date +%N`
    TMP_DIR=/tmp
    ADS_TMP=$TMP_DIR/users_ads_$TIMESTAMP.lst
    ZCS_TMP=$TMP_DIR/users_zcs_$TIMESTAMP.lst
    DIF_TMP=$TMP_DIR/users_dif_$TIMESTAMP.lst

    # Server values
    LDAP_SERVER="ldap://192.168.0.143"
    BASEDN="dc=test,dc=com"
    BINDDN="CN=zimbra,DC=test,DC=com"
    BINDPW="zimbra"
    FILTER="(&(sAMAccountName=*)(objectClass=user)(giv enName=*))"
    FIELDS="mail"

    # Extract users from ADS
    echo -n "Quering ADS... "
    $LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | \
    grep "@$DOMAIN_NAME" | \
    awk '{print $2}' | \
    sort > $ADS_TMP
    echo "Found `cat $ADS_TMP | wc -l` users ($ADS_TMP)"

    # Extract users from ZCS
    echo -n "Quering ZCS... "
    $ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
    echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

    # Generate diff
    echo "Generating diff file ($DIF_TMP)"
    diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP

    # Clean up users list
    rm -f $ADS_TMP $ZCS_TMP

    # Import new users
    echo -n "New users: "
    cat $DIF_TMP | grep ^+ | wc -l
    for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
    do
    echo -n " - Adding $i ";
    $ZMPROV createAccount $i passwd > /dev/null;
    RES=$?
    if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
    done

    # Delete old users
    echo -n "Old users: "
    cat $DIF_TMP | grep ^- | wc -l
    for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);
    do
    echo -n " - Deleting $i ";
    $ZMPROV deleteAccount $i > /dev/null;
    RES=$?
    if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
    done


    # Clean up diff list
    rm -f $DIF_TMP
    and its OK,then i cat login to my new user by AD password,then I change my Password from AD.and my user can login by old and new password,then I change my password again and now my user can login with second and third password!!!!!
    and so on

Similar Threads

  1. Change Password not working with Active Directory
    By pornsakb in forum Administrators
    Replies: 8
    Last Post: 05-15-2011, 01:41 AM
  2. Replies: 1
    Last Post: 05-28-2008, 05:18 AM
  3. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 10:30 AM
  4. Replies: 1
    Last Post: 08-11-2006, 08:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •