I recently setup an external LDAP server to work with Zimbra and had everyone change their userPassword, and this was successful and is working great. My problem is that even though I have:

zimbraAuthFallbackToLocal: FALSE

set to on all my domains, users are still being authenticated against the internal ldap server if the external fails. For example when I attempt to login to the domain with the password that is in the internal ldap but not external, I get this message in mailbox.log:

2010-11-12 13:06:02,518 WARN [btpool0-1465://localhost/service/soap/AuthRequest] [;oip=x.x.x.x;ua=zclient/6.0.6_GA_2330.RHEL5_64;] account - ldap auth for domain failed, fall back to zimbra default auth mechanism

Like I said I have, zimbraAuthFallbacktoLocal set to false for all domains, and I even cleared the ldap cache and restarted the server, but it still authenticates against the internal ldap server. I know I could overwrite all the passwords or set them to null in zimbras ldap, but I'd rather not do that in case for some reason I have to revert back.

So simply, what am I missing that if the user fails auth in the external ldap, it fails completely?

Thank you, and I apologize if this has been answered before, I've searched and seen no one else with exactly the same issue as I have.