Results 1 to 5 of 5

Thread: Active Directory and Zimbra Sync Time....

Hybrid View

  1. #1
    Join Date
    Oct 2008
    Location
    Uk
    Posts
    67
    Rep Power
    7

    Talking Active Directory and Zimbra Sync Time....

    Good Afternoon

    I would just like to state now that im not sure I can explain this in great detail without the info that I need to share so if you could bare with me that would be great

    My current setup...

    Windows 2008 R2 - Active Directory (500+users)
    Centos 5.8 - Zimbra (Version 7.1.2_GA_3268)

    Ok here goes...

    We currently use our Active directory to sync all our usernames/passwords to zimbra so basically when a user changes their password on their Windows machine (which is every 36 days for example) it changes it for their Mail account also..

    We have found this to cause problems with our Mobile Phone users (iPhones) as when they then go to change the mail password on their phone to the new password it says it cannot be authenticated as they are using a wrong username and password..

    Im purely guessing that there is a time when our AD pings out the new password to the Zimbra box so it knows its changed and the users are putting the password in too quick...

    So now we try and change the mail password on the iphone after a minute or two but by then the account has been locked out after 10 failed attempts..

    This is kind of strange but I was wondering if anyone knew the timescale of when this exchange of information occurs between the Active Directory and Zimbra so we can fine tune it or just know whats going on?

    Any information would be spiffing

    Thanks in advance

    Simon
    Heavy Metal Ftw

  2. #2
    Join Date
    Sep 2008
    Location
    Brazil
    Posts
    50
    Rep Power
    7

    Default

    Quote Originally Posted by JimBobCook View Post
    Good Afternoon

    I would just like to state now that im not sure I can explain this in great detail without the info that I need to share so if you could bare with me that would be great

    My current setup...

    Windows 2008 R2 - Active Directory (500+users)
    Centos 5.8 - Zimbra (Version 7.1.2_GA_3268)

    Ok here goes...

    We currently use our Active directory to sync all our usernames/passwords to zimbra so basically when a user changes their password on their Windows machine (which is every 36 days for example) it changes it for their Mail account also..

    We have found this to cause problems with our Mobile Phone users (iPhones) as when they then go to change the mail password on their phone to the new password it says it cannot be authenticated as they are using a wrong username and password..

    Im purely guessing that there is a time when our AD pings out the new password to the Zimbra box so it knows its changed and the users are putting the password in too quick...

    So now we try and change the mail password on the iphone after a minute or two but by then the account has been locked out after 10 failed attempts..

    This is kind of strange but I was wondering if anyone knew the timescale of when this exchange of information occurs between the Active Directory and Zimbra so we can fine tune it or just know whats going on?

    Any information would be spiffing

    Thanks in advance

    Simon
    Hello friend you could tell me how you joined the zimbra to authenticate to Active Directory?




    thank you

  3. #3
    Join Date
    Oct 2008
    Location
    Uk
    Posts
    67
    Rep Power
    7

    Default

    Halley, Thanks for the quick reply

    We are using the External LDAP function in the Authentication section in Zimbra

    Cheers
    Heavy Metal Ftw

  4. #4
    Join Date
    Oct 2008
    Location
    Uk
    Posts
    67
    Rep Power
    7

    Default

    This doesn't look good for me lol
    Heavy Metal Ftw

  5. #5
    Join Date
    Aug 2011
    Location
    Overland Park, KS
    Posts
    24
    Rep Power
    4

    Default

    You may have figured this out on your own, but it does seem that after an AD password change, the Zimbra servers will continue to use the old password for a while...

    However, the way we've found to solve the AD lock-out problem from Smartphones, is as the first step of a password change, have the user put the phone into "Airplane Mode." And while in Airplane mode, the password can be changed, although it will complain about not being able to connect. Then once the password has changed and the user is able to logon to Zimbra using the new password from a computer, the phone is taken out of "Airplane Mode."

    That solved the problem of AD lockouts every time there was an AD password change.

    Have a good day!

    Mark
    Release 7.2.2_GA_2852.SLES11_64_20121204211855 SLES11_64 NETWORK edition.

Similar Threads

  1. Active Directory sync with zimbra-dap
    By milesteg in forum Migration
    Replies: 13
    Last Post: 06-11-2013, 02:16 PM
  2. Replies: 2
    Last Post: 08-11-2009, 06:06 AM
  3. Replies: 0
    Last Post: 01-26-2009, 05:25 AM
  4. Using Zimbra with Active Directory
    By elesouef in forum Administrators
    Replies: 10
    Last Post: 11-09-2006, 06:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •