My data security folks pointed out that when a user changes their password, they don't get logged out of Zimbra. We use external LDAP authentication, so Zimbra itself would have no way to know their password has even been changed... after all, it worked last time they had to authenticate, and sessions can be long-lived. The only way I can think of to fix this is to have the password-change app on the LDAP portal send a request to Zimbra to log the user out. I can't find any command to do this in the soap docs or zmprov help, and google hasn't found me anything but other users asking the same question with no response. Can Zimbra really not do this? Or am I blind and not looking for the correct thing in the docs? Seems like this would be a basic security feature if you suspect an account might have been compromised to kick out the potential attacker, too.

Thanks!