Results 1 to 5 of 5

Thread: Disable local authentication with an external ldap

  1. #1
    Join Date
    May 2007
    Posts
    4
    Rep Power
    8

    Question Disable local authentication with an external ldap

    I recently installed the latest version of Zimbra. I created users with a default known password to facilitate syncing of emails from the old server to Zimbra. Once the ldapsync was finished Zimbra was reconfigured to authenticate with our external ldap server.
    However users can now log in with both the password on the external ldap and the password configured locally on Zimbra
    Is there a way to prevent users from authenticating locally when an external ldap is selected?

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    In the administration console, you probably have authentication set to "BOTH". Change that.

  3. #3
    Join Date
    May 2007
    Posts
    4
    Rep Power
    8

    Default

    Thanks for the reply,
    Could you be more specific? I cant see anywhere where authentication can be set to 'BOTH'

    From the graphical interface:
    In the domain, authentication is set to: 'Authentication mechanism: External LDAP'

    And from the command line it shows just the external ldap

    Code:
    [zimbra@mail root]$ zmprov gd mydomain.com | grep Auth
    zimbraAuthLdapSearchBase: dc=mydomain,dc=com
    zimbraAuthLdapSearchBindDn: cn=Manager,dc=mydomain,dc=com
    zimbraAuthLdapSearchBindPassword: xXxXx
    zimbraAuthLdapSearchFilter: (uid=%u)
    zimbraAuthLdapURL: ldap://myldapserver:389
    zimbraAuthMech: ldap

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    There is no current option to fix the problem of having two password. However, what you are asking for will give rise to the user being unable to get email if external LDAP goes down. To get round tha you might want to set the following:
    Code:
    zmprov md <domain> zimbraAuthFallbackToLocal TRUE
    which will fallback to the zimbra ldap for authentication. If you consider the current set-up a problem then vote on this bug.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    May 2007
    Posts
    4
    Rep Power
    8

    Default

    Thanks for the reply,
    I can solve my issue by setting zimbraAuthFallbackToLocal to FALSE.
    Cheers

Similar Threads

  1. External LDAP with GSSAPI authentication method
    By izvictor in forum Installation
    Replies: 17
    Last Post: 03-11-2009, 09:14 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 05:29 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •