disable ldap authentication for special users / mixed auth methods

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
harry12345
Posts: 34
Joined: Sat Sep 13, 2014 2:23 am

disable ldap authentication for special users / mixed auth methods

Postby harry12345 » Mon Jan 29, 2018 1:58 pm

Hi,

most of our zimbra accounts have an external ldap reference; attribute zimbraAuthLdapExternalDn is set.
But some special users do not have an external ldap-account; the external ldap auth field is empty.

Zimbras first authentication method is every time to auth against the external ldap
If this method failed then zimbra uses the local fall back to zimbra default auth mechanism.

How can I configure zimbra or the special accounts which have no external ldap binding, to use the zimbra default auth mechanism?

This is a part of our log

Code: Select all

2018-01-29 14:49:00,053 WARN  [ImapServer-92] [ip=192.168.19.212;] account - ldapAuthenticate searchFilter returned more then one result: (dn1=cn=user1,ou=users,dc=example,dc=de, dn2=cn=user2,ou=users,dc=example,dc=de, filter=isMemberOf=cn=users,ou=groups,dc=example,dc=de)
2018-01-29 14:49:00,054 WARN  [ImapServer-92] [ip=192.168.19.212;] account - ldap auth for domain example.de failed, fall back to zimbra default auth mechanism
com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for [testuser_internal]
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
        at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:149)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5666)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5602)
        at com.zimbra.cs.account.auth.AuthMechanism$LdapAuth.doAuth(AuthMechanism.java:291)
        at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPasswordInternal(LdapProvisioning.java:5739)
        at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPassword(LdapProvisioning.java:5704)
--
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for []
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
        at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:161)
        at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5518)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5654)
        ... 39 more
2018-01-29 14:49:00,056 INFO  [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - user testuser_internal@example.de authenticated, mechanism=PLAIN
2018-01-29 14:49:00,057 INFO  [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - AUTHENTICATE elapsed=27


regards,
Harry


User avatar
jasggomes
Advanced member
Advanced member
Posts: 76
Joined: Sat Sep 13, 2014 12:59 am
Location: Lisbon, PT
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
Contact:

Re: disable ldap authentication for special users / mixed auth methods

Postby jasggomes » Tue Jan 29, 2019 9:46 am

+1

Also interested in to know this solution.
User avatar
DualBoot
Elite member
Elite member
Posts: 1073
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: disable ldap authentication for special users / mixed auth methods

Postby DualBoot » Tue Jan 29, 2019 9:54 am

Hello,

You can't unless your other accounts are in an other domain.
Zimbra provides 3 possibles authentication option :
- internal
- external
- internal and external

Regards,
User avatar
jasggomes
Advanced member
Advanced member
Posts: 76
Joined: Sat Sep 13, 2014 12:59 am
Location: Lisbon, PT
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
Contact:

Re: disable ldap authentication for special users / mixed auth methods

Postby jasggomes » Tue Jan 29, 2019 11:29 am

DualBoot wrote:Hello,

You can't unless your other accounts are in an other domain.
Zimbra provides 3 possibles authentication option :
- internal
- external
- internal and external

Regards,


Thank you for your reply.

Well, pretty much after writing on these threads I managed to find the setting that allows to use both Internal and External.

For future reference to others, it is on::

Configure -> Domains -> <domain to be configured> ->edit
then
Authentication -> click the checkbox 'If fail,fail back to local password management'.

This solved the question to me, as my accounts now can log on using local authentication.

Regards.
JG

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 25 guests