zmprov setPassword (or create account, for that matter) is just going to take that string and use it as the actual password, which obviously isn't what you want.
There is a way to do what you want, but it isn't all that pretty
You could:
- create all the users Zimbra (random passwords are fine)
- using LDAP utils (ldapmodify, etc) replace the userPassword attribute with your crypt version
- Configure Zimbra to use an external LDAP server for authentication, but then point it back to itself. This will cause it to do an LDAP bind on authentication, which will then work with the crypt'd password. If you don't configure to this way, we skip the bind step and just do the SSHA compare internally (as an optimization).
If anyone changes their password from within Zimbra, the {crypt} version will be replaced with {SSHA} version, which may or may not be what you want.
Another option if you go this route is to require people to change their passwords on first login (fixed in next release), which will upgrade everyone to SSHA eventually, at which point you can just use internal auth again.
roland