[SOLVED] External LDAP Authentication failover

[lwhite]

I am using Zimbra 5.0.10 on Ubuntu 8.04 on Xen 3.2. I have External LDAP Authentication setup against another server in my domain and that is all working fine.

However, I would like to create some mailboxes (support, info, etc) that are shared mailboxes between multiple users. As a result, I would like to avoid creating these mailboxes as "users" in my LDAP store. I believe, from various sources and specifically from the LDAP Auth wiki page (LDAP Authentication - Zimbra :: Wiki towards the bottom), that I should be able to create the account in Zimbra and *assign* a password (for normal users I do not assign a password so that they are forced to use the LDAP password) and avoid the user creation in LDAP.

Problem is, I get authentication errors when I try to log in as the user. Upon review of the LDAP logs, I can clearly see that Zimbra is attempting to look up the user in LDAP which is, obviously, failing. Is there a way to convince Zimbra that users auth'ing against just Zimbra are legit?

[mmorse]

Welcome to the forums,

su - zimbra
zmprov md domain.com zimbraAuthFallbackToLocal TRUE

Global & domain admin accounts automatically have fallback auth 'set' (both admin console and web-client) in-case your external LDAP/AD auth is unavailable or configured improperly.

If you have any accounts with passwords besides '' (null) & your external ldap auth is down they can use that password - you may want to set:
zmprov mc COSname zimbraFeatureChangePasswordEnabled FALSE

[lwhite]

Looks like I made a good guess on the name of the thread . Worked like a charm.

On the other aspect, I already do have "change pass" disabled, I am looking forward to seeing the write-through on passwords as are others elsewhere on the forums