Is there a way to disable internal authentication for non-admin user?

[foizy]

Hello,
I'm now using External LDAP as an authentication method for Zimbra. Is there a way to disable internal authentication for non-admin account? From my knowledge, Having two password that can be used to enter same services is not considered safe.

As far as I know, If I enter no password for user when I create new account on Zimbra. When user successfully logon via external authen, Password will be set on Zimbra. Then user can change internal zimbra password. But existing user that has an zimbra account will be able to use both password to enter zimbra.

Currently, I think it is not easy to do some password sync between Zimbra and external LDAP. Disabling Zimbra internal auth might be a better way to do - But can I do that?

PS. Admin might have to be able to login using internal auth, In case of emergency (LDAP down).

[foizy]

Let me bump this thread.

[qsdk]

I have same problem too

[chauvetp]

On our Zimbra install, the only way the internal password authenticates is if the user is set as an administrator. We're using LDAP authentication as well and I don't remember changing anything to accomplish this.

If that's not happening for you - can you set a really long 'bogus' password for each account and set the password to be locked? When we create accounts we set a 12 character long random password (in case the functionality I mentioned at the top ever changes) via our account creation scripts. This password is never disclosed to the user.