Our users have obscure usernames (ex: w00005414) but they match the account names in Active Directory so setting up AD authentication from Zimbra was simple. Since the obscure name causes some issues in Zimbra we want to see about switching the Zimbra account names over to lastname_firstname which will break the Active Directory authentication.
I guess I have 3 paths....
1. The admin guide mentions a "Custom Authentication" piece in Zimbra, we could use that to map the lastname_firstname over to the person's Active Directory account name and keep using Active Directory (is this easy? has anyone done it?)
2. When a user changes their password for Active Directory through our password management web page we could capture it and send it over to Zimbra and sync the password for the matching lastname_firstname account in Zimbra (is there a way to change a user's password in Zimbra through a command line tool or something?)
3. Have Zimbra do internal authentication and just keep the Zimbra password totally separate from Active Directory.... and start working on my resume
Bugzilla
Wiki
Source
Best approach to authentication dilemma 
Linear Mode
