Native & Active Directory password

[qsdk]

hi,
I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
I don't know where is my mistake!!

[phoenix]

Quote:

Originally Posted by qsdk

hi,
I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
I don't know where is my mistake!!

There is currently no method of synchronising the passwords in an external ldap & Zimbra. You may want to vote on this bug: Bug 6353 – Unable to change password when using External LDAP authentication and use the script in comment #19 to sync the passwords.

[qsdk]

Dear Phoenix
My Users change their password on Domain Controller ( MS Active Directory) and then they can login by new password and old password too !!!
I want to know how can i sync my local ldap and external AD? or disable my local ldap authenticate

[uxbod]

Code:

su - zimbra
zmprov md domain.com zimbraAuthFallbackToLocal FALSE

[qsdk]

it my problem:
Is there a way to disable internal authentication for non-admin user?

[phoenix]

Quote:

Originally Posted by qsdk

I want to know how can i sync my local ldap and external AD?

I've already given you the answer to that, there's a script in the bug report that will do it. Have you actually tried it?

[qsdk]

yes ,
I do this job but doesnt work.
I describe my problem : I have a Shell script that add AD user to my ZImbra by ldapsearch

Quote:

#!/bin/bash
# zsync_ad.sh is a script thant syncs AD users and Zimbra users
# It is unidirectional, just replicates changes from AD to ZCS
# Developed on by Eduardo Gonzalez <egrueda at gmail dot com>
# Testing version 0.6 - Use at your own risk

LDAPSEARCH=ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
DOMAIN_NAME="test.com"
TIMESTAMP=`date +%N`
TMP_DIR=/tmp
ADS_TMP=$TMP_DIR/users_ads_$TIMESTAMP.lst
ZCS_TMP=$TMP_DIR/users_zcs_$TIMESTAMP.lst
DIF_TMP=$TMP_DIR/users_dif_$TIMESTAMP.lst

# Server values
LDAP_SERVER="ldap://192.168.0.143"
BASEDN="dc=test,dc=com"
BINDDN="CN=zimbra,DC=test,DC=com"
BINDPW="zimbra"
FILTER="(&(sAMAccountName=*)(objectClass=user)(giv enName=*))"
FIELDS="mail"

# Extract users from ADS
echo -n "Quering ADS... "
$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | \
grep "@$DOMAIN_NAME" | \
awk '{print $2}' | \
sort > $ADS_TMP
echo "Found `cat $ADS_TMP | wc -l` users ($ADS_TMP)"

# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

# Generate diff
echo "Generating diff file ($DIF_TMP)"
diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP

# Clean up users list
rm -f $ADS_TMP $ZCS_TMP

# Import new users
echo -n "New users: "
cat $DIF_TMP | grep ^+ | wc -l
for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
do
echo -n " - Adding $i ";
$ZMPROV createAccount $i passwd > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done

# Delete old users
echo -n "Old users: "
cat $DIF_TMP | grep ^- | wc -l
for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);
do
echo -n " - Deleting $i ";
$ZMPROV deleteAccount $i > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done


# Clean up diff list
rm -f $DIF_TMP

and its OK,then i cat login to my new user by AD password,then I change my Password from AD.and my user can login by old and new password,then I change my password again and now my user can login with second and third password!!!!!
and so on