Results 1 to 7 of 7

Thread: Native & Active Directory password

  1. #1
    qsdk is offline Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default Native & Active Directory password

    hi,
    I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
    I don't know where is my mistake!!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,506
    Rep Power
    57

    Default

    Quote Originally Posted by qsdk View Post
    hi,
    I use Zimbra Release 5.0.5 and Authentication with external AD ,but when I change my password in AD my user can log in with old and new password.
    I don't know where is my mistake!!
    There is currently no method of synchronising the passwords in an external ldap & Zimbra. You may want to vote on this bug: Bug 6353 – Unable to change password when using External LDAP authentication and use the script in comment #19 to sync the passwords.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    qsdk is offline Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default change in AD

    Dear Phoenix
    My Users change their password on Domain Controller ( MS Active Directory) and then they can login by new password and old password too !!!
    I want to know how can i sync my local ldap and external AD? or disable my local ldap authenticate
    Last edited by qsdk; 03-02-2010 at 05:09 AM.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Code:
    su - zimbra
    zmprov md domain.com zimbraAuthFallbackToLocal FALSE

  5. #5
    qsdk is offline Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,506
    Rep Power
    57

    Default

    Quote Originally Posted by qsdk View Post
    I want to know how can i sync my local ldap and external AD?
    I've already given you the answer to that, there's a script in the bug report that will do it. Have you actually tried it?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    qsdk is offline Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Rep Power
    5

    Default

    yes ,
    I do this job but doesnt work.
    I describe my problem : I have a Shell script that add AD user to my ZImbra by ldapsearch
    #!/bin/bash
    # zsync_ad.sh is a script thant syncs AD users and Zimbra users
    # It is unidirectional, just replicates changes from AD to ZCS
    # Developed on by Eduardo Gonzalez <egrueda at gmail dot com>
    # Testing version 0.6 - Use at your own risk

    LDAPSEARCH=ldapsearch
    ZMPROV=/opt/zimbra/bin/zmprov
    DOMAIN_NAME="test.com"
    TIMESTAMP=`date +%N`
    TMP_DIR=/tmp
    ADS_TMP=$TMP_DIR/users_ads_$TIMESTAMP.lst
    ZCS_TMP=$TMP_DIR/users_zcs_$TIMESTAMP.lst
    DIF_TMP=$TMP_DIR/users_dif_$TIMESTAMP.lst

    # Server values
    LDAP_SERVER="ldap://192.168.0.143"
    BASEDN="dc=test,dc=com"
    BINDDN="CN=zimbra,DC=test,DC=com"
    BINDPW="zimbra"
    FILTER="(&(sAMAccountName=*)(objectClass=user)(giv enName=*))"
    FIELDS="mail"

    # Extract users from ADS
    echo -n "Quering ADS... "
    $LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | \
    grep "@$DOMAIN_NAME" | \
    awk '{print $2}' | \
    sort > $ADS_TMP
    echo "Found `cat $ADS_TMP | wc -l` users ($ADS_TMP)"

    # Extract users from ZCS
    echo -n "Quering ZCS... "
    $ZMPROV gaa $DOMAIN_NAME > $ZCS_TMP
    echo "Found `cat $ZCS_TMP | wc -l` users ($ZCS_TMP)"

    # Generate diff
    echo "Generating diff file ($DIF_TMP)"
    diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP

    # Clean up users list
    rm -f $ADS_TMP $ZCS_TMP

    # Import new users
    echo -n "New users: "
    cat $DIF_TMP | grep ^+ | wc -l
    for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
    do
    echo -n " - Adding $i ";
    $ZMPROV createAccount $i passwd > /dev/null;
    RES=$?
    if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
    done

    # Delete old users
    echo -n "Old users: "
    cat $DIF_TMP | grep ^- | wc -l
    for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);
    do
    echo -n " - Deleting $i ";
    $ZMPROV deleteAccount $i > /dev/null;
    RES=$?
    if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
    done


    # Clean up diff list
    rm -f $DIF_TMP
    and its OK,then i cat login to my new user by AD password,then I change my Password from AD.and my user can login by old and new password,then I change my password again and now my user can login with second and third password!!!!!
    and so on

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Change Password not working with Active Directory
    By pornsakb in forum Administrators
    Replies: 8
    Last Post: 05-15-2011, 12:41 AM
  2. Replies: 1
    Last Post: 05-28-2008, 04:18 AM
  3. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 09:30 AM
  4. Replies: 1
    Last Post: 08-11-2006, 07:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •