Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
How to switch from External Auth to Internal Auth with GAL Sync
When I set up my zimbra server I configured it for External Authorization to an AD server.
I have now come to realise what this means in terms of not being able to create temporary test email accounts, and not being able to log into email if the AD is unavailable for any reason.
I believe that having local authorization with GAL Sync from the external AD to Zimbra would better suit my needs.
Am I correct in this?
Assuming a user updates their password on the network - how long would it take for that change to take affect in zimbra?
Do password changes go both ways? If user changed their zimbra password - would it update the AD password? Or it it one-way from the AD to zimbra?
Are there any gotchas associated with configuring it this way?
Could anyone kindly give me a step-by-step howto guide for what I need to do to make the switch.
Zimbra will not perform bi-directional password synchronisation. There is no reason why you cannot have a mixture of local or AD authentication. If AD is not available and you have set zimbraAuthFallbackToLocal to be TRUE then it will look at the local Zimbra password.
In Admin UI I have "change password" function disabled since i've setup
Zimbra to use external auth.
We have noticed the same behaviour and as far as I can tell this has been introduced with Zimbra 7. I presume this is intended behaviour?
But in case you set zimbraAuthFallbackToLocal to TRUE (which we have for a number of domains) it is still not possible to change or set a password for an account using the Admin UI. That seems more like a bug to me.
Bugzilla
Wiki
Source
How to switch from External Auth to Internal Auth with GAL Sync 
Linear Mode
