Disable local authentication with an external ldap

[turmace]

I recently installed the latest version of Zimbra. I created users with a default known password to facilitate syncing of emails from the old server to Zimbra. Once the ldapsync was finished Zimbra was reconfigured to authenticate with our external ldap server.
However users can now log in with both the password on the external ldap and the password configured locally on Zimbra
Is there a way to prevent users from authenticating locally when an external ldap is selected?

[jholder]

In the administration console, you probably have authentication set to "BOTH". Change that.

[turmace]

Thanks for the reply,
Could you be more specific? I cant see anywhere where authentication can be set to 'BOTH'

From the graphical interface:
In the domain, authentication is set to: 'Authentication mechanism: External LDAP'

And from the command line it shows just the external ldap

Code:

[zimbra@mail root]$ zmprov gd mydomain.com | grep Auth
zimbraAuthLdapSearchBase: dc=mydomain,dc=com
zimbraAuthLdapSearchBindDn: cn=Manager,dc=mydomain,dc=com
zimbraAuthLdapSearchBindPassword: xXxXx
zimbraAuthLdapSearchFilter: (uid=%u)
zimbraAuthLdapURL: ldap://myldapserver:389
zimbraAuthMech: ldap

[phoenix]

There is no current option to fix the problem of having two password. However, what you are asking for will give rise to the user being unable to get email if external LDAP goes down. To get round tha you might want to set the following:

Code:

zmprov md <domain> zimbraAuthFallbackToLocal TRUE

which will fallback to the zimbra ldap for authentication. If you consider the current set-up a problem then vote on this bug.

[turmace]

Thanks for the reply,
I can solve my issue by setting zimbraAuthFallbackToLocal to FALSE.
Cheers