disable ldap authentication for special users / mixed auth methods

[harry12345]

Hi,

most of our zimbra accounts have an external ldap reference; attribute zimbraAuthLdapExternalDn is set.
But some special users do not have an external ldap-account; the external ldap auth field is empty.

Zimbras first authentication method is every time to auth against the external ldap
If this method failed then zimbra uses the local fall back to zimbra default auth mechanism.

How can I configure zimbra or the special accounts which have no external ldap binding, to use the zimbra default auth mechanism?

This is a part of our log

Code: Select all

2018-01-29 14:49:00,053 WARN  [ImapServer-92] [ip=192.168.19.212;] account - ldapAuthenticate searchFilter returned more then one result: (dn1=cn=user1,ou=users,dc=example,dc=de, dn2=cn=user2,ou=users,dc=example,dc=de, filter=isMemberOf=cn=users,ou=groups,dc=example,dc=de)
2018-01-29 14:49:00,054 WARN  [ImapServer-92] [ip=192.168.19.212;] account - ldap auth for domain example.de failed, fall back to zimbra default auth mechanism
com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for [testuser_internal]
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
        at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:149)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5666)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5602)
        at com.zimbra.cs.account.auth.AuthMechanism$LdapAuth.doAuth(AuthMechanism.java:291)
        at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPasswordInternal(LdapProvisioning.java:5739)
        at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPassword(LdapProvisioning.java:5704)
--
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for []
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
        at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:161)
        at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5518)
        at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5654)
        ... 39 more
2018-01-29 14:49:00,056 INFO  [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - user testuser_internal@example.de authenticated, mechanism=PLAIN
2018-01-29 14:49:00,057 INFO  [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - AUTHENTICATE elapsed=27

regards,
Harry

[jasggomes]

+1

Also interested in to know this solution.

[DualBoot]

Hello,

You can't unless your other accounts are in an other domain.
Zimbra provides 3 possibles authentication option :
- internal
- external
- internal and external

Regards,

[jasggomes]

Hello,

You can't unless your other accounts are in an other domain.
Zimbra provides 3 possibles authentication option :
- internal
- external
- internal and external

Regards,

Thank you for your reply.

Well, pretty much after writing on these threads I managed to find the setting that allows to use both Internal and External.

For future reference to others, it is on::

Configure -> Domains -> <domain to be configured> ->edit
then
Authentication -> click the checkbox 'If fail,fail back to local password management'.

This solved the question to me, as my accounts now can log on using local authentication.

Regards.
JG