most of our zimbra accounts have an external ldap reference; attribute zimbraAuthLdapExternalDn is set.
But some special users do not have an external ldap-account; the external ldap auth field is empty.
Zimbras first authentication method is every time to auth against the external ldap
If this method failed then zimbra uses the local fall back to zimbra default auth mechanism.
How can I configure zimbra or the special accounts which have no external ldap binding, to use the zimbra default auth mechanism?
This is a part of our log
Code: Select all
2018-01-29 14:49:00,053 WARN [ImapServer-92] [ip=192.168.19.212;] account - ldapAuthenticate searchFilter returned more then one result: (dn1=cn=user1,ou=users,dc=example,dc=de, dn2=cn=user2,ou=users,dc=example,dc=de, filter=isMemberOf=cn=users,ou=groups,dc=example,dc=de)
2018-01-29 14:49:00,054 WARN [ImapServer-92] [ip=192.168.19.212;] account - ldap auth for domain example.de failed, fall back to zimbra default auth mechanism
com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for [testuser_internal]
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:149)
at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5666)
at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5602)
at com.zimbra.cs.account.auth.AuthMechanism$LdapAuth.doAuth(AuthMechanism.java:291)
at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPasswordInternal(LdapProvisioning.java:5739)
at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPassword(LdapProvisioning.java:5704)
--
at java.lang.Thread.run(Thread.java:748)
Caused by: com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for []
ExceptionId:ImapServer-92:1517233740054:51a3ab768d6e82b4
Code:account.AUTH_FAILED
at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:161)
at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5518)
at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:5654)
... 39 more
2018-01-29 14:49:00,056 INFO [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - user testuser_internal@example.de authenticated, mechanism=PLAIN
2018-01-29 14:49:00,057 INFO [ImapServer-92] [name=testuser_internal@example.de;ip=192.168.19.212;] imap - AUTHENTICATE elapsed=27
Harry