we use a mixed environnement, some users auth on ldap server (samba AD) , others on zimbra server.
i have a problem, if a user who previously existed only on the zimbra server is added on the ldap, when he changes his password on ldap, his old password still remain active on zimbra server, and he can still connect with his old password.
how i can purge (delete) his password on zimbra server?
i've found a workaround, if i disable ldap auth, and set "empy password option" allowed, i can set user password to nothing using "zmprov sp user "" ", and after reactivate ldap auth and "empty password option" re-set to forbiden, user cannot any longer log locally, but it' really dirty
no better solution? (maybe cli command, or deleting a ldap object in zimbra server?)
Authentication Bypass in MailboxImportServlet vulnerability (reminder)
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 32 guests