Setting password policies in Zimbra when using local password fallback

Zimbra’s web admin doesn’t let you modify the password settings for a COS if at least one domain is configured to use LDAP/Active Directory for authentication, regardless of whether zimbraAuthFallbackToLocal is TRUE for that domain. I’m sure this is a bug in the interface, but never fear, the command line will save us.

Simply login to your server, then:

su -l zimbra
zmprov gac -v | grep Password | sort | uniq

That will show you all the attributes you can set. I use sort + uniq in the above example because the ‘gac’ option to zmprov means “get all COS” and the -v means show all attributes and their values. Since I have multiple classes of service, that would display all attributes and their values for all classes of service. In the example above, we only want to know what attributes are available to configure:

zimbraFeatureChangePasswordEnabled: TRUE
zimbraMobilePolicyAllowSimpleDevicePassword: FALSE
zimbraMobilePolicyAlphanumericDevicePasswordRequired: FALSE
zimbraMobilePolicyDevicePasswordEnabled: TRUE
zimbraMobilePolicyDevicePasswordExpiration: 0
zimbraMobilePolicyDevicePasswordHistory: 8
zimbraMobilePolicyMaxDevicePasswordFailedAttempts: 4
zimbraMobilePolicyMinDevicePasswordComplexCharacters: 0
zimbraMobilePolicyMinDevicePasswordLength: 4
zimbraMobilePolicyPasswordRecoveryEnabled: TRUE
zimbraPasswordEnforceHistory: 10
zimbraPasswordLocked: FALSE
zimbraPasswordLockoutDuration: 1h
zimbraPasswordLockoutEnabled: FALSE
zimbraPasswordLockoutEnabled: TRUE
zimbraPasswordLockoutFailureLifetime: 1h
zimbraPasswordLockoutMaxFailures: 10
zimbraPasswordMaxAge: 0
zimbraPasswordMaxLength: 64
zimbraPasswordMinAge: 0
zimbraPasswordMinAlphaChars: 1
zimbraPasswordMinDigitsOrPuncs: 1
zimbraPasswordMinLength: 18
zimbraPasswordMinLowerCaseChars: 1
zimbraPasswordMinNumericChars: 1
zimbraPasswordMinPunctuationChars: 1
zimbraPasswordMinUpperCaseChars: 1

The name of the attributes pretty much sum up what they do, so let’s say you wanted to set the minimum required length of passwords for the COS named “” to 18 characters, here’s the command you’d use:

zmprov mc zimbraPasswordMinLength 18

For more information, type:

zmprov help cos