We recently got in charge of an existing Zimbra installation, and the IT guy told me that users couldn’t change their password.
At first I thought there was external authentication enabled against their AD/LDAP directory, but checking in the domain settings the auth was internal.
Then by digging into Zimbra configuration attrs list, and searching first for password, on the second page I find an intriguing parameter:
zimbraPasswordLocked : user is unable to change password
so it goes without saying:
zmprov mc default zimbraPasswordLocked FALSE
change default with your Class of Service (CoS) if you’re not using the default one, and you’re done.