Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Notify Locked/Inactive accounts

  1. #1
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default Notify Locked/Inactive accounts

    Is there any way to notify the admin when any account went lock/inactive?

  2. #2
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Well since an account being marked as Locked would require an admin to do this manually in the first place... why should the Administrator be notified about the action they just took?

  3. #3
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by ArcaneMagus View Post
    Well since an account being marked as Locked would require an admin to do this manually in the first place... why should the Administrator be notified about the action they just took?
    Is it possible to implement these notifications? I just want to know which users are probably no longer (inactive) working with us. Cause very often HR forget to ask me to close their account.

  4. #4
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Are you asking for a notification of when an account gets locked (not an automatic process... as I said this is a manual action of the Administrator), or a notification of when a user has been inactive for x days?

  5. #5
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by ArcaneMagus View Post
    Are you asking for a notification of when an account gets locked (not an automatic process... as I said this is a manual action of the Administrator), or a notification of when a user has been inactive for x days?
    Both ArcaneMagnus, but for my job the "inactive" notification is more useful.

  6. #6
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change. The line would look something like this:
    Code:
    2009-11-16 15:55:13,715 INFO  [btpool0-767://email.domain.com:7071/service/admin/soap/ModifyAccountRequest] [name=admin@domain.com;mid=2;ip=192.168.1.244;ua=ZimbraWebClient - [unknown] (Win);] security - cmd=ModifyAccount; name=user1@domain.com; zimbraMailStatus=enabled; zimbraAccountStatus=locked;
    As for the second of getting a notification of when an account has been inactive for a long period of time, your best bet would be to either use the built in "Inactive Accounts" searches for 30 or 90 days, or adding your own custom one following along the model of those two searches. You would need to add this via the command line though since you can't put in a dynamic search on the time stamp in the web UI. Here is an example for a 60 day search:
    Code:
    zmprov ma admin@domain.com +zimbraAdminSavedSearches "Inactive Accounts (60 days) : (zimbraLastLogonTimestamp<=###JSON:{func: ZaSearch.getTimestampByDays, args:[-60]}###)"
    But this isn't really a notification, if you specifically wanted a notification the only way that I could think of would be to write a script that parsed the output of
    Code:
    zmprov ga user1@domain.com | grep "zimbraLastLogonTimestamp:"
    for every account and determined if it was past your threshold. Put this script in a cron job to run every week or so and email you the results.

  7. #7
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by ArcaneMagus View Post
    To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change. The line would look something like this:
    Code:
    2009-11-16 15:55:13,715 INFO  [btpool0-767://email.domain.com:7071/service/admin/soap/ModifyAccountRequest] [name=admin@domain.com;mid=2;ip=192.168.1.244;ua=ZimbraWebClient - [unknown] (Win);] security - cmd=ModifyAccount; name=user1@domain.com; zimbraMailStatus=enabled; zimbraAccountStatus=locked;
    As for the second of getting a notification of when an account has been inactive for a long period of time, your best bet would be to either use the built in "Inactive Accounts" searches for 30 or 90 days, or adding your own custom one following along the model of those two searches. You would need to add this via the command line though since you can't put in a dynamic search on the time stamp in the web UI. Here is an example for a 60 day search:
    Code:
    zmprov ma admin@domain.com +zimbraAdminSavedSearches "Inactive Accounts (60 days) : (zimbraLastLogonTimestamp<=###JSON:{func: ZaSearch.getTimestampByDays, args:[-60]}###)"
    But this isn't really a notification, if you specifically wanted a notification the only way that I could think of would be to write a script that parsed the output of
    Code:
    zmprov ga user1@domain.com | grep "zimbraLastLogonTimestamp:"
    for every account and determined if it was past your threshold. Put this script in a cron job to run every week or so and email you the results.
    Thanks ArcaneMagus, you're the man

  8. #8
    Join Date
    Jul 2010
    Location
    NH
    Posts
    15
    Rep Power
    5

    Default

    Has anyone gotten this to work? It would be extremely helpful if i could get notified when an account gets locked out. I see the code above but not sure exactly what to enter in the places where it would be specific to our server name etc. Or where to run line from, does it need to be a cron job on the server??

    Thanks-Jim

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by jimm View Post
    Has anyone gotten this to work? It would be extremely helpful if i could get notified when an account gets locked out. I see the code above but not sure exactly what to enter in the places where it would be specific to our server name etc. Or where to run line from, does it need to be a cron job on the server??
    It tells you in one of the earlier posts:

    Quote Originally Posted by ArcaneMagus View Post
    To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Jul 2010
    Location
    NH
    Posts
    15
    Rep Power
    5

    Default

    I apologize for my thick headedness, I have not ever written a Zimlet. Would said admin Zimlet consist of purely this particular line of code?

Similar Threads

  1. Multiple Mail Accounts, Folders
    By skwdenyer in forum Users
    Replies: 12
    Last Post: 12-01-2013, 08:52 PM
  2. archiving disabled accounts
    By maumar in forum Administrators
    Replies: 4
    Last Post: 09-08-2008, 12:25 PM
  3. HSP how to count/declare archiving accounts
    By djeebee in forum Administrators
    Replies: 2
    Last Post: 07-30-2008, 08:46 AM
  4. Inaccurate number accounts used
    By zbowden in forum Administrators
    Replies: 1
    Last Post: 12-10-2007, 06:47 AM
  5. Set Zimbra to Automatically Download from POP3 Accounts
    By dbachman in forum Administrators
    Replies: 1
    Last Post: 08-29-2007, 10:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •