Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: password expiry email notification

  1. #1
    Join Date
    Nov 2009
    Posts
    8
    Rep Power
    5

    Default password expiry email notification

    Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.

    thanks
    kos

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by g_kos View Post
    Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.
    If you're interested in this feature, vote: Bug 26372 – Notify user that their password is going to expire via email or in the webmail UI
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2009
    Posts
    8
    Rep Power
    5

    Default

    ok, is it possible to find out the number of days left for the user's password until expiry, preferably from CLI. Thi sway I can script an email notification in cron.

  4. #4
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    You could write a script that uses the zimbraPasswordMaxAge and zimbraPasswordModifiedTime options to check it for an account.

    Code:
    zmprov ga user@domain.com zimbraPasswordMaxAge
    zmprov ga user@domain.com zimbraPasswordModifiedTime

  5. #5
    Join Date
    Nov 2009
    Posts
    8
    Rep Power
    5

    Default

    thanks arcane,

    i'am writing a script that will go thrugh all the accounts on izmbra, and would send an email notification say, every day a week before the expiration date.


    I totally forgot about the zmprov ga
    so took a slightly different approach.

    ldapsearch -w password -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.xx.xx -b ou=people,dc=domain,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSam Account))" | awk '/zimbraPasswordModifiedTime:/ {print substr($2,1,8)}'


    would post a complete script once I finish it

  6. #6
    Join Date
    Nov 2009
    Posts
    8
    Rep Power
    5

    Default

    guys,

    i have wrote a script that would do the job.
    it is invoked from cron every day at 0:30. I directly access ldap, in order to obtain the data for all the users in the specific domain. you can set domain in the ldap query string.
    this way it is much faster, then using zmprov.

    then the output if filtered through awk, where it obtains the last change date for the password, and send a noptification email if the user has less/equal then 7 days to the password expiration date.


    /etc/crontab
    30 0 * * * zimbra ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h YOUR_IP -b ou=people,dc=YOUR_DOMAIN,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSam Account))" | awk -f /root/scripts/zm_passwordcheck.awk



    cat /root/scripts/zm_passwordcheck.awk
    BEGIN {OFS=";";
    max_age=60
    warn_age=53
    curtime=systime();
    one_day=24 * 60 * 60
    mail_msg="/tmp/password_change_notification.msg"
    logfile="/tmp/zimbra_password_change.log"
    }


    /^dn: / {++no}
    /zimbraMailDeliveryAddress:/ {email[no]=$2}
    /zimbraPasswordModifiedTime:/ {datescalc($2)}
    /displayName:/ {name[no]=substr($0,14)}



    END{
    for (x = 1; x <= no; x++) {

    days_to_change[x]=pass_change_limit[x] - curtime;

    if (curtime < trigger_date[x]) {
    status[x]="no need to notify yet";
    }else
    if (curtime <= pass_change_limit[x]) {
    send_mail()
    status[x]="send notification email"
    }else
    {days_to_change[x]="overdue";
    status[x]="too late to notify"}

    # unhash for debugging
    #status_log()
    }
    }

    function datescalc (field) {
    lc_yyyy[no]=substr($2,1,4);
    lc_mm[no]=substr($2,5,2);
    lc_dd[no]=substr($2,7,2);
    lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
    trigger_date[no]=lc_epoch[no] + warn_age * one_day
    pass_change_limit[no]=lc_epoch[no] + max_age * one_day
    }

    function send_mail(field) {
    message[x]="From: Password Change Reminder <support@YOUR_DOMAIN.com>\n" \
    "User-Agent: Zimbra\n" \
    "MIME-Version: 1.0\n" \
    "To: "name[x]" <"email[x]">\n" \
    "Subject: Password change reminder (Automatic notification)\n\n" \
    "Dear " name[x]",\n\nYour current password will expire on " strftime("&#37;d %B %Y ",pass_change_limit[x])".\n" \
    "When you have a free minute, please login to http://mail.YOUR_DOMAIN.com,\n" \
    "enter your current username and password, and change your password to a new one.\n\n" \
    "You have "strftime("%-j",days_to_change[x])" day(s) left.\n\n\n" \
    "yours,\nAdministrator"
    print message[x] > "/tmp/password_change_notification.msg"
    system ("zmlmtpinject -r " email[x] " -s support@YOUR_DOMAIN.com " mail_msg " > /dev/null")
    close (mail_msg)
    }

    function status_log(field) {
    print "Action: "status[x] "\nName: "name[x] "\nEmail: "email[x]
    print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "\nLastChangeDateEpoch: " lc_epoch[x]
    print "Current time: " strftime("%Y %m %d", curtime) "\nCurrent time epoch: " curtime
    print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "\nTrigger time epoch: " trigger_date[x]
    print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "\nPassChange Limit: " pass_change_limit[x]
    print "Time till change: " strftime("%-j",days_to_change[x]) "\nTime till change epoch: " days_to_change[x]
    print "\n\n\n"
    }




    comments and suggestions are welcome
    Last edited by g_kos; 12-16-2009 at 08:37 AM.

  7. #7
    Join Date
    Oct 2010
    Location
    Poland
    Posts
    5
    Rep Power
    5

    Default

    I can't get work this scirpt. I've change ldapsearch command to:
    ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.3.101 -b ou=people,dc=engine,dc=pl "(&(objectclass=zimbraAccount)(objectclass=organiz ationalPerson))

    but the awk still returns nothing.

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If you copied and pasted that from your CLI did you intend to add the space in the word organizationalPerson ?

  9. #9
    Join Date
    Oct 2010
    Location
    Poland
    Posts
    5
    Rep Power
    5

    Default

    Nope, just type here. In CLI ldapsearh returns users from zimbra but the script returns nothing.

  10. #10
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    So that single line ldapsearch works ? The post before said the awk line does not work ?

Similar Threads

  1. [SOLVED] mailboxmanager does not start
    By jrefl5 in forum Administrators
    Replies: 18
    Last Post: 01-30-2012, 10:40 PM
  2. [SOLVED] Moving Zimbra to a new server
    By krolen in forum Administrators
    Replies: 109
    Last Post: 02-05-2009, 10:38 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 02:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •