Bulk generation of Application Passcodes

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
vook
Posts: 2
Joined: Fri Mar 22, 2019 11:52 pm

Bulk generation of Application Passcodes

Post by vook »

Hi all,

Is there a way to bulk generate application passwords/passcodes for all users (from the CLI, dumping them to standard output) ? I've parsed through zmprov and other tools and nothing has jumped out at me. We're using 8.7.1.GA.

Thanks
vook
Posts: 2
Joined: Fri Mar 22, 2019 11:52 pm

Re: Bulk generation of Application Passcodes

Post by vook »

I adapted a python script from Sandro Mello (https://gist.github.com/sandromello/b2b ... ae12e2b817) to solve this and then called it from a for loop. It's useful for migration away from Zimbra.

Code: Select all

#!/usr/bin/env python

import xml.etree.ElementTree as ET
import requests
import os,sys

url = 'https://<ZIMBRA_SERVER_URL>:7071/service/admin/soap'
headers = { 'Content-Type': 'application/soap+xml' }

# Get the credentials through zmlocalconfig
# zmlocalconfig zimbra_user
# zmlocalconfig -s zimbra_ldap_password

zimbra_user = 'zimbra'
zimbra_password = '<ZIMBRA_LDAP_PASSWORD>'
target_user = sys.argv[1]

token_xml = '<?xml version="1.0" ?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">\
<soap:Header><context xmlns="urn:zimbra"><format type="xml"/></context></soap:Header><soap:Body><AuthRequest xmlns="urn:zimbraAdmin">\
<name>%s</name><password>%s</password></AuthRequest></soap:Body></soap:Envelope>' % (zimbra_user, zimbra_password)

r = requests.post(url, data=token_xml, headers=headers)
# Got the admin token, now you can get the delegated token to act on behalf a specific account
admin_token = ET.fromstring(r.content).find('.//{urn:zimbraAdmin}authToken').text

username_to_act_on_behalf = target_user

delegated_token_xml = '<?xml version="1.0" ?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra">\
<authToken>%s</authToken></context></soap:Header><soap:Body><DelegateAuthRequest duration="86400" xmlns="urn:zimbraAdmin">\
<account by="name">%s</account></DelegateAuthRequest></soap:Body></soap:Envelope>' % (admin_token, username_to_act_on_behalf)

r = requests.post(url, data=delegated_token_xml, headers=headers)
delegated_token = ET.fromstring(r.content).find('.//{urn:zimbraAdmin}authToken').text

info_request_xml = '<?xml version="1.0" ?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">\
<soap:Header><context xmlns="urn:zimbra"><authToken>%s</authToken><session/><account by="name">%s</account><userAgent name="zclient" version="8.0.7_GA_6020"/></context></soap:Header>\
<soap:Body><CreateAppSpecificPasswordRequest appName="Migration-DO-NOT-REVOKE" rights="" xmlns="urn:zimbraAccount"/>\
</soap:Body></soap:Envelope>' % (delegated_token, username_to_act_on_behalf)

# Now you can start using the main url
main_url = 'https://<ZIMBRA_SERVER_URL>/service/soap'

r = requests.post(main_url, data=info_request_xml, headers=headers)
print(r.content)
Post Reply