password expiry email notification

ArcaneMagus · Post by **ArcaneMagus** » Thu Feb 10, 2011 11:54 am

This forum has a bug where it randomly adds spaces in some words when they aren't wrapped in a

 block, it usually only shows up in LDAP filters though, not sure why. Anyway...
It looks like you only pasted part of the command as the full one looks like this (and works for me on 6.0.10 at least):

ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.1.6 -b ou=people,dc=domain,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSamAccount))" | awk '/zimbraPasswordModifiedTime:/ {print substr($2,1,8)}'

20081016

20101115

...
I'm not sure which "awk" isn't working for you, the first or second? The first is to split out the password only from the response of the zmlocalconfig query, the second is what actually gets the password modified times.

2315smaj · Post by **2315smaj** » Fri Feb 11, 2011 1:50 am

Yep, the ldapsearch command returns all zimbra users in domain. But the awk script don't work. It's even creating temp files in /tmp - just run and return 0.
I used ldapsearch command and awk script from second g_cos post.

ArcaneMagus · Post by **ArcaneMagus** » Fri Feb 11, 2011 12:50 pm

So it's creating the "/tmp/password_change_notification.msg" file? And this file looks like a raw mail message?
is the cron entry setup to run as the zimbra user?

2315smaj · Post by **2315smaj** » Tue Feb 15, 2011 9:51 am

Thx, everything works fine now. Debug function was realy useful.

jummo · Post by **jummo** » Thu Sep 22, 2011 8:27 am

@g_kos: Thank you for your script!
I have extend the script a little bit to handle multi-domain setups.

Usage

Code: Select all

su - zimbra

/usr/local/bin/zm_password_notify.sh example.com example.net ...

Scripts
zm_password_notify.sh

Code: Select all

#!/bin/bash
for i in $@; do
domain=$(echo $i | sed -e 's/(.*)./dc=1,dc=/')

ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` 
 -D uid=zimbra,cn=admins,cn=zimbra -x -h mail.example.com 
 -b ou=people,${domain} 
 "(&(objectclass=zimbraAccount)(!(objectclass=zimbraCalendarResource)))" 
 zimbraMailDeliveryAddress 
 zimbraPasswordModifiedTime 

 displayName | awk -f /usr/local/bin/zm_password_notify.awk

done

zm_password_notify.awk

BEGIN {OFS=";";
max_age=30
warn_age=25
curtime=systime();
one_day=24 * 60 * 60
mail_msg="/tmp/password_change_notification.msg"
logfile="/tmp/zimbra_password_change.log"
}

/^dn: / {++no}
/zimbraMailDeliveryAddress:/ {email[no]=$2}
/zimbraPasswordModifiedTime:/ {datescalc($2)}
/displayName:/ {name[no]=substr($0,14)}

END{
for (x = 1; x 
days_to_change[x]=pass_change_limit[x] - curtime;

if (curtime 
status[x]="no need to notify yet";
}else

if (curtime 
send_mail()
status[x]="send notification email"
}else

{days_to_change[x]="overdue";
status[x]="too late to notify"}

# unhash for debugging
#status_log()
}
}

function datescalc (field) {
lc_yyyy[no]=substr($2,1,4);
lc_mm[no]=substr($2,5,2);
lc_dd[no]=substr($2,7,2);
lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
trigger_date[no]=lc_epoch[no] + warn_age * one_day
pass_change_limit[no]=lc_epoch[no] + max_age * one_day
}

function send_mail(field) {
# get domain
domain=email[x];
sub(/.*@/, "", domain);
message[x]="From: Password Change Reminder 
" 
"User-Agent: Zimbra
" 

"MIME-Version: 1.0
" 

"To: "name[x]" 
" 
"Subject: Password change reminder (Automatic notification)

" 

"Dear " name[x]",

Your current password will expire on " strftime("%d %B %Y ",pass_change_limit[x])".
" 

"When you have a free minute, please login to https://mail."domain",
" 

"enter your current username and password, and change your password to a new one.

" 
"You have "strftime("%-j",days_to_change[x])" day(s) left.
" 

"Regards,
IT-Support"

print message[x] > "/tmp/password_change_notification.msg"
system ("zmlmtpinject -r " email[x] " -s it-support@"domain " " mail_msg " > /dev/null")
close (mail_msg)
}

function status_log(field) {

print "Action: "status[x] "
Name: "name[x] "
Email: "email[x]

print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "
LastChangeDateEpoch: " lc_epoch[x]

print "Current time: " strftime("%Y %m %d", curtime) "
Current time epoch: " curtime

print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "
Trigger time epoch: " trigger_date[x]

print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "
PassChange Limit: " pass_change_limit[x]

print "Time till change: " strftime("%-j",days_to_change[x]) "
Time till change epoch: " days_to_change[x]

print "
"
}

ccelis5215 · Post by **ccelis5215** » Fri Dec 06, 2013 4:41 pm

jummo wrote:@g_kos: Thank you for your script!
I have extend the script a little bit to handle multi-domain setups.

Usage

su - zimbra

/usr/local/bin/zm_password_notify.sh example.com example.net ...

Scripts
zm_password_notify.sh

#!/bin/bash

for i in $@; do

domain=$(echo $i | sed -e 's/(.*)./dc=1,dc=/')

ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'`

-D uid=zimbra,cn=admins,cn=zimbra -x -h mail.example.com

-b ou=people,${domain}

"(&(objectclass=zimbraAccount)(!(objectclass=zimbraCalendarResource)))"

zimbraMailDeliveryAddress

zimbraPasswordModifiedTime

displayName | awk -f /usr/local/bin/zm_password_notify.awk

done

zm_password_notify.awk

BEGIN {OFS=";";

max_age=30

warn_age=25

curtime=systime();

one_day=24 * 60 * 60

mail_msg="/tmp/password_change_notification.msg"

logfile="/tmp/zimbra_password_change.log"

}

/^dn: / {++no}

/zimbraMailDeliveryAddress:/ {email[no]=$2}

/zimbraPasswordModifiedTime:/ {datescalc($2)}

/displayName:/ {name[no]=substr($0,14)}

END{

for (x = 1; x

days_to_change[x]=pass_change_limit[x] - curtime;

if (curtime
status[x]="no need to notify yet";

}else

if (curtime
send_mail()

status[x]="send notification email"

}else

{days_to_change[x]="overdue";

status[x]="too late to notify"}

# unhash for debugging

#status_log()

}

}

function datescalc (field) {

lc_yyyy[no]=substr($2,1,4);

lc_mm[no]=substr($2,5,2);

lc_dd[no]=substr($2,7,2);

lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")

trigger_date[no]=lc_epoch[no] + warn_age * one_day

pass_change_limit[no]=lc_epoch[no] + max_age * one_day

}

function send_mail(field) {

# get domain

domain=email[x];

sub(/.*@/, "", domain);

message[x]="From: Password Change Reminder
"

"User-Agent: Zimbra
"

"MIME-Version: 1.0
"

"To: "name[x]"
"

"Subject: Password change reminder (Automatic notification)

"

"Dear " name[x]",

Your current password will expire on " strftime("%d %B %Y ",pass_change_limit[x])".
"

"When you have a free minute, please login to https://mail.
"

"enter your current username and password, and change your password to a new one.

"

"You have "strftime("%-j",days_to_change[x])" day(s) left.

"

"Regards,
IT-Support"

print message[x] > "/tmp/password_change_notification.msg"

system ("zmlmtpinject -r " email[x] " -s it-support@"domain " " mail_msg " > /dev/null")

close (mail_msg)

}

function status_log(field) {

print "Action: "status[x] "
Name: "name[x] "
Email: "email[x]

print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "
LastChangeDateEpoch: " lc_epoch[x]

print "Current time: " strftime("%Y %m %d", curtime) "
Current time epoch: " curtime

print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "
Trigger time epoch: " trigger_date[x]

print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "
PassChange Limit: " pass_change_limit[x]

print "Time till change: " strftime("%-j",days_to_change[x]) "
Time till change epoch: " days_to_change[x]

print "

"

}

Thanks, works like a charm!
Just tweak a little bit on ldapsearch to fit our requirements.
ccelis

Dymx · Post by **Dymx** » Wed Oct 18, 2017 9:23 am

This script isnt working because errors in awk file.

Code: Select all

awk: /opt/zimbra/scripts/zm_password_notify.awk:22: for (x = 1; x
awk: /opt/zimbra/scripts/zm_password_notify.awk:22:              ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:25: if (curtime
awk: /opt/zimbra/scripts/zm_password_notify.awk:25:            ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:27: }else
awk: /opt/zimbra/scripts/zm_password_notify.awk:27:  ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:31: send_mail()
awk: /opt/zimbra/scripts/zm_password_notify.awk:31:            ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:33: status[x]="send notification email"
awk: /opt/zimbra/scripts/zm_password_notify.awk:33:                                    ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:36: {days_to_change[x]="overdue";
awk: /opt/zimbra/scripts/zm_password_notify.awk:36:                             ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:38: status[x]="too late to notify"}
awk: /opt/zimbra/scripts/zm_password_notify.awk:38:                               ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:48: function datescalc (field) {
awk: /opt/zimbra/scripts/zm_password_notify.awk:48:                            ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:50: lc_yyyy[no]=substr($2,1,4);
awk: /opt/zimbra/scripts/zm_password_notify.awk:50:                           ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:51: lc_mm[no]=substr($2,5,2);
awk: /opt/zimbra/scripts/zm_password_notify.awk:51:                         ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:52: lc_dd[no]=substr($2,7,2);
awk: /opt/zimbra/scripts/zm_password_notify.awk:52:                         ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:54: lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
awk: /opt/zimbra/scripts/zm_password_notify.awk:54:                                                                    ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:55: trigger_date[no]=lc_epoch[no] + warn_age * one_day
awk: /opt/zimbra/scripts/zm_password_notify.awk:55:                                                   ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:56: pass_change_limit[no]=lc_epoch[no] + max_age * one_day
awk: /opt/zimbra/scripts/zm_password_notify.awk:56:                                                       ^ unexpected newline or end of string
awk: /opt/zimbra/scripts/zm_password_notify.awk:60: function send_mail(field) {
awk: /opt/zimbra/scripts/zm_password_notify.awk:60:                           ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:63: domain=email[x];
awk: /opt/zimbra/scripts/zm_password_notify.awk:63:                ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:64: sub(/.*@/, "", domain);
awk: /opt/zimbra/scripts/zm_password_notify.awk:64:                       ^ syntax error
awk: /opt/zimbra/scripts/zm_password_notify.awk:66: message[x]="From: Password Change Reminder
awk: /opt/zimbra/scripts/zm_password_notify.awk:66:            ^ unterminated string
awk: /opt/zimbra/scripts/zm_password_notify.awk:66: message[x]="From: Password Change Reminder
awk: /opt/zimbra/scripts/zm_password_notify.awk:66:            ^ syntax error

gianko · Post by **gianko** » Wed Dec 29, 2021 9:39 am

Is there a command that shows us the dates of all changes to a user's password?
The command
zmprov sa -v "mail=user@domain.com" | egrep '^ mail: | zimbraPasswordModifiedTime: | ^ $ '
shows us only the last change

Zimbra Forums