password expiry email notification
password expiry email notification
Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.
thanks
kos
thanks
kos
password expiry email notification
[quote user="g_kos"]Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.[/QUOTE]If you're interested in this feature, vote: Bug 26372 – Notify user that their password is going to expire via email or in the webmail UI
password expiry email notification
ok, is it possible to find out the number of days left for the user's password until expiry, preferably from CLI. Thi sway I can script an email notification in cron.
-
- Elite member
- Posts: 1138
- Joined: Fri Sep 12, 2014 10:25 pm
password expiry email notification
You could write a script that uses the zimbraPasswordMaxAge and zimbraPasswordModifiedTime options to check it for an account.
zmprov ga user@domain.com zimbraPasswordMaxAge
zmprov ga user@domain.com zimbraPasswordModifiedTime
zmprov ga user@domain.com zimbraPasswordMaxAge
zmprov ga user@domain.com zimbraPasswordModifiedTime
password expiry email notification
thanks arcane,
i'am writing a script that will go thrugh all the accounts on izmbra, and would send an email notification say, every day a week before the expiration date.
I totally forgot about the zmprov ga
so took a slightly different approach.
ldapsearch -w password -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.xx.xx -b ou=people,dc=domain,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSamAccount))" | awk '/zimbraPasswordModifiedTime:/ {print substr($2,1,8)}'
would post a complete script once I finish it
i'am writing a script that will go thrugh all the accounts on izmbra, and would send an email notification say, every day a week before the expiration date.
I totally forgot about the zmprov ga
so took a slightly different approach.
ldapsearch -w password -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.xx.xx -b ou=people,dc=domain,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSamAccount))" | awk '/zimbraPasswordModifiedTime:/ {print substr($2,1,8)}'
would post a complete script once I finish it
password expiry email notification
guys,
i have wrote a script that would do the job.
it is invoked from cron every day at 0:30. I directly access ldap, in order to obtain the data for all the users in the specific domain. you can set domain in the ldap query string.
this way it is much faster, then using zmprov.
then the output if filtered through awk, where it obtains the last change date for the password, and send a noptification email if the user has less/equal then 7 days to the password expiration date.
/etc/crontab
30 0 * * * zimbra ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h YOUR_IP -b ou=people,dc=YOUR_DOMAIN,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSamAccount))" | awk -f /root/scripts/zm_passwordcheck.awk
cat /root/scripts/zm_passwordcheck.awk
BEGIN {OFS=";";
max_age=60
warn_age=53
curtime=systime();
one_day=24 * 60 * 60
mail_msg="/tmp/password_change_notification.msg"
logfile="/tmp/zimbra_password_change.log"
}
/^dn: / {++no}
/zimbraMailDeliveryAddress:/ {email[no]=$2}
/zimbraPasswordModifiedTime:/ {datescalc($2)}
/displayName:/ {name[no]=substr($0,14)}
END{
for (x = 1; x
days_to_change[x]=pass_change_limit[x] - curtime;
if (curtime
status[x]="no need to notify yet";
}else
if (curtime
send_mail()
status[x]="send notification email"
}else
{days_to_change[x]="overdue";
status[x]="too late to notify"}
# unhash for debugging
#status_log()
}
}
function datescalc (field) {
lc_yyyy[no]=substr($2,1,4);
lc_mm[no]=substr($2,5,2);
lc_dd[no]=substr($2,7,2);
lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
trigger_date[no]=lc_epoch[no] + warn_age * one_day
pass_change_limit[no]=lc_epoch[no] + max_age * one_day
}
function send_mail(field) {
message[x]="From: Password Change Reminder
"
"User-Agent: Zimbra
"
"MIME-Version: 1.0
"
"To: "name[x]"
"
"Subject: Password change reminder (Automatic notification)
"
"Dear " name[x]",
Your current password will expire on " strftime("%d %B %Y ",pass_change_limit[x])".
"
"When you have a free minute, please login to http://mail.YOUR_DOMAIN.com,
"
"enter your current username and password, and change your password to a new one.
"
"You have "strftime("%-j",days_to_change[x])" day(s) left.
"
"yours,
Administrator"
print message[x] > "/tmp/password_change_notification.msg"
system ("zmlmtpinject -r " email[x] " -s support@YOUR_DOMAIN.com " mail_msg " > /dev/null")
close (mail_msg)
}
function status_log(field) {
print "Action: "status[x] "
Name: "name[x] "
Email: "email[x]
print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "
LastChangeDateEpoch: " lc_epoch[x]
print "Current time: " strftime("%Y %m %d", curtime) "
Current time epoch: " curtime
print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "
Trigger time epoch: " trigger_date[x]
print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "
PassChange Limit: " pass_change_limit[x]
print "Time till change: " strftime("%-j",days_to_change[x]) "
Time till change epoch: " days_to_change[x]
print "
"
}
comments and suggestions are welcome
i have wrote a script that would do the job.
it is invoked from cron every day at 0:30. I directly access ldap, in order to obtain the data for all the users in the specific domain. you can set domain in the ldap query string.
this way it is much faster, then using zmprov.
then the output if filtered through awk, where it obtains the last change date for the password, and send a noptification email if the user has less/equal then 7 days to the password expiration date.
/etc/crontab
30 0 * * * zimbra ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h YOUR_IP -b ou=people,dc=YOUR_DOMAIN,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSamAccount))" | awk -f /root/scripts/zm_passwordcheck.awk
cat /root/scripts/zm_passwordcheck.awk
BEGIN {OFS=";";
max_age=60
warn_age=53
curtime=systime();
one_day=24 * 60 * 60
mail_msg="/tmp/password_change_notification.msg"
logfile="/tmp/zimbra_password_change.log"
}
/^dn: / {++no}
/zimbraMailDeliveryAddress:/ {email[no]=$2}
/zimbraPasswordModifiedTime:/ {datescalc($2)}
/displayName:/ {name[no]=substr($0,14)}
END{
for (x = 1; x
days_to_change[x]=pass_change_limit[x] - curtime;
if (curtime
status[x]="no need to notify yet";
}else
if (curtime
send_mail()
status[x]="send notification email"
}else
{days_to_change[x]="overdue";
status[x]="too late to notify"}
# unhash for debugging
#status_log()
}
}
function datescalc (field) {
lc_yyyy[no]=substr($2,1,4);
lc_mm[no]=substr($2,5,2);
lc_dd[no]=substr($2,7,2);
lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
trigger_date[no]=lc_epoch[no] + warn_age * one_day
pass_change_limit[no]=lc_epoch[no] + max_age * one_day
}
function send_mail(field) {
message[x]="From: Password Change Reminder
"
"User-Agent: Zimbra
"
"MIME-Version: 1.0
"
"To: "name[x]"
"
"Subject: Password change reminder (Automatic notification)
"
"Dear " name[x]",
Your current password will expire on " strftime("%d %B %Y ",pass_change_limit[x])".
"
"When you have a free minute, please login to http://mail.YOUR_DOMAIN.com,
"
"enter your current username and password, and change your password to a new one.
"
"You have "strftime("%-j",days_to_change[x])" day(s) left.
"
"yours,
Administrator"
print message[x] > "/tmp/password_change_notification.msg"
system ("zmlmtpinject -r " email[x] " -s support@YOUR_DOMAIN.com " mail_msg " > /dev/null")
close (mail_msg)
}
function status_log(field) {
print "Action: "status[x] "
Name: "name[x] "
Email: "email[x]
print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "
LastChangeDateEpoch: " lc_epoch[x]
print "Current time: " strftime("%Y %m %d", curtime) "
Current time epoch: " curtime
print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "
Trigger time epoch: " trigger_date[x]
print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "
PassChange Limit: " pass_change_limit[x]
print "Time till change: " strftime("%-j",days_to_change[x]) "
Time till change epoch: " days_to_change[x]
print "
"
}
comments and suggestions are welcome
password expiry email notification
I can't get work this scirpt. I've change ldapsearch command to:
ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.3.101 -b ou=people,dc=engine,dc=pl "(&(objectclass=zimbraAccount)(objectclass=organizationalPerson))
but the awk still returns nothing.
ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.3.101 -b ou=people,dc=engine,dc=pl "(&(objectclass=zimbraAccount)(objectclass=organizationalPerson))
but the awk still returns nothing.
password expiry email notification
If you copied and pasted that from your CLI did you intend to add the space in the word organizationalPerson ?
password expiry email notification
Nope, just type here. In CLI ldapsearh returns users from zimbra but the script returns nothing.
password expiry email notification
So that single line ldapsearch works ? The post before said the awk line does not work ?