Welcoming script
Welcoming script
Can zimbra generate an automatic welcoming screen to all its firts time users when they log in??
Just like other mailing system i think it is very important.
lisa
Just like other mailing system i think it is very important.
lisa
-
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Welcoming script
We've already done this by a zimlet.lisasali wrote:Can zimbra generate an automatic welcoming screen to all its firts time users when they log in??
It's yet a bit hackish as it stores the data in the mailboxd node's local mysql database,
we probably should use LDAP instead. But it works quite well, eg. in a big international
bank.
-
- Outstanding Member
- Posts: 366
- Joined: Fri Sep 12, 2014 10:31 pm
Welcoming script
Here is a simple example zimlet creating a welcome message that show up only the first time the user log in.
This use a zimlet user properties (stored in LDAP) to check if this is the first time the user log in.
zimlet_welcome.zip
This use a zimlet user properties (stored in LDAP) to check if this is the first time the user log in.
zimlet_welcome.zip
-
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Welcoming script
[quote]HERE IS A SIMPLE EXAMPLE ZIMLET CREATING A WELCOME MESSAGE THAT SHOW UP ONLY THE FIRST TIME THE USER LOG IN :
THIS USE A ZIMLET USER PROPERTIES (STORED IN LDAP) TO CHECK IF THIS IS THE FIRST TIME THE USER LOG IN.[/QUOTE]
ARE YOU SURE, THESE PROPERTIES YOU SET ON *CLIENT* SIDE WITH THE
[QUOTE]
THIS.SETUSERPROPERTY(...)
[/QUOTE]
CALL ARE REALLY WRITTEN BACK TO LDAP ?
I REALLY DOUBT IT, AS IT WOULD BE A BIG SECURITY HOLE.
THIS USE A ZIMLET USER PROPERTIES (STORED IN LDAP) TO CHECK IF THIS IS THE FIRST TIME THE USER LOG IN.[/QUOTE]
ARE YOU SURE, THESE PROPERTIES YOU SET ON *CLIENT* SIDE WITH THE
[QUOTE]
THIS.SETUSERPROPERTY(...)
[/QUOTE]
CALL ARE REALLY WRITTEN BACK TO LDAP ?
I REALLY DOUBT IT, AS IT WOULD BE A BIG SECURITY HOLE.
-
- Outstanding Member
- Posts: 366
- Joined: Fri Sep 12, 2014 10:31 pm
Welcoming script
If you have doubts, then just use an ldap explorer software and check your ldap.
The user preferences, including zimlets user preferences are in your LDAP.
Why do you think this is a big security hole?
The user preferences, including zimlets user preferences are in your LDAP.
Why do you think this is a big security hole?
-
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Welcoming script
The question isn't whether they are store in LDAP, but whether the frontendtdesorbaix wrote:
The user preferences, including zimlets user preferences are in your LDAP.
javascript code can simply overwrite them.
Because the user then can arbitrarily change them at will.
Why do you think this is a big security hole?
-
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Welcoming script
By the way: did you already confirm that they're actually written back to LDAP when changing them this way ?
-
- Outstanding Member
- Posts: 366
- Joined: Fri Sep 12, 2014 10:31 pm
Welcoming script
Of course the user can change them, since this is user preferences.
Also, you don't even need the javascript frontend.
The changes are made by a soap request (called by the javascript).
So you just need to make the correct soap request.
And yes, I confirm that this overwrite the values in ldap.
Also, you don't even need the javascript frontend.
The changes are made by a soap request (called by the javascript).
So you just need to make the correct soap request.
And yes, I confirm that this overwrite the values in ldap.
-
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Welcoming script
Oh, that really *has* security impact in certain environments (not an unusualtdesorbaix wrote:
Of course the user can change them, since this is user preferences.
customer requirement in our projects) users should not be allowed to change
certain user properties.
Do you know which things are stored there ?
-
- Outstanding Member
- Posts: 366
- Joined: Fri Sep 12, 2014 10:31 pm
Welcoming script
It's not like the user can modify everything in the LDAP.
I use the word preferences instead of properties on purpose.
The values the user can modify are the values corresponding to the preferences you can find in the User Web Client preferences tab, and the zimlets user preferences.
As example, there is a user property to enable/disable the Calendar feature, but it can't be changed by the user, only the admins can change it.
I use the word preferences instead of properties on purpose.
The values the user can modify are the values corresponding to the preferences you can find in the User Web Client preferences tab, and the zimlets user preferences.
As example, there is a user property to enable/disable the Calendar feature, but it can't be changed by the user, only the admins can change it.