Thread: Educational Institution Adopting Zimbra
View Single Post
  #3 (permalink)  
Old 09-20-2005, 10:50 AM
marcmac marcmac is offline
Zimbra Employee
  
Posts: 2,103
Default Last logon timestamp
Quote:
Originally Posted by dmcushing

2. I am sure this is probably on the roadmap, but a script/job/admin function that could delete users that have had no activity in XX number of days?
There are 2 ldap attributes that can be used for this - one is a config attribute, zimbraLastLogonTimestampFrequency - which controls the frequency of update for the zimbraLastLogonTimestamp, which is an account attribute. zmprov gacf will show the config attributes, and zmprov ga <account> will show the account attributes.

How this works: When you log on, the current time is compared to the zimbraLastLogonTimestamp. If the difference is less than the zimbraLastLogonTimestampFrequency (default 7 days) then the last zimbraLastLogonTimestamp is updated. (We do this to cut down on writes to ldap on logon). So, in essence, the frequency attribute controls the granularity of the logon timestamp - it will be no more accurate than the frequency value.

So, to expire accounts that have been inactive for X days, in a system with the timestamp frequency set to 7 days, you'll want to search for all accounts that have a logon timestamp older than X+7 days.

Quote:
Originally Posted by dmcushing

I am not a programmer/coder, so tackling some of these projects is beyond my ability - I am just curious as to whether or not they are do-able with the existing Zimbra (should I be able to kidnap one of our programmers), or whether I would have to wait for a later release before pushing ahead with the project. I do a lot of server side scripting, so if there is some sort of API that I could pass info to for authentication, adding users, etc. then I could probably tackle it myself - more documentation would be a great boon.
Code:
#!/usr/bin/perl

my $days = $ARGV[0];

$days = 30 unless (defined $days);

my $now = time();
my $lastMonth = $now - (60*60*24*($days+7)); # $days + 7 day expiry

my @s = localtime($lastMonth);

#YYYYMMDDDhhmmss
my $lastStamp = sprintf ("%04d%02d%02d%02d%02d%02d",
        $s[5]+1900,$s[4]+1,$s[3],$s[2],$s[1],$s[0]);

print "Expiring accounts idle since $lastStamp\n";

open ACCOUNTS, "/opt/zimbra/bin/zmprov gaa |" or 
        die "Can't open accounts: $!";
my @accounts = <ACCOUNTS>;
close ACCOUNTS;

chomp @accounts;

foreach (@accounts) {
        my $st = `/opt/zimbra/bin/zmprov ga $_ | grep zimbraLastLogonTimestamp | sed -e 's/zimbraLastLogonTimestamp: //'`;
        chomp $st;
        $st =~ s/Z$//;
        if ($st < $lastStamp) {
                print "Expiring account $_: $st\n";
                #`/opt/zimbra/bin/zmprov da $_\n`;
        }
}
This should do what you want. NOTE - I've commented out the actual delete account line - please test this before you run it
Reply With Quote