Notify Locked/Inactive accounts

[andremta]

Is there any way to notify the admin when any account went lock/inactive?

[ArcaneMagus]

Well since an account being marked as Locked would require an admin to do this manually in the first place... why should the Administrator be notified about the action they just took?

[andremta]

Quote:

Originally Posted by ArcaneMagus

Well since an account being marked as Locked would require an admin to do this manually in the first place... why should the Administrator be notified about the action they just took?

Is it possible to implement these notifications? I just want to know which users are probably no longer (inactive) working with us. Cause very often HR forget to ask me to close their account.

[ArcaneMagus]

Are you asking for a notification of when an account gets locked (not an automatic process... as I said this is a manual action of the Administrator), or a notification of when a user has been inactive for x days?

[andremta]

Quote:

Originally Posted by ArcaneMagus

Are you asking for a notification of when an account gets locked (not an automatic process... as I said this is a manual action of the Administrator), or a notification of when a user has been inactive for x days?

Both ArcaneMagnus, but for my job the "inactive" notification is more useful.

[ArcaneMagus]

To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change. The line would look something like this:

Code:

2009-11-16 15:55:13,715 INFO  [btpool0-767://email.domain.com:7071/service/admin/soap/ModifyAccountRequest] [name=admin@domain.com;mid=2;ip=192.168.1.244;ua=ZimbraWebClient - [unknown] (Win);] security - cmd=ModifyAccount; name=user1@domain.com; zimbraMailStatus=enabled; zimbraAccountStatus=locked;

As for the second of getting a notification of when an account has been inactive for a long period of time, your best bet would be to either use the built in "Inactive Accounts" searches for 30 or 90 days, or adding your own custom one following along the model of those two searches. You would need to add this via the command line though since you can't put in a dynamic search on the time stamp in the web UI. Here is an example for a 60 day search:

Code:

zmprov ma admin@domain.com +zimbraAdminSavedSearches "Inactive Accounts (60 days) : (zimbraLastLogonTimestamp<=###JSON:{func: ZaSearch.getTimestampByDays, args:[-60]}###)"

But this isn't really a notification, if you specifically wanted a notification the only way that I could think of would be to write a script that parsed the output of

Code:

zmprov ga user1@domain.com | grep "zimbraLastLogonTimestamp:"

for every account and determined if it was past your threshold. Put this script in a cron job to run every week or so and email you the results.

[andremta]

Quote:

Originally Posted by ArcaneMagus

To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change. The line would look something like this:

Code:

2009-11-16 15:55:13,715 INFO  [btpool0-767://email.domain.com:7071/service/admin/soap/ModifyAccountRequest] [name=admin@domain.com;mid=2;ip=192.168.1.244;ua=ZimbraWebClient - [unknown] (Win);] security - cmd=ModifyAccount; name=user1@domain.com; zimbraMailStatus=enabled; zimbraAccountStatus=locked;

As for the second of getting a notification of when an account has been inactive for a long period of time, your best bet would be to either use the built in "Inactive Accounts" searches for 30 or 90 days, or adding your own custom one following along the model of those two searches. You would need to add this via the command line though since you can't put in a dynamic search on the time stamp in the web UI. Here is an example for a 60 day search:

Code:

zmprov ma admin@domain.com +zimbraAdminSavedSearches "Inactive Accounts (60 days) : (zimbraLastLogonTimestamp<=###JSON:{func: ZaSearch.getTimestampByDays, args:[-60]}###)"

But this isn't really a notification, if you specifically wanted a notification the only way that I could think of would be to write a script that parsed the output of

Code:

zmprov ga user1@domain.com | grep "zimbraLastLogonTimestamp:"

for every account and determined if it was past your threshold. Put this script in a cron job to run every week or so and email you the results.

Thanks ArcaneMagus, you're the man

[jimm]

Has anyone gotten this to work? It would be extremely helpful if i could get notified when an account gets locked out. I see the code above but not sure exactly what to enter in the places where it would be specific to our server name etc. Or where to run line from, does it need to be a cron job on the server??

Thanks-Jim

[phoenix]

Quote:

Originally Posted by jimm

Has anyone gotten this to work? It would be extremely helpful if i could get notified when an account gets locked out. I see the code above but not sure exactly what to enter in the places where it would be specific to our server name etc. Or where to run line from, does it need to be a cron job on the server??

It tells you in one of the earlier posts:

Quote:

Originally Posted by ArcaneMagus

To get automatic notifications of the first you would need to write an admin Zimlet to send an alert every time an account was marked locked. You could also look into writing something that watches /opt/zimbra/log/audit.log for lines showing an account status change.

[jimm]

I apologize for my thick headedness, I have not ever written a Zimlet. Would said admin Zimlet consist of purely this particular line of code?