password expiry email notification

[g_kos]

Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.

thanks
kos

[phoenix]

Quote:

Originally Posted by g_kos

Is it possible to configure zimbra to send out a notification email, specifying that a password will expire in X days, and has to be changed.

If you're interested in this feature, vote: Bug 26372 – Notify user that their password is going to expire via email or in the webmail UI

[g_kos]

ok, is it possible to find out the number of days left for the user's password until expiry, preferably from CLI. Thi sway I can script an email notification in cron.

[ArcaneMagus]

You could write a script that uses the zimbraPasswordMaxAge and zimbraPasswordModifiedTime options to check it for an account.

Code:

zmprov ga user@domain.com zimbraPasswordMaxAge
zmprov ga user@domain.com zimbraPasswordModifiedTime

[g_kos]

thanks arcane,

i'am writing a script that will go thrugh all the accounts on izmbra, and would send an email notification say, every day a week before the expiration date.


I totally forgot about the zmprov ga
so took a slightly different approach.

ldapsearch -w password -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.xx.xx -b ou=people,dc=domain,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSam Account))" | awk '/zimbraPasswordModifiedTime:/ {print substr($2,1,8)}'


would post a complete script once I finish it

[g_kos]

guys,

i have wrote a script that would do the job.
it is invoked from cron every day at 0:30. I directly access ldap, in order to obtain the data for all the users in the specific domain. you can set domain in the ldap query string.
this way it is much faster, then using zmprov.

then the output if filtered through awk, where it obtains the last change date for the password, and send a noptification email if the user has less/equal then 7 days to the password expiration date.


/etc/crontab
30 0 * * * zimbra ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h YOUR_IP -b ou=people,dc=YOUR_DOMAIN,dc=com "(&(objectclass=posixAccount)(objectclass=sambaSam Account))" | awk -f /root/scripts/zm_passwordcheck.awk



cat /root/scripts/zm_passwordcheck.awk
BEGIN {OFS=";";
max_age=60
warn_age=53
curtime=systime();
one_day=24 * 60 * 60
mail_msg="/tmp/password_change_notification.msg"
logfile="/tmp/zimbra_password_change.log"
}


/^dn: / {++no}
/zimbraMailDeliveryAddress:/ {email[no]=$2}
/zimbraPasswordModifiedTime:/ {datescalc($2)}
/displayName:/ {name[no]=substr($0,14)}



END{
for (x = 1; x <= no; x++) {

days_to_change[x]=pass_change_limit[x] - curtime;

if (curtime < trigger_date[x]) {
status[x]="no need to notify yet";
}else
if (curtime <= pass_change_limit[x]) {
send_mail()
status[x]="send notification email"
}else
{days_to_change[x]="overdue";
status[x]="too late to notify"}

# unhash for debugging
#status_log()
}
}

function datescalc (field) {
lc_yyyy[no]=substr($2,1,4);
lc_mm[no]=substr($2,5,2);
lc_dd[no]=substr($2,7,2);
lc_epoch[no]=mktime(lc_yyyy[no]" "lc_mm[no]" "lc_dd[no]" 00 00 00")
trigger_date[no]=lc_epoch[no] + warn_age * one_day
pass_change_limit[no]=lc_epoch[no] + max_age * one_day
}

function send_mail(field) {
message[x]="From: Password Change Reminder <support@YOUR_DOMAIN.com>\n" \
"User-Agent: Zimbra\n" \
"MIME-Version: 1.0\n" \
"To: "name[x]" <"email[x]">\n" \
"Subject: Password change reminder (Automatic notification)\n\n" \
"Dear " name[x]",\n\nYour current password will expire on " strftime("%d %B %Y ",pass_change_limit[x])".\n" \
"When you have a free minute, please login to http://mail.YOUR_DOMAIN.com,\n" \
"enter your current username and password, and change your password to a new one.\n\n" \
"You have "strftime("%-j",days_to_change[x])" day(s) left.\n\n\n" \
"yours,\nAdministrator"
print message[x] > "/tmp/password_change_notification.msg"
system ("zmlmtpinject -r " email[x] " -s support@YOUR_DOMAIN.com " mail_msg " > /dev/null")
close (mail_msg)
}

function status_log(field) {
print "Action: "status[x] "\nName: "name[x] "\nEmail: "email[x]
print "LastChangeDate: " strftime("%Y %m %d", lc_epoch[x]) "\nLastChangeDateEpoch: " lc_epoch[x]
print "Current time: " strftime("%Y %m %d", curtime) "\nCurrent time epoch: " curtime
print "Trigger time: " strftime("%Y %m %d", trigger_date[x]) "\nTrigger time epoch: " trigger_date[x]
print "PassChange Limit: " strftime("%Y %m %d", pass_change_limit[x]) "\nPassChange Limit: " pass_change_limit[x]
print "Time till change: " strftime("%-j",days_to_change[x]) "\nTime till change epoch: " days_to_change[x]
print "\n\n\n"
}




comments and suggestions are welcome

[smaj]

I can't get work this scirpt. I've change ldapsearch command to:
ldapsearch -w `zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` -D uid=zimbra,cn=admins,cn=zimbra -x -h 192.168.3.101 -b ou=people,dc=engine,dc=pl "(&(objectclass=zimbraAccount)(objectclass=organiz ationalPerson))

but the awk still returns nothing.

[uxbod]

If you copied and pasted that from your CLI did you intend to add the space in the word organizationalPerson ?

[smaj]

Nope, just type here. In CLI ldapsearh returns users from zimbra but the script returns nothing.

[uxbod]

So that single line ldapsearch works ? The post before said the awk line does not work ?