Results 1 to 4 of 4

Thread: Possibility for one privileged user to read all users inboxes

  1. #1
    moren is online now Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default Possibility for one privileged user to read all users inboxes

    Hi,

    Together with a external developer we are investigating the possibility to create a user in Zimbra with privileges to read *other* users inboxes.

    Example:

    1) One server/application authenticate to the Zimbra server with a "special-privileged-read-user".

    2) After this authentication this user can read any other given users inbox to show "You have X new mail" and maybe subject on the X last mails for that user.

    My question is if this is possible in a simple way without to much special "hacks" on the Zimbra side?

    Note: The external application do not have access to the users password, only the username.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by moren View Post
    Note: The external application do not have access to the users password, only the username.
    Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    moren is online now Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?
    No.

    I try to be more specific. We are developing a "student portal" where the university students can see relevant and personal information, like lecture rooms, lecture schedules, exam results and so on.

    The end user is logged in to this system but this system do not have the password (the login is done by shibboleth).

    To be able to show this user his (and only his) mail this system must be able to read this users inbox (and maybe later on his calender).

  4. #4
    moren is online now Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    I have now tested one scenario.

    Any comments on this? Are there another preferred way to accomplish this or is this "da shit" ?

    1) Generate a preauth key for the mail domain.
    (Preauth - Zimbra :: Wiki)

    2) Use this to generate a access URL, ie
    https://mail.example.com/service/preauth?account=someuser@example.com&by=name&times tamp=1217213685000&expires=0&preauth=186421eba7296 126ffc9c9212932af58ad25b245

    3) Use this URL to get cookie: ZM_AUTH_TOKEN

    4) Use this ZM_AUTH_TOKEN in REST access to get inbox (and possible calender stuff)
    ZCS 6.0:Zimbra REST API Reference - Zimbra :: Wiki

    Example, get unread mail:
    https://mail.example.com/home/someuser@example.com/inbox?fmt=xml&auth=qp&zauthtoken=$ZM_AUTH_TOKEN&qu ery=is:unread
    Last edited by moren; 06-23-2010 at 02:00 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  2. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  3. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM
  4. Another installation ldap problem
    By genesis in forum Installation
    Replies: 10
    Last Post: 12-24-2005, 07:02 AM
  5. Network edition - strange behavior
    By goetzi in forum Installation
    Replies: 6
    Last Post: 11-16-2005, 03:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •