Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Possibility for one privileged user to read all users inboxes

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-22-2010, 01:09 AM
Trained Alumni
  
Posts: 25
Default Possibility for one privileged user to read all users inboxes
Hi,

Together with a external developer we are investigating the possibility to create a user in Zimbra with privileges to read *other* users inboxes.

Example:

1) One server/application authenticate to the Zimbra server with a "special-privileged-read-user".

2) After this authentication this user can read any other given users inbox to show "You have X new mail" and maybe subject on the X last mails for that user.

My question is if this is possible in a simple way without to much special "hacks" on the Zimbra side?

Note: The external application do not have access to the users password, only the username.
Reply With Quote
  #2 (permalink)  
Old 06-22-2010, 01:16 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Quote:
Originally Posted by moren View Post
Note: The external application do not have access to the users password, only the username.
Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 06-22-2010, 01:43 AM
Trained Alumni
  
Posts: 25
Default
Quote:
Originally Posted by phoenix View Post
Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?
No.

I try to be more specific. We are developing a "student portal" where the university students can see relevant and personal information, like lecture rooms, lecture schedules, exam results and so on.

The end user is logged in to this system but this system do not have the password (the login is done by shibboleth).

To be able to show this user his (and only his) mail this system must be able to read this users inbox (and maybe later on his calender).
Reply With Quote
  #4 (permalink)  
Old 06-23-2010, 01:54 AM
Trained Alumni
  
Posts: 25
Default
I have now tested one scenario.

Any comments on this? Are there another preferred way to accomplish this or is this "da shit" ?

1) Generate a preauth key for the mail domain.
(Preauth - Zimbra :: Wiki)

2) Use this to generate a access URL, ie
https://mail.example.com/service/preauth?account=someuser@example.com&by=name&times tamp=1217213685000&expires=0&preauth=186421eba7296 126ffc9c9212932af58ad25b245

3) Use this URL to get cookie: ZM_AUTH_TOKEN

4) Use this ZM_AUTH_TOKEN in REST access to get inbox (and possible calender stuff)
ZCS 6.0:Zimbra REST API Reference - Zimbra :: Wiki

Example, get unread mail:
https://mail.example.com/home/someuser@example.com/inbox?fmt=xml&auth=qp&zauthtoken=$ZM_AUTH_TOKEN&qu ery=is:unread
Last edited by moren; 06-23-2010 at 02:00 AM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.