Possibility for one privileged user to read all users inboxes

**moren** · 06-22-2010, 01:09 AM

Hi,

Together with a external developer we are investigating the possibility to create a user in Zimbra with privileges to read *other* users inboxes.

Example:

1) One server/application authenticate to the Zimbra server with a "special-privileged-read-user".

2) After this authentication this user can read any other given users inbox to show "You have X new mail" and maybe subject on the X last mails for that user.

My question is if this is possible in a simple way without to much special "hacks" on the Zimbra side?

Note: The external application do not have access to the users password, only the username.

**phoenix** · 06-22-2010, 01:16 AM

Originally Posted by moren

Note: The external application do not have access to the users password, only the username.

Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?

**moren** · 06-22-2010, 01:43 AM

Originally Posted by phoenix

Wouldn't that violate security and privacy regulations or, at the very least, company regulations about confidentiality?

No.

I try to be more specific. We are developing a "student portal" where the university students can see relevant and personal information, like lecture rooms, lecture schedules, exam results and so on.

The end user is logged in to this system but this system do not have the password (the login is done by shibboleth).

To be able to show this user his (and only his) mail this system must be able to read this users inbox (and maybe later on his calender).

**moren** · 06-23-2010, 01:54 AM

I have now tested one scenario.

Any comments on this? Are there another preferred way to accomplish this or is this "da shit" ?

1) Generate a preauth key for the mail domain.
(Preauth - Zimbra :: Wiki)

2) Use this to generate a access URL, ie
https://mail.example.com/service/preauth?account=someuser@example.com&by=name&times tamp=1217213685000&expires=0&preauth=186421eba7296 126ffc9c9212932af58ad25b245

3) Use this URL to get cookie: ZM_AUTH_TOKEN

4) Use this ZM_AUTH_TOKEN in REST access to get inbox (and possible calender stuff)
ZCS 6.0:Zimbra REST API Reference - Zimbra :: Wiki

Example, get unread mail:
https://mail.example.com/home/someuser@example.com/inbox?fmt=xml&auth=qp&zauthtoken=$ZM_AUTH_TOKEN&qu ery=is:unread

Zimbra

Thread: Possibility for one privileged user to read all users inboxes

LinkBack

Thread Tools

Search Thread

Display

Possibility for one privileged user to read all users inboxes

Thread Information

Users Browsing this Thread

Similar Threads

Zimbra Install Problem - getDirectContext

Getting problems in FC4 while instalation

Fedora Core 3, Clean Install - Not working!

Another installation ldap problem

Network edition - strange behavior

Posting Permissions