Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Welcoming script

  1. #1
    lisasali is offline Starter Member
    Join Date
    Mar 2011
    Posts
    1
    Rep Power
    4

    Default Welcoming script

    Can zimbra generate an automatic welcoming screen to all its firts time users when they log in??
    Just like other mailing system i think it is very important.

    lisa

  2. #2
    metux is offline Loyal Member
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    Quote Originally Posted by lisasali View Post
    Can zimbra generate an automatic welcoming screen to all its firts time users when they log in??
    We've already done this by a zimlet.

    It's yet a bit hackish as it stores the data in the mailboxd node's local mysql database,
    we probably should use LDAP instead. But it works quite well, eg. in a big international
    bank.

  3. #3
    tdesorbaix is offline Zimlet Guru & Moderator
    Join Date
    Apr 2007
    Location
    Paris, France
    Posts
    367
    Rep Power
    8

    Default

    Here is a simple example zimlet creating a welcome message that show up only the first time the user log in.

    This use a zimlet user properties (stored in LDAP) to check if this is the first time the user log in.
    Attached Files Attached Files
    Last edited by tdesorbaix; 03-19-2012 at 10:21 AM.

  4. #4
    metux is offline Loyal Member
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    Quote Originally Posted by tdesorbaix View Post
    Here is a simple example zimlet creating a welcome message that show up only the first time the user log in :
    Attachment 4988

    This use a zimlet user properties (stored in LDAP) to check if this is the first time the user log in.
    Are you sure, these properties you set on *client* side with the
    this.setUserProperty(...)
    call are really written back to LDAP ?

    I really doubt it, as it would be a big security hole.

  5. #5
    tdesorbaix is offline Zimlet Guru & Moderator
    Join Date
    Apr 2007
    Location
    Paris, France
    Posts
    367
    Rep Power
    8

    Default

    If you have doubts, then just use an ldap explorer software and check your ldap.

    The user preferences, including zimlets user preferences are in your LDAP.

    Why do you think this is a big security hole?

  6. #6
    metux is offline Loyal Member
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    Quote Originally Posted by tdesorbaix View Post
    The user preferences, including zimlets user preferences are in your LDAP.
    The question isn't whether they are store in LDAP, but whether the frontend
    javascript code can simply overwrite them.

    Why do you think this is a big security hole?
    Because the user then can arbitrarily change them at will.

  7. #7
    metux is offline Loyal Member
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    By the way: did you already confirm that they're actually written back to LDAP when changing them this way ?

  8. #8
    tdesorbaix is offline Zimlet Guru & Moderator
    Join Date
    Apr 2007
    Location
    Paris, France
    Posts
    367
    Rep Power
    8

    Default

    Of course the user can change them, since this is user preferences.

    Also, you don't even need the javascript frontend.
    The changes are made by a soap request (called by the javascript).
    So you just need to make the correct soap request.

    And yes, I confirm that this overwrite the values in ldap.

  9. #9
    metux is offline Loyal Member
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    Quote Originally Posted by tdesorbaix View Post
    Of course the user can change them, since this is user preferences.
    Oh, that really *has* security impact in certain environments (not an unusual
    customer requirement in our projects) users should not be allowed to change
    certain user properties.

    Do you know which things are stored there ?

  10. #10
    tdesorbaix is offline Zimlet Guru & Moderator
    Join Date
    Apr 2007
    Location
    Paris, France
    Posts
    367
    Rep Power
    8

    Default

    It's not like the user can modify everything in the LDAP.
    I use the word preferences instead of properties on purpose.

    The values the user can modify are the values corresponding to the preferences you can find in the User Web Client preferences tab, and the zimlets user preferences.

    As example, there is a user property to enable/disable the Calendar feature, but it can't be changed by the user, only the admins can change it.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 658
    Last Post: 04-04-2014, 09:01 AM
  2. Zimbra Backup Script ... Small Problem
    By frankb in forum Administrators
    Replies: 12
    Last Post: 07-14-2008, 08:40 AM
  3. Backup script issues
    By SSS in forum Administrators
    Replies: 18
    Last Post: 12-03-2007, 09:56 AM
  4. Replies: 3
    Last Post: 10-01-2007, 10:54 PM
  5. Warning: Unresponsive script
    By yetdog in forum Administrators
    Replies: 5
    Last Post: 04-03-2006, 12:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •