Ajcody-User-Management-Topics: Difference between revisions
| Line 11: | Line 11: | ||
==Resetting A User's Account From CLI== | ==Resetting A User's Account From CLI== | ||
===Standard Method=== | ===Resetting A Password=== | ||
====Standard Method==== | |||
SetPassword [sp] from zmprov: | SetPassword [sp] from zmprov: | ||
zmprov sp joe@domain.com test321 | zmprov sp joe@domain.com test321 | ||
===Resetting Users Auth Session - Force Disconnect=== | |||
====Prior To 605 - Use CLI==== | |||
Change the zimbraAuthTokenValidityValue to a small time value: | |||
su - zimbra | |||
zmprov ma <accountname> zimbraAuthTokenValidityValue 1 <- Setting it to one minute. | |||
zmprov fc account <accountname> | |||
This value gets stored in the auth token and compared on every request. Changing it will invalidate all outstanding auth tokens. | |||
====6.0.5+ You Have Admin Console Option==== | |||
In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions". | |||
==User , Mailbox ID's, And Who Is What== | ==User , Mailbox ID's, And Who Is What== | ||
Revision as of 16:46, 26 February 2010
 - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information.
|
User Management Topics
Actual User Management Topics Homepage
Please see Ajcody-User-Management-Topics
Resetting A User's Account From CLI
Resetting A Password
Standard Method
SetPassword [sp] from zmprov:
zmprov sp joe@domain.com test321
Resetting Users Auth Session - Force Disconnect
Prior To 605 - Use CLI
Change the zimbraAuthTokenValidityValue to a small time value:
su - zimbra zmprov ma <accountname> zimbraAuthTokenValidityValue 1 <- Setting it to one minute. zmprov fc account <accountname>
This value gets stored in the auth token and compared on every request. Changing it will invalidate all outstanding auth tokens.
6.0.5+ You Have Admin Console Option
In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions".
User , Mailbox ID's, And Who Is What
ZimbraID [UserID] is system wide.
MailboxID is per server store.
To get the ZimbraID:
$ zmprov ga user@domain.com | grep -i zimbraid zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4 zimbraIdentityMaxNumEntries: 20
To get the MailboxID, get on the appropriate mailserver and:
zmprov gmi user@domain.com mailboxId: 3 quotaUsed: 251512
or globally:
/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"
Other details can be found here:
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
Account & Domain Summary
Run zmaccts
Here's what it would return:
su - zimbra
[zimbra@mail3 ~]$ zmaccts
account status created last logon
------------------------------------ ----------- --------------- ---------------
admin@mail3.internal.domain.com active 05/06/08 18:46 07/08/08 09:56
ajcody@mail3.internal.domain.com active 05/06/08 20:43 06/23/08 15:48
ajcody2@mail3.internal.domain.com active 05/28/08 11:48 06/30/08 17:44
forward@mail3.internal.domain.com active 05/06/08 21:06 05/29/08 17:24
ham.bidiob2mm@mail3.internal.domain.com active 05/06/08 18:47 never
spam.rormmtcyy@mail3.internal.domain.com active 05/06/08 18:47 never
wiki@mail3.internal.domain.com active 05/06/08 18:46 never
account status created last logon
------------------------------------ ----------- --------------- ---------------
secondary@secondary.internal.domain.com active 06/23/08 15:26 06/23/08 15:27
wiki@secondary.internal.domain.com active 06/23/08 15:25 never
-
domain summary
-
domain active closed locked maintenance total
----------------------- -------- -------- -------- ------------- --------
mail3.internal.domain 7 0 0 0 7
secondary.internal.domain 2 0 0 0 2
Last Logon comes from the variable zimbraLastLogonTimestamp . This is used to update the "Last Login Time" column in the admin web console as well. It also shows up with [ zmprov ga user@domain ]. Login's based upon session type would only be found in either audit.log or the mailbox.log files. It should have a reference to the user id and the session type for the login [ pop, imap, etc. ].
RFE To Expand zmaccts Output And Options
Please see the following RFE I made:
- "zmaccts to include more options"
Zmmailbox Stuff
RFE's And Bugs To Review
Please see these two RFE's:
- "Admin (zimbra) account to be able to setup resources for accounts (auto-acceptance)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=25740
- Was marked a dup of the work being done for bug7473
- "Share management and discovery"
Some other's to look at:
- "Expand permission share model"
- "Allow/disallow sharing to all authenticated users via user interface"
- "Calendar Share permission refinement - ability to accept/decline but NOT edit/remove"
- "Revoked view permissions not removed until after logout"
- "RFE - Ability for anyone (not just people with a share) to view some meeting details of resources"
- "After revoking calendar permissions, the web UI still shows the share still exists."
- "Cannot remove sharing permissions for mail folders"
- "Allow non-user "public" folders"
- "share ownership to disti-group -- not just end-user -- delegation (folder, calendar, doc/wiki, task, project)"
- "Global Admin control for Zimbra shared resources (and subscription) -- folders, calendar, address book, task, project, documents"
- "share roles - custom (editor / author) levels"
- "Notification of shared resources for distribution list members"
To See All Folders For A User
Do the following for the user:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf
Id View Unread Msg Count Path
---------- ---- ---------- ---------- ----------
1 conv 0 0 /
16 docu 0 2 /Briefcase
10 appo 0 1 /Calendar
14 mess 0 0 /Chats
7 cont 0 0 /Contacts
6 mess 0 0 /Drafts
13 cont 0 9 /Emailed Contacts
2 mess 0 11 /Inbox
4 mess 0 0 /Junk
344 mess 0 0 /Junk E-mail
12 wiki 0 0 /Notebook
302 appo 0 0 /Restored
5 mess 0 15 /Sent
420 mess 0 0 /Share
421 mess 0 0 /Share/Share1
422 mess 0 0 /Share/Share1/Share1-1
423 mess 0 0 /Share/Share2
424 mess 0 0 /Share/Share2/Share2-1
15 task 0 2 /Tasks
3 conv 0 0 /Trash
Do the following for the user [ I'm cutting some of the output to keep it short ]:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf -v
{
"id": "1",
"name": "USER_ROOT",
"path": "/",
"parentId": "11",
"flags": null,
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "conversation",
"url": null,
"effectivePermissions": null,
"children": [
{
####
CUT HERE
####
{
"id": "5",
"name": "Sent",
"path": "/Sent",
"parentId": "1",
"flags": null,
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 15,
"view": "message",
"url": null,
"effectivePermissions": null
},
{
"id": "420",
"name": "Share",
"path": "/Share",
"parentId": "1",
"flags": "i",
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "message",
"url": null,
"effectivePermissions": null,
"grants": [
{
"type": "usr",
"name": "ajcody2@mail3.internal.domain.com",
"id": "88fd808e-a526-419d-9eda-ad50100d23b6",
"permissions": "rwidx",
"args": null
},
{
"type": "all",
"name": null,
"id": null,
"permissions": "rwx",
"args": null
}
],
"children": [
{
"id": "421",
"name": "Share1",
"path": "/Share/Share1",
"parentId": "420",
"flags": "i",
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "message",
"url": null,
"effectivePermissions": null,
"grants": [
{
"type": "usr",
"name": "ajcody2@mail3.internal.domain.com",
"id": "88fd808e-a526-419d-9eda-ad50100d23b6",
"permissions": "rwidx",
"args": null
},
{
"type": "usr",
"name": "admin@mail3.internal.domain.com",
"id": "5ab13330-2e9b-4a45-9b30-de2c70858265",
"permissions": "rwidx",
"args": null
}
],
"children": [
{
"id": "422",
"name": "Share1-1",
"path": "/Share/Share1/Share1-1",
"parentId": "421",
"flags": null,
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "message",
"url": null,
"effectivePermissions": null
}
]
},
{
"id": "423",
"name": "Share2",
"path": "/Share/Share2",
"parentId": "420",
"flags": null,
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "message",
"url": null,
"effectivePermissions": null,
"children": [
{
"id": "424",
"name": "Share2-1",
"path": "/Share/Share2/Share2-1",
"parentId": "423",
"flags": null,
"color": "defaultColor",
"unreadCount": 0,
"messageCount": 0,
"view": "message",
"url": null,
"effectivePermissions": null
}
###
CUT HERE
###
]
}
RFE I filed for zmmailbox to have options for this and "recursive".
- "zmmailbox folder should have option to remove ALL shares & recursive option"
Here's a script I wrote. Remove the echo statements to actually run the commands.
#!/bin/bash
USER="ajcody@mail3.internal.domain.com"
SHARE="/Shared"
GETPERM="zmmailbox -z -m $USER gfg $SHARE"
MODPERM="zmmailbox -z -m $USER mfg $SHARE"
DUMBPASS="34lkoso"
NEWPERM=none
$GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM
do
TYPE=`echo $SHAREPERM|awk '{print $1}'`
DISPLAY=`echo $SHAREPERM|awk '{print $2}'`
case $TYPE in
accoun) echo $MODPERM account $DISPLAY $NEWPERM
;;
guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM
;;
all) echo $MODPERM $TYPE $NEWPERM
;;
*) echo $MODPERM $SHAREPERM $NEWPERM
;;
esac
done
Ouput of an example:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared
Permissions Type Display
----------- ------ -------
r all
r guest ajcody@domain.com
r accoun admin@mail3.internal.domain.com
r group mydl@mail3.internal.domain.com
r domain mail3.internal.domain.com
[zimbra@mail3 ~]$ /tmp/remove-share.sh
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared all none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared guest ajcody@domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared account admin@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared group mydl@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared domain mail3.internal.domain.com none
I then removed the echo statements:
[zimbra@mail3 ~]$ vi /tmp/remove-share.sh [zimbra@mail3 ~]$ /tmp/remove-share.sh [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared Permissions Type Display ----------- ------ ------- [zimbra@mail3 ~]$
- I've yet to test these against all items (resources) listed in bug 25740 and work as expected.
To see current perms
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To modify perms:
- r = read
- w = write
- i = insert
- d = delete
- x = accept/decline invites
- a = administer
zmmailbox -z -m faxfinder@example.com mfg /Inbox account user@example.com rwidx
To confirm perms are set:
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To mount "folder" into a user account that was given permission:
zmmailbox -z -m user@example.com cm --view message "/Incoming_Faxes" faxfinder@example.com /Inbox
To confirm folder is mounted:
zmmailbox -z -m user@example.com gaf
Additions notes/options see:
zmmailbox help folder
For mfg it shows it can take the below as a target:
- account {name}
- group {name} *This could be a DL?*
- domain {name}
- all
- public
- guest
Scripting note to do this with multiple users:
- zmmailbox cm could use the zmprov gaa to provide a list of all accounts, this would include system & archive (if exist) accounts though.
How To Turn Off Sharing
You can enable / disable sharing from admin console:
- Admin console --> class of service --> select the CoS (eg default) --> features --> general features --> check/uncheck 'Sharing' option
Alternatively, this can be achieved by having the following CoS attribute either 'TRUE' or 'FALSE', from command line: zimbraFeatureSharingEnabled
Search For Messages And Then Delete Them
Here's some example to grab the message id's from a search and then put them in a variable to use for the delete command.
Other reference: King0770-Notes#Removing_Messages_with_Zmmailbox_based_on_the_Subject
First - Default Search Returns Only 25 Results
From zmmailbox [help search] & zmmailboxsearch
--limit (optional) -l Sets the limit for the number of results returned. The default is 25.
Example Search With To Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 4, more: false
Id Type From Subject Date
---- ---- -------------------- -------------------------------------------------- --------------
1. 269 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:57
2. 268 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:39
3. 266 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38
4. 263 mess Adam Re: test on 8-7-08 to zimbra account 08/07/08 11:37
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'
269,268,266,263,
[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 0, more: false
Example Search With From Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 8, more: false
Id Type From Subject Date
---- ---- -------------------- -------------------------------------------------- --------------
1. 464 mess Adam test 3 10/02/08 11:43
2. 463 mess Adam test 2 10/02/08 11:43
3. 462 mess Adam test 1 10/02/08 11:43
4. 461 mess Adam test 09/29/08 16:18
5. 460 mess Adam test for mailbox log 09/29/08 16:17
6. 265 mess Adam 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38
7. 261 mess Adam test on 8-7-08 to zimbra account 08/07/08 11:36
8. 257 mess Adam test from zimbra on 8-7-08 08/07/08 11:27
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'
464,463,462,461,460,265,261,257,
[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`
[zimbra@mail3 ~]$ echo $message
464,463,462,461,460,265,261,257,
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 0, more: false
[zimbra@mail3 ~]$
Export & Import Of Users Data In TGZ Format
Please see Ajcody-Migration-Notes#ZCS_User_to_Another_ZCS_Server_-_With_Rest_.26_TGZ
Seeing What & Where Of A Message ID
If your need to figure out what the actual email/message is from a logging event.
For example, log shows:
2009-03-03 22:04:58,969 INFO [btpool0-5532] [name=USER@DOMAIN.com;mid=8;ip=10.0.0.1;ua=ZimbraWebClient - IE6 (Win)/5.0.11_GA_2695.UBUNTU8_64;] mailop - moving Message (id=10955) to Folder Trash (id=3)
To see the details of the message, do the following:
zmmailbox -z -m USER@DOMAIN gm 10955 Id: 10955 Conversation-Id: 11155 Folder: /Trash Subject: FW: How are you doing? From: User External <USER@DOMAIN.com> To: <USER@DOMAIN.com> ...etc...
Managing Legal Requests for Information
Description:
- The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
Please see:
Persona, Identities, Send As, Send On Behalf Of Issues
CLI Commands To Manage Persona, Identities, External Account
The following should provide you with the necessary commands to manage these user configurations:
zmprov help command| egrep -i 'data|identity'
createDataSource(cds) {name@domain} {ds-type} {ds-name} [attr1 value1 [attr2 value2...]]
createIdentity(cid) {name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
deleteDataSource(dds) {name@domain|id} {ds-name|ds-id}
deleteIdentity(did) {name@domain|id} {identity-name}
getDataSources(gds) {name@domain|id} [arg1 [arg2...]]
modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]]
modifyIdentity(mid) {name@domain|id} {identity-name} [attr1 value1 [attr2 value2...]]
Bugs And RFE's To Look At
- "support sendAs right on server (as opposed to on-behalf-of)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "Composer should allow user to send message as self if replying on-behalf-of"
- "Implement "sendAs" rights for user accounts"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "send on behalf of for delegate access for ZWC"
- "save copy of send-as message to sent-as user's Sent folder"
- "reply to message in shared subfolder doesn't follow typical on behalf of behavior"
Sieve Rules
Administrating Rules For Users - CLI
Please see King0770-Notes-Sieve_Rules_By_Proxy
