Whenever I am in a recovery (or maintenance) situation, one of my first tasks is to lock all accounts.

zmprov -l gaa | awk '{ print "ma"" "$1" ""zimbraAccountStatus locked" }' >> /tmp/usersLocked; zmprov -l < /tmp/usersLocked

But WHY?
One of the biggest reasons, at least for me, is if I have to move aside the mysql data, and if the accounts are not locked, and if the user authenticates into their account, they could potentially get assigned a new mailbox_id, and this would NOT be good. Preventing users from authenticating minimizes risk; especially if you have to start up a new mysql instance.

To Unlock
You can do:

zmprov -l gaa | awk '{ print "ma"" "$1" ""zimbraAccountStatus active" }' >> /tmp/usersUnlock; zmprov -l < /tmp/usersUnlock


perl -p -i -e 's/zimbraAccountStatus locked/zimbraAccountStatus active/g' /tmp/usersLocked

More articles written by me,

Jump to: navigation, search