zimbra notify password expired by bash script

-

Introduction

Zimbra Collaboration Suite (ZCS) is a popular open-source email platform that provides enterprise-level features for communication and collaboration. As an administrator, managing user accounts effectively is crucial, and one common challenge is handling expired passwords. Automating the notification process with a Bash script can save time, enhance user experience, and improve security. This article explores how to use a Bash script for notifying Zimbra users about password expiration

In this tutorial, we’ll cover how to remind users about password expiration on Zimbra. The Bash script adheres to a policy of 120 days for password expiration and notifies users in advance. We will create a script named zimbra_notify_change_pass.sh to automate this process.

Understanding Zimbra and Bash Scripts

What is Zimbra?

Zimbra is a powerful platform combining email, calendar, and collaboration tools into one suite. It’s known for its reliability and versatility, making it a go-to solution for businesses and organizations worldwide.

Why Use Bash Scripts?

Bash scripting offers a simple, effective way to automate repetitive tasks. For Zimbra administrators, a Bash script can:

  • Automate notifications for password expiration.

  • Reduce manual workload.

  • Minimize user disruption.

Setting Up the Zimbra Notify Password Expired Bash Script

Prerequisites

Before diving into the script setup, ensure you have:

  1. Access to the Zimbra server with administrative rights.

  2. Basic understanding of Bash scripting.

  3. The Zimbra CLI and tools installed.

Script Overview

The Bash script reads Zimbra’s LDAP directory to identify users with expired passwords and sends automated email notifications. Here’s a simplified structure:

  1. Connect to Zimbra LDAP: Extract user data.

  2. Identify Expired Passwords: Filter accounts with upcoming or overdue expirations.

  3. Send Notifications: Email users to update their passwords.

Step-by-Step Guide

Step 1: Install Required Tools

Ensure you have the ldapsearch and sendmail utilities installed:

sudo apt-get install ldap-utils
sudo apt-get install sendmail

Step 2: Write the Script

Here’s an example script:

#!/bin/bash

# Bash scriptzimbra password expiry email notification.

# To be performed as daily cronjob run as zimbra USER.


######################### Set environment #########################

# Todays date, in seconds:

DATE=$(date +%s)

# Set some vars:

# First notification in days, then last warning:

FIRST="7"

LAST="3"

# Pass expiry in days

POLICY="120"

# Sent from:

FROM="admin@mail.huuphan.com"

# Get all _USERs - it should run once only.

_USERS=$(/opt/zimbra/bin/zmprov -l gaa | egrep -v "spam|ham|virus-quarantine|galsync");


# Zimbra password variable

ZIMBRA_LDAP_PASSWORD=$(su - zimbra -c "zmlocalconfig -s zimbra_ldap_password | cut -d ' ' -f3")

# Zimbra LDAP Master URL variable

LDAP_MASTER_URL=$(su - zimbra -c "zmlocalconfig -s ldap_master_url | cut -d ' ' -f3")

# Zimbra command search

LDAPSEARCH=$(ionice -c3 find /opt/zimbra/ -type f -iname ldapsearch)


# Sendmail executable

SENDMAIL=$(ionice -c3 find /opt/zimbra/ -type f -iname sendmail)


# Time taken of script

echo "$SECONDS Started on: $(date)"


######################### End Set environment #########################


# For loop:

for _USER in $_USERS

do


        # When was the password set?

        OBJECT="(&(objectClass=zimbraAccount)(mail=$_USER))"

    # Domain to check, e.g., 'example.com'; huupv@mail.huuphan.com then domain mail.huuphan.com

        DOMAIN=$(echo $_USER | cut -d "@" -f 2)

    # Zimbra password set date variable

    PASS_SET_DATE=`$LDAPSEARCH -H $LDAP_MASTER_URL -w $ZIMBRA_LDAP_PASSWORD -D uid=zimbra,cn=admins,cn=zimbra -x $OBJECT | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8`


    # Date for expiry from now.

    EXPIRES=$(date -d  "$PASS_SET_DATE $POLICY days" +%s)

    # Now, how many days until that?

    DEADLINE=$(( ($DATE - $EXPIRES) / -86400 ))


    # Email to send to users

    SUBJECT="$_USER - Password email expired $DEADLINE more days"

    BODY="

Dear $_USER,


Notified that your Email password will expire in $DEADLINE days. Please change your Email password immediately via Web Mail:


  - Access: https://$DOMAIN


How to change your Email password:


1. Login to Web Mail according to the address above

2. Select the Preferences tab

3. On the General | menu Sign in. click the Change Password button

4. Enter your old password, new password & confirm your new password

5. Click the Change password button to replace it


Email account password consists of at least 8 characters, with a combination of alphanumeric (uppercase, lowercase letters, numbers) and symbols (! @ # $, Etc.).


If you have questions about how to change your Email password, please contact the Team support



Thank you,

Admin

"

    # Send it off depending on days, adding verbose statements for the 'log'

    # First warning

    if [[ "$DEADLINE" -eq "$FIRST" ]]

           then

            echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$_USER"

            echo "Reminder email sent to: $_USER - $DEADLINE days left"

    # Second

    elif [[ "$DEADLINE" -eq "$LAST" ]]

           then

            echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$_USER"

            echo "Reminder email sent to: $_USER - $DEADLINE days left"

    # Final

    elif [[ "$DEADLINE" -eq "1" ]]

           then

                echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$_USER"

            echo "Last chance for: $_USER - $DEADLINE days left"


    else


            echo "Account: $_USER reports; $DEADLINE days on Password policy"

    fi


# Finish for loop

done



Running zimbra notify password expired by bash script

[root@mail ~]# chmod +x zimbra_notify_change_pass.sh
[root@mail ~]# bash zimbra_notify_change_pass.sh

The display picture as below

Step 3: Test the Script

Run the script manually to verify its functionality:

bash zimbra_notify_change_pass.sh

Step 4: Automate with Cron

Schedule the script to run daily using cron:

crontab -e

Add the following line:

0 8 * * * /path/to/zimbra_notify_change_pass.sh

Advanced Use Cases

Customizing Notification Messages

Personalize email notifications by including:

  • User’s name.

  • Exact expiration date.

  • Instructions for password reset.

Integrating with Slack or Teams

Notify users via Slack or Microsoft Teams by adding APIs or webhook integrations.

Reporting

Generate reports on expiring passwords for administrators to monitor user compliance.

FAQ

What is the benefit of automating password expiration notifications?

Automation reduces administrative effort, ensures timely communication, and minimizes security risks by encouraging users to update passwords promptly.

Can I customize the script for other LDAP systems?

Yes, the script can be modified for other LDAP-compliant systems by adjusting the ldapsearch queries and connection parameters.

Is it safe to store LDAP credentials in the script?

For enhanced security, store credentials in an environment file and source it in the script. Use file permissions to restrict access.

zimbra notify password expired by bash script


External Resources

Conclusion

Managing password expiration notifications is a crucial aspect of maintaining a secure and user-friendly Zimbra environment. By leveraging a Bash script, administrators can streamline this process, ensuring users are informed proactively. With the steps outlined in this guide, you’ll enhance your server management efficiency and provide a better experience for your users. Start implementing this solution today and stay ahead in managing your Zimbra server. Thank you for reading the huuphan.com page!

Comments

  1. Ritesh YeoleOctober 6, 2020 at 8:31 PM

    Hi,
    everything works well except the admin account doesn’t receive expired account information. any suggestion?
    Thanks,
    Ritz

    ReplyDelete
  2. UnknownSeptember 22, 2022 at 6:22 PM

    Hi Team,

    I got this below error while running the above script,

    ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
    Account: myuser@mpradeep.cf reports; 120 days on Password policy

    ReplyDelete

Post a Comment

Popular posts from this blog

zimbra some services are not running [Solve problem]

-
Introduction How to solved zimbra some services are not running. That after, to installed zimbra mail server. The display a some admin console status red in environment multiple server ( zimbra ldap, zimbra mailbox, zimbra mta etc.). Link to below you maybe likes: How to install and configure zimbra multi server.   How to restrict to user sending mail on zimbra 8.6. How to Restrict Sending to Distribution list in zimbra mail. How to change last login time for all accounts in zimbra ldap. How to zimbra reject authenticated sender login mismatch. Error zimbra some services are not running as bellow Step by step guide the solve problem zimbra some services are not running To restart and enable cron service the permanently. service crond restart chkconfig crond on Opening rsyslog.conf file and uncomment the following. vim /etc/rsyslog.conf Uncomment these two lines $modload imupd $UDPServerRun514   To restart and enable rsyslog service the permanently. servic...
Read more

How to Install Python 3.13

-
Introduction Python 3.13, the latest version of the Python programming language, comes with several performance enhancements, improved syntax, and more powerful libraries. Whether you're a beginner or an experienced developer, installing the latest version is crucial for taking full advantage of these features. This deep guide will cover the installation process on Windows, macOS, and Linux, followed by advanced configuration tips for an optimal Python environment. In this tutorial, you'll also learn how to set up virtual environments, manage dependencies, and handle multiple Python versions efficiently. Let’s explore the full how to install Python 3.13 journey across different operating systems and dive into more advanced topics. Why Upgrade to Python 3.13? Before diving into the installation, it’s worth highlighting the key improvements and features that come with Python 3.13: Asynchronous Performance : Enhanced performance for asynchronous operations and networking. Syntax ...
Read more

Bash script list all IP addresses connected to Server with Country Information

-
Introduction This script is designed to list all IP addresses connected to your server, retrieve geographical information for each IP using ipinfo.io , and display the results in a clean format. This guide will walk you through the script, explaining each part in detail, and ensuring you understand how to implement and use it effectively. What is Bash? Bash (Bourne Again Shell) is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. It has since become the default login shell for most Linux distributions. Bash can execute commands, read and execute commands from a file, and provide constructs for condition testing, looping, and functions. Prerequisites A Linux -based server with administrative privileges. Internet connection for accessing ipinfo.io . Basic knowledge of Bash scripting. List all IP addresses connected to Server us Bash Script Running to bash script list all IP addresses connected to Server ./stu...
Read more