Pada dasarnya, Zimbra tidak memiliki fitur notifikasi apabila password yang digunakan oleh user akan expire. Hal ini sangat penting sekali apabila admin Zimbra mengaktifkan fitur password age. Namun banyak sekali dari pengguna-pengguna Zimbra yang ingin adanya notifikasi password expire.
Untuk menggunakan fitur tersebut, kita dapat menggunakan script yang telah dibuat oleh Wuxmedia yang dapat dilihat di Github https://github.com/wuxmedia/Zimbra_passpoll/blob/master/passpoll.sh
Berikut adalah langkah-langkah untuk menggunakan script tersebut. Pada tutorial ini, versi Zimbra yang digunakan adalah versi 8.6.
Buat directory untuk menyimpan script. Lalu masuk ke directory tersebut.
1 2 |
mkdir /opt/zimbra/script cd /opt/zimbra/script |
Buat file dengan nama check-password-expire.sh. Lalu isi file tersebut dengan baris seperti berikut.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
#!/bin/bash # TDH 2015-04-27 # Messy script for zimbra password expiry email notification. # Meant to be performed as daily cronjob run as zimbra user. # redirect output to a file to get a 'log file' of sorts. # Time taken of script; echo "$SECONDS Started on: $(date)" # Set some vars: # First notification in days, then last warning: FIRST="7" LAST="3" # Sent from: FROM="admin@example.com" # Domain to check, e.g. 'example.com'; leave blank for all DOMAIN="" # Recipient who should receive an email with all expired accounts ADMIN_RECIPIENT="admin@example.com" # Sendmail executable SENDMAIL=$(ionice -c3 find /opt/zimbra/postfix* -type f -iname sendmail) # Get all users - it should run once only. USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa $DOMAIN) #Todays date, in seconds: DATE=$(date +%s) # Iterate through them in for loop: for USER in $USERS do # When was the password set? USERINFO=$(ionice -c3 /opt/zimbra/bin/zmprov ga "$USER") PASS_SET_DATE=$(echo "$USERINFO" | grep zimbraPasswordModifiedTime: | cut -d " " -f 2 | cut -c 1-8) PASS_MAX_AGE=$(echo "$USERINFO" | grep "zimbraPasswordMaxAge:" | cut -d " " -f 2) NAME=$(echo "$USERINFO" | grep givenName | cut -d " " -f 2) # Check if we have set the account to no-expire if [[ "$PASS_MAX_AGE" -eq "0" ]] then continue fi # Make the date for expiry from now. EXPIRES=$(date -d "$PASS_SET_DATE $PASS_MAX_AGE days" +%s) # Now, how many days until that? DEADLINE=$(( (($DATE - $EXPIRES)) / -86400 )) # Email to send to victims, ahem - users... SUBJECT="$NAME - Your Password will expire in $DEADLINE days" BODY=" Hi $NAME, Your account password will expire in $DEADLINE days, Please reset your password soon. You may also enter a zimbra calendar event to remind you. Thanks, Admin team " # Send it off depending on days, adding verbose statements for the 'log' # First warning if [[ "$DEADLINE" -eq "$FIRST" ]] then echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER" echo "Reminder email sent to: $USER - $DEADLINE days left" # Second elif [[ "$DEADLINE" -eq "$LAST" ]] then echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER" echo "Reminder email sent to: $USER - $DEADLINE days left" # Final elif [[ "$DEADLINE" -eq "1" ]] then echo "Subject: $SUBJECT" "$BODY" | $SENDMAIL -f "$FROM" "$USER" echo "Last chance for: $USER - $DEADLINE days left" # Check for Expired accounts, get last logon date add them to EXP_LIST2 every monday elif [[ "$DEADLINE" -lt "0" ]] && [ "$(date +%a)" = "Mon" ] then LASTDATE=$(echo "$USERINFO" | grep zimbraLastLogonTimestamp | cut -d " " -f 2 | cut -c 1-8) LOGON=$(date -d "$LASTDATE") EXP_LIST=$(echo "$USER's password has been expired for ${DEADLINE#-} day(s) now, last logon was $LOGON.") EXP_LIST2="$EXP_LIST2 \n $EXP_LIST" else # > /dev/null for less verbose logs and a list of users. echo "Account: $USER reports; $DEADLINE days on Password policy" fi # Finish for loop done echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" # Send off list using hardcoded email addresses. EXP_BODY=" Hello Admin team, List of expired passwords and their last recorded login date: $(echo -e "$EXP_LIST2") Regards, Support. " echo "Subject: List of accounts with expired passwords" "$EXP_BODY" | $SENDMAIL -f "$FROM" "$ADMIN_RECIPIENT" # Expired accts, for the log: echo -e "$EXP_LIST2" echo "finished in $SECONDS seconds" echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" |
Rubah permission atau hak akses dari script agar dapat dieksekusi.
1 2 |
chown zimbra.zimbra check-password-expire.sh chmod +x check-password-expire.sh |
Agar script tesebut berjalan otomatis setiap jam 8 pagi, maka script harus dimasukkan kedalam crontab zimbra.
1 |
0 8 * * * bash /opt/zimbra/script/check-expire-password.sh >/dev/null 2>&1 |
Bagi Kamu Yang Ingin Mendapatkan Penawaran Incident Support atau Local Support Untuk Perusahaan/Institusi Kamu Saat Ini. Silahkan klik dibawah ini dan tuliskan pesan di layanan chat yang tersedia
Thanks om artikel nya, mau tanya itu perintah crontabnya apkah dicek dan di jalankan setiap hari atau gak ya om, dan bagaimana cara cek crontab jalan atau tidaknya.
Terimakasih.
Hi Mas,
Crontab dijalankan setiap hari pada jam 8 pagi, dari script tersebut akan mengirimkan email jika password sudah masuk ke tenggat waktu untuk pergantian password.