Bulk password reset Zimbra Open Source Edition

Bulk password reset Zimbra Open Source Edition

So you ran into the same problem i had, you needed to reset multiple passwords for a domain running on Zimbra. This could be due to a migration, or a change in the password policy for the customer.
This can’t be done from the Webinterface from Zimbra, but instead must be done from the CLI.

I found a script a while ago, i can’t remember the source (sorry about that original author) but i’d thought i’d share it anyway since i saved me a ton of time.
Create a new file vi /opt/scripts/changepassword.sh

Add the following code:

#!/bin/bash
clear
USERS=`su - zimbra -c 'zmprov -l gaa example.com'`;
for ACCOUNT in $USERS; do
ACC1=`echo $ACCOUNT | awk -F@ '{print $1}'`;
ACC=`echo $ACC1 | cut -d '.' -f1`;
if [ $ACC == "admin" ] || [ $ACC == "wiki" ] || [ $ACC == "galsync" ] || [ $ACC == "ham" ] || [ $ACC == "tuserzimbra" ] || [ $ACC == "spam" ]; then
echo "Skipping system account, $NAME...";
else
echo "Modifying $ACCOUNT password...";
su - zimbra -c "zmprov sp $ACCOUNT Password";
su - zimbra -c "zmprov ma $ACCOUNT zimbraPasswordMustChange FALSE";
echo 'Done!'
echo ''
# read anykey
fi
done
echo 'Modifying password for all user has been finished successfully'

As you can see in the exampe, it looks a bit terrifying for a non-cli user but it isn’t that difficult.
Let’s take a look at the code, and what you should adjust to make it work for your domain.

USERS=`su - zimbra -c 'zmprov -l gaa example.com'`;

So the code above is needed to specify the domain you want to modify the password for. You need to edit example.com to your domain, e.g. inpimation.com

You might not want to edit all passwords, for example your own account, some service accounts maybe? This part comes in handy:

if [ $ACC == "admin" ] || [ $ACC == "wiki" ] || [ $ACC == "galsync" ] || [ $ACC == "ham" ] || [ $ACC == "tuserzimbra" ] || [ $ACC == "spam" ]; then
echo "Skipping system account, $NAME...";

As you can see the password for Admin,wiki,galsync,ham,tuserzimbra and spam won’t be reset. If you need more, or don’t have a tuserzimbra account remove it, or add more.

The actual password that is going to be set:

su - zimbra -c "zmprov sp $ACCOUNT Password";

I highly advice that you use a strong generated password.

The last part you need to edit:

su - zimbra -c "zmprov ma $ACCOUNT zimbraPasswordMustChange FALSE";

If this is set to “FALSE” the user doesn’t need to change the password after the first login. Regarding security i also recommend setting this value to “TRUE”.

If you’ve edited the code, and are ready to run the code, mine looks like:

#!/bin/bash
clear
USERS=`su - zimbra -c 'zmprov -l gaa inpimation.com'`;
for ACCOUNT in $USERS; do
ACC1=`echo $ACCOUNT | awk -F@ '{print $1}'`;
ACC=`echo $ACC1 | cut -d '.' -f1`;
if [ $ACC == "admin" ] || [ $ACC == "wiki" ] || [ $ACC == "galsync" ] || [ $ACC == "ham" ] || [ $ACC == "tuserzimbra" ] || [ $ACC == "spam" ]; then
echo "Skipping system account, $NAME...";
else
echo "Modifying $ACCOUNT password...";
su - zimbra -c "zmprov sp $ACCOUNT kJaHgf5sjh";
su - zimbra -c "zmprov ma $ACCOUNT zimbraPasswordMustChange TRUE";
echo 'Done!'
echo ''
# read anykey
fi
done
echo 'Modifying password for all user has been finished successfully'

Now it’s time to save the code and make the script executable.
chmod +x /opt/scripts/changepassword.sh

After running the script all the password for the domain inpimation.com will be reset.

Leave a comment

Your email address will not be published. Required fields are marked *