Product SiteDocumentation Site

8.2. Users

By default the DB plugin will be used as user management plugin. Below will be described how to manage users with the zarafa-admin command. For user management with the LDAP user plugin, please see Section 8.4, “User Management with LDAP or Active Directory”.
At the moment ZCP doesn’t provide a graphical user management interface.

8.2.1. Creating users with DB plugin

To create a new user, use the following command:
/usr/bin/zarafa-admin -c <user name> -p <password> \
       -e <email> -f <full name> -a <administrator>
The fields between <> should be filled in as follows:
  • User name: The name of the user. With this name the user will log on to the store.
  • Password: The password in plain text. The password will be stored encrypted in the database.
  • Email: The email address of the user. Often this is <user name>@<email domain>.
  • Full name: The full name of the user. Because the full name will contain space characters, and maybe other non-alphanumeric characters, the name should be entered with qoutes ('').
  • Administrator: This value should be 0 or 1. When a user is administrator, the user will be allowed to open all Zarafa stores of any user. It is also possible to pass 2 as administrator level, this will make the user a system administrator who can create/modify/delete companies.
All fields except the email address are case sensitive.
The password can also be set using the -P switch. The password is then not given at the command prompt, but asked for by the zarafa-admin tool. The password is not echoed on the screen, and needs to be typed twice for verification.

8.2.2. Non-active users

A non-active user cannot login to ZCP, but email can be delivered to this user, and the store can be opened by users with correct permissions. Non-active users can especially used for functional mailboxes, resources and rooms.
To create a non-active user, use the following command:
zarafa-admin -c <user name> -P -e <email> -f <full name> -n 1
In the Unix Plugin, users with a special shell (default /bin/false) are non-active users.


In ZCP version 6.30 and earlier it’s not possible to switch an active user to non-active and vice versa. Switching the non-active value will trigger a mailbox deletion.

8.2.3. Updating user information with DB plugin ===

The same zarafa-admin tool can be used to update the stores and user information. Use the following command to update:
/usr/bin/zarafa-admin -u <user name> [-U <new user name>] \
       [-p <new password>] [-e <email>] \
       [-f <full name>] [-a <0|1>]
All the changes are optional. For example, only the password for an existing user may be updated, leaving the other user information the same as it was.

8.2.4. Deleting users with DB plugin

To delete a user from the server, use the following command:
/usr/bin/zarafa-admin -d <user name>
The user will be deleted from the database. However, the store will be kept in the database, but is not accessible.


In ZCP 6.30.6 and earlier versions, the store of the user will be moved to the “Deleted Stores” folder in the public store. This folder is only available for administrative users. Administrators can browse the folders or delete the deleted stores completely by removing the corresponding folder from the “Deleted stores” folder. This is relevant for all user plugins.
Use the following command to retrieve a list of stores without a user, and users without a store:
/usr/bin/zarafa-admin --list-orphans
It can be decided to remove the store from the database or hook the store to another user to be able to access it once again. To remove the store from the database, an action which is irreversible, use the following command:
/usr/bin/zarafa-admin --remove-store <store-guid>
To hook the store to another user, use the following command:
/usr/bin/zarafa-admin --hook-store <store-guid> -u <user>
The user given with the -u option will now have the new store attached to it. Re-login with the webaccess, or create a new profile in Outlook to be able to access the store.


When a store is hooked to a user that already has a store attached to it, the original store will be orphaned. This original store can be found using the list-orphans options of the zarafa-admin command.

8.2.5. Configuring ‘Send as’ permissions

ZCP supports two kinds of send delegation:
Send on Behalf permissions
If a user grants the appropriate permission to another user, the latter can send items ‘on behalf of’ the other user. In this case an email or meeting request will be sent with the following “from” field: <delegate> on behalf of <user>. This setting can only be set from the WebAccess or Outlook client.
Send As permissions
If the system administrator gives the rights to user B to ‘send as’ user A, the receiver of an email will not see that user B sent an email. The receiver will only see user A in the “from” field
Before version 6.20, a user could use only the send on behalf of permissions. This meant letting a user send an email ‘on behalf of' another user from inside the inbox of the other user. It was always possible to see who sent the email. For example: Pete enters the inbox of `info' and sends an email as the non-active user `info', ``[email protected] on behalf of [email protected].com’' would be displayed.
Since 6.20 it is possible to send emails as other users without the ‘on behalf of’ part. Due to security reasons the new ‘send as’ permission is only configurable by the administrator on the server side. This setting can always be overruled by the user itself and the old ‘on behalf of’ permission can still be set by the user. See the user manual on how to set the user based ‘on behalf of’ delegation and/or overruling of the admin based ‘send as’ delegation.
Setting up delegation via zarafa-admin is only applicable with the DB or UNIX plugin. For setting up LDAP or Active Directory see Section 8.4, “User Management with LDAP or Active Directory”.
Add a user to the list of the delegate being updated as a ‘send as’ user. The delegate can now send mails as the updated users' name, unless the updated user set the delegate as a user based delegate. This option is only valid with the -u update action.
zarafa-admin -u <delegate> --add-sendas <user>
Remove a user from the list of the delegate being updated as a ‘send as’ user. This option is only valid with the -u update action.
zarafa-admin -u <delegate> --del-sendas <user>
List all users who are in the list of the delegate.
zarafa-admin --list-sendas <delegate>


All previous settings concerning delegation have to be reconfigured when upgrading to 6.2x or later. Unfortunately a reset of these settings is needed in order to have this additional functionality available.