[Freeipa-devel] Include proposal to contrib (expired user accounts query tool)
Dmitri Pal
dpal at redhat.com
Thu Nov 14 19:06:22 UTC 2013
On 11/14/2013 12:08 PM, Antti Peltonen wrote:
> Hi all,
>
> I have created the
> following https://bitbucket.org/bcow/freeipa-expired-user-accounts-query
> tool to mitigate a situation when users in directory never login to
> servers and therefore do not receive alerts about expiring passwords.
> My tool can be used to query the LDAP directory and list users that
> have expired passwords and/or users with passwords about to expire in
> given amount of days. External script can then be executed for each
> matching user to generate a warning for the user via selected medium,
> for example by email.
>
> --
> Antti Peltonen | Homo sapiens | planet Earth
> blog http://bcow.me | email antti.peltonen at iki.f
> <mailto:antti.peltonen at iki.fi>i
> irc bcow at IRCNet,Freenode
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Thank you for the contribution!
A quick look at the tool's command line indicates that it is probably
not using any of the IPA framework and rather goes over LDAP. I am not
sure that this is the best approach, let us discuss...
For the tool to become a part of the IPA ecosystem it should probably
take advantage of the framework.
The framework would take care of things like --gssapi --server
ipaserver.example.tld --basedn cn=users,cn=accounts,dc=example,dc=tld
I think next steps would be:
1) Open a ticket for this RFE and describe the use case and need there.
2) Create a design page on the wiki, it should not be long but I suspect
several paragraphs would help others to understand what is going on
under the hood. The page would cover command line parameter, their use,
authentication, examples of scripts, etc. Though may be instead of a
script as an argument the command would allow piped output to a script.
Just a thought... This is exactly a thing that should be discussed
during a design review.
3) Send design for review
Based on the design discussion it would become clearer what needs to
change (if anything) for the tool to be accepted.
Thanks again for the contribution!
I think we have a huge lack of good reporting tools in FreeIPA.
Would be great if someone can make a dent at them some day:
https://fedorahosted.org/freeipa/ticket/3024
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131114/df4dc557/attachment.htm>
More information about the Freeipa-devel
mailing list