[Freeipa-users] Account Expiration
Petr Spacek
pspacek at redhat.com
Wed Feb 13 08:29:42 UTC 2013
On 12.2.2013 20:21, John Dennis wrote:
> On 02/12/2013 01:40 PM, Rob Crittenden wrote:
>>> Is it possible to ipa to send a email to user when his account is about
>>> to expire (the current date is near krbprincipalexpiration date) ?
>>
>> Not currently. In 3.0+ we will provide a notice when one logs into the
>> WebUI but that's it.
>>
>> We can't be sure that an MTA is properly configured on the IPA server at
>> install time so we have punted on this for a while. We don't want to get
>> into the business of picking and configuring one. This is one of those
>> things that seems really easy but gets complicated the deeper you dig
>> into it. We're open to suggestions/patches.
>
> Yeah, I don't think we want to be in the business of installing and
> configuring an MTA. However, we should be able to detect if one is available
> and use it if it is. I think it would be reasonable to restrict it to LMTP
> with a Unix domain socket (most MTA's support this). Then our config would
> have a LMTP domain socket pathname, if that pathname exists and we can connect
> to it we use, if not we fallback to not generating any mail.
In meanwhile, it should be relatively simple to code script which does
ldapsearch from time to time and sends some e-mails. This script doesn't have
to run on the same server as IPA, only access to LDAP and some MTA is required.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list