[Freeipa-users] Account Expiration
Rob Crittenden
rcritten at redhat.com
Wed Feb 13 13:56:39 UTC 2013
Petr Spacek wrote:
> On 12.2.2013 20:21, John Dennis wrote:
>> On 02/12/2013 01:40 PM, Rob Crittenden wrote:
>>>> Is it possible to ipa to send a email to user when his account is about
>>>> to expire (the current date is near krbprincipalexpiration date) ?
>>>
>>> Not currently. In 3.0+ we will provide a notice when one logs into the
>>> WebUI but that's it.
>>>
>>> We can't be sure that an MTA is properly configured on the IPA server at
>>> install time so we have punted on this for a while. We don't want to get
>>> into the business of picking and configuring one. This is one of those
>>> things that seems really easy but gets complicated the deeper you dig
>>> into it. We're open to suggestions/patches.
>>
>> Yeah, I don't think we want to be in the business of installing and
>> configuring an MTA. However, we should be able to detect if one is
>> available
>> and use it if it is. I think it would be reasonable to restrict it to
>> LMTP
>> with a Unix domain socket (most MTA's support this). Then our config
>> would
>> have a LMTP domain socket pathname, if that pathname exists and we can
>> connect
>> to it we use, if not we fallback to not generating any mail.
>
> In meanwhile, it should be relatively simple to code script which does
> ldapsearch from time to time and sends some e-mails. This script doesn't
> have to run on the same server as IPA, only access to LDAP and some MTA
> is required.
>
Yes, that is our current recommendation. There is a sample query in the
docs IIRC.
rob
More information about the Freeipa-users
mailing list