[Freeipa-users] Account Expiration

Steven Jones Steven.Jones at vuw.ac.nz
Wed Feb 13 19:54:39 UTC 2013 

Hi,

Isnt Postfix the RHEL default now?  So is it that hard to do a Postfix-ipa-config.rpm?

Its something we want as well, so I'll do a RFE, RH support will love me more I'm sure....

;]

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Rob Crittenden [rcritten at redhat.com]
Sent: Thursday, 14 February 2013 2:56 a.m.
To: Petr Spacek
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Account Expiration

Petr Spacek wrote:
> On 12.2.2013 20:21, John Dennis wrote:
>> On 02/12/2013 01:40 PM, Rob Crittenden wrote:
>>>> Is it possible to ipa to send a email to user when his account is about
>>>> to expire (the current date is near krbprincipalexpiration date) ?
>>>
>>> Not currently. In 3.0+ we will provide a notice when one logs into the
>>> WebUI but that's it.
>>>
>>> We can't be sure that an MTA is properly configured on the IPA server at
>>> install time so we have punted on this for a while. We don't want to get
>>> into the business of picking and configuring one. This is one of those
>>> things that seems really easy but gets complicated the deeper you dig
>>> into it. We're open to suggestions/patches.
>>
>> Yeah, I don't think we want to be in the business of installing and
>> configuring an MTA. However, we should be able to detect if one is
>> available
>> and use it if it is. I think it would be reasonable to restrict it to
>> LMTP
>> with a Unix domain socket (most MTA's support this). Then our config
>> would
>> have a LMTP domain socket pathname, if that pathname exists and we can
>> connect
>> to it we use, if not we fallback to not generating any mail.
>
> In meanwhile, it should be relatively simple to code script which does
> ldapsearch from time to time and sends some e-mails. This script doesn't
> have to run on the same server as IPA, only access to LDAP and some MTA
> is required.
>

Yes, that is our current recommendation. There is a sample query in the
docs IIRC.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list