[Freeipa-users] Account Expiration
Jan-Frode Myklebust
janfrode at tanso.net
Wed Feb 13 20:16:08 UTC 2013
On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote:
> >
> >Yeah, I don't think we want to be in the business of installing and
> >configuring an MTA. However, we should be able to detect if one is available
> >and use it if it is. I think it would be reasonable to restrict it to LMTP
> >with a Unix domain socket (most MTA's support this). Then our config would
> >have a LMTP domain socket pathname, if that pathname exists and we can connect
> >to it we use, if not we fallback to not generating any mail.
>
> In meanwhile, it should be relatively simple to code script which
> does ldapsearch from time to time and sends some e-mails. This
> script doesn't have to run on the same server as IPA, only access to
> LDAP and some MTA is required.
Crude, but a start:
----------------------------------------------------------------
#! /bin/bash
ldapsearch -z 500 -x -h ipa1.example.net -b cn=users,cn=accounts,dc=example,dc=net "(krbPasswordExpiration<=$(date +%Y%m%d --date='+1 week')000000Z)" mail |grep ^mail|cut -d: -f2 |while read mail
do
echo password expires in less than a week | mail -s "Password expires" $mail
done
----------------------------------------------------------------
-jf
More information about the Freeipa-users
mailing list