Re: Get user password expiration date

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Leo,

Would you mind if I put this script on our wiki page (http://www.port389.org)?

Thanks,
Mark

On 11/03/2016 09:49 AM, Leo Pleiman wrote:
I put together this little script, run from cron, to email my users when it's time to change their password. Feel free to use and chop up if you like..

#!/usr/bin/perl


# Name: check_password_expiration_date.pl

# Author: Leo Pleiman

# Date: July 11, 2013

# This is designed as a cron job to query the password expiration date on accounts and send an email

# of the impending expiration to the account owner and the Systems Admins


use Date::Calc qw( Delta_Days Today );

use Mail::Sendmail;


$cmd = "\/usr\/bin\/ldapsearch -x passwordexpirationtime=*|grep uid:|grep -v apple|cut -c6- >/tmp/users\n";

system $cmd;


open USERS, "/tmp/users" or die "Couldn't open file";

while (<USERS>) {

chomp;

$user = $_;

$USER = uc($user);

$cmd = "\/usr\/bin\/ldapsearch -x uid=$user + passwordexpirationtime|grep passwordexpirationtime:|cut -d: -f2|cut -c2-9 >/tmp/date\n";

system $cmd;

system "cat /tmp/date|cut -c1-4 >/tmp/year";

system "cat /tmp/date|cut -c5-6 >/tmp/month";

system "cat /tmp/date|cut -c7-8 >/tmp/day";


open FILE, "/tmp/year" or die "Couldn't open file";

while (<FILE>) {

chomp;

$YEAR = $_;

close FILE;

}

open FILE, "/tmp/month" or die "Couldn't open file";

while (<FILE>) {

chomp;

$MONTH = $_;

close FILE;

}

open FILE, "/tmp/day" or die "Couldn't open file";

while (<FILE>) {

chomp;

$DAY = $_;

close FILE;

}


($YEAR2,$MONTH2,$DAY2) = Today();

$days = Delta_Days($YEAR2,$MONTH2,$DAY2, $YEAR,$MONTH,$DAY);



$DAYS = $days - 7;

#print "$days   $DAYS   $USER\n";

if ($DAYS <= 7 ) {

if ($DAYS <= 0 ) {

%mail = ( To      => "$user\@example.com",

  Cc      => 'systemsgroup@xxxxxxxxxxx',

                          From    => 'systemsgroup@xxxxxxxxxxx',

                          Subject => "$USER YOUR PASSWORD HAS EXPIRED",

                          Message => "$user, your password has expired. You have a limited number of logins avaliable before your account will be locked. Proceed immediately to blah, blah, blah\n   sysref $days"

                        );

                sendmail(%mail) or die $Mail::Sendmail::error;

                }

else {

%mail = ( To      => "$user\@example.com",

                          From    => 'systemsgroup@xxxxxxxxxxx',

                          Subject => "$USER YOUR PASSWORD IS ABOUT TO EXPIRE",

                          Message => "$user, your password will expire in $DAYS days. Reference blah, blah, blah  instructions on changing your password."

);

sendmail(%mail) or die $Mail::Sendmail::error;

# print "OK. Log says:\n", $Mail::Sendmail::log;

}

}

}

close USERS;

system "cd /tmp;rm -rf users date year month day";

exit


Leo Pleiman
Senior System Engineer
Direct 202-787-3622
Cell 410-688-3873


On Thu, Nov 3, 2016 at 9:37 AM, Predrag Zečević - Technical Support Analyst <predrag.zecevic@xxxxxxxxxxxxxx> wrote:
On 11/ 3/16 01:21 PM, Mark Reynolds wrote:
Todor,

All you need to do is request the passwordexpirationtime attribute from
the user entry:

For example:

# ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com"
uid=USERID passwordexpirationtime

Regards,
Mark


Hi,

there are also more password attributes:
$ ldapsearch -xLLLD "cn=directory manager" -W -b "dc=my-domain,dc=com" uid=USERID passwordExpirationTime passwordExpWarned passwordGraceUserTime passwordRetryCount passwordAllowChangeTime passwordHistory

With best regards.
Predrag Zečević
On 11/03/2016 03:10 AM, Todor Petkov wrote:
Hello,

I am trying to get the user password expiration date, so I can write a
script to send warning email before this. I am running the following:
ldapsearch -v -LLLx -h localhost -b
'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com'
"(objectclass=ldapsubentry)"

But I don't see such attribute in the results. Can you give me a hint
what's the ldap query? My versions are:

389-admin-console-1.1.8-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-adminutil-1.1.19-1.el6.x86_64
389-ds-base-libs-1.2.11.15-75.el6_8.x86_64
389-ds-base-1.2.11.15-75.el6_8.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-admin-console-doc-1.1.8-1.el6.noarch
389-admin-1.1.35-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.11-1.el6.x86_64


Thanks in advance,
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org



_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org


--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49 174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic@xxxxxxxxxxxxxx

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org



_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux