I put together this little script, run from cron, to email my users when
it's time to change their password. Feel free to use and chop up if you
like..
#!/usr/bin/perl
# Name: check_password_expiration_date.pl
# Author: Leo Pleiman
# Date: July 11, 2013
# This is designed as a cron job to query the password expiration date on
accounts and send an email
# of the impending expiration to the account owner and the Systems Admins
use Date::Calc qw( Delta_Days Today );
use Mail::Sendmail;
$cmd = "\/usr\/bin\/ldapsearch -x passwordexpirationtime=*|grep uid:|grep
-v apple|cut -c6- >/tmp/users\n";
system $cmd;
open USERS, "/tmp/users" or die "Couldn't open file";
while (<USERS>) {
chomp;
$user = $_;
$USER = uc($user);
$cmd = "\/usr\/bin\/ldapsearch -x uid=$user + passwordexpirationtime|grep
passwordexpirationtime:|cut -d: -f2|cut -c2-9 >/tmp/date\n";
system $cmd;
system "cat /tmp/date|cut -c1-4 >/tmp/year";
system "cat /tmp/date|cut -c5-6 >/tmp/month";
system "cat /tmp/date|cut -c7-8 >/tmp/day";
open FILE, "/tmp/year" or die "Couldn't open file";
while (<FILE>) {
chomp;
$YEAR = $_;
close FILE;
}
open FILE, "/tmp/month" or die "Couldn't open file";
while (<FILE>) {
chomp;
$MONTH = $_;
close FILE;
}
open FILE, "/tmp/day" or die "Couldn't open file";
while (<FILE>) {
chomp;
$DAY = $_;
close FILE;
}
($YEAR2,$MONTH2,$DAY2) = Today();
$days = Delta_Days($YEAR2,$MONTH2,$DAY2, $YEAR,$MONTH,$DAY);
$DAYS = $days - 7;
#print "$days $DAYS $USER\n";
if ($DAYS <= 7 ) {
if ($DAYS <= 0 ) {
%mail = ( To => "$user\@example.com",
Cc => '[email protected]',
From => '[email protected]',
Subject => "$USER YOUR PASSWORD HAS EXPIRED",
Message => "$user, your password has expired. You
have a limited number of logins avaliable before your account will be
locked. Proceed immediately to blah, blah, blah\n sysref $days"
);
sendmail(%mail) or die $Mail::Sendmail::error;
}
else {
%mail = ( To => "$user\@example.com",
From => '[email protected]',
Subject => "$USER YOUR PASSWORD IS ABOUT TO
EXPIRE",
Message => "$user, your password will expire in
$DAYS days. Reference blah, blah, blah instructions on changing your
password."
);
sendmail(%mail) or die $Mail::Sendmail::error;
# print "OK. Log says:\n", $Mail::Sendmail::log;
}
}
}
close USERS;
system "cd /tmp;rm -rf users date year month day";
exit
Leo Pleiman
Senior System Engineer
Direct 202-787-3622
Cell 410-688-3873
DonorPro merged with Salsa, read about it here.
<https://www.salsalabs.com/about/news/salsa-labs-and-donorpro-unite>
On Thu, Nov 3, 2016 at 9:37 AM, Predrag Zečević - Technical Support Analyst
<[email protected]> wrote:
> On 11/ 3/16 01:21 PM, Mark Reynolds wrote:
>
>> Todor,
>>
>> All you need to do is request the passwordexpirationtime attribute from
>> the user entry:
>>
>> For example:
>>
>> # ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com"
>> uid=USERID passwordexpirationtime
>>
>> Regards,
>> Mark
>>
>>
> Hi,
>
> there are also more password attributes:
> $ ldapsearch -xLLLD "cn=directory manager" -W -b "dc=my-domain,dc=com"
> uid=USERID passwordExpirationTime passwordExpWarned passwordGraceUserTime
> passwordRetryCount passwordAllowChangeTime passwordHistory
>
> With best regards.
> Predrag Zečević
>
>> On 11/03/2016 03:10 AM, Todor Petkov wrote:
>>
>>> Hello,
>>>
>>> I am trying to get the user password expiration date, so I can write a
>>> script to send warning email before this. I am running the following:
>>> ldapsearch -v -LLLx -h localhost -b
>>> 'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com"
>>> ,cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com'
>>> "(objectclass=ldapsubentry)"
>>>
>>> But I don't see such attribute in the results. Can you give me a hint
>>> what's the ldap query? My versions are:
>>>
>>> 389-admin-console-1.1.8-1.el6.noarch
>>> 389-ds-1.2.2-1.el6.noarch
>>> 389-adminutil-1.1.19-1.el6.x86_64
>>> 389-ds-base-libs-1.2.11.15-75.el6_8.x86_64
>>> 389-ds-base-1.2.11.15-75.el6_8.x86_64
>>> 389-ds-console-1.2.6-1.el6.noarch
>>> 389-admin-console-doc-1.1.8-1.el6.noarch
>>> 389-admin-1.1.35-1.el6.x86_64
>>> 389-console-1.1.7-1.el6.noarch
>>> 389-ds-console-doc-1.2.6-1.el6.noarch
>>> 389-dsgw-1.1.11-1.el6.x86_64
>>>
>>>
>>> Thanks in advance,
>>> _______________________________________________
>>> 389-users mailing list -- [email protected]
>>> To unsubscribe send an email to [email protected]
>>>
>>
>>
>>
>> _______________________________________________
>> 389-users mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
>>
>>
> --
> Predrag Zečević
> Technical Support Analyst
> 2e Systems GmbH
>
> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
> Mobile: +49 174 3109 288, Skype: predrag.zecevic
> E-mail: [email protected]
>
> Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
> 65812 Bad Soden am Taunus, Germany
> Company registration: Amtsgericht Königstein (Germany), HRB 7303
> Managing director: Phil Douglas
>
> http://www.2e-systems.com/ - Making your business fly!
> _______________________________________________
> 389-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
