[389-users] Re: Get user password expiration date

[Mark Reynolds]

Leo,

Would you mind if I put this script on our wiki page
(http://www.port389.org)?

Thanks,
Mark

On 11/03/2016 09:49 AM, Leo Pleiman wrote:
> I put together this little script, run from cron, to email my users
> when it's time to change their password. Feel free to use and chop up
> if you like..
>
> #!/usr/bin/perl
>
>
> # Name: check_password_expiration_date.pl
> <http://check_password_expiration_date.pl>
>
> # Author: Leo Pleiman
>
> # Date: July 11, 2013
>
> # This is designed as a cron job to query the password expiration date
> on accounts and send an email
>
> # of the impending expiration to the account owner and the Systems Admins
>
>
> use Date::Calc qw( Delta_Days Today );
>
> use Mail::Sendmail;
>
>
> $cmd = "\/usr\/bin\/ldapsearch -x passwordexpirationtime=*|grep
> uid:|grep -v apple|cut -c6- >/tmp/users\n";
>
> system $cmd;
>
>
> open USERS, "/tmp/users" or die "Couldn't open file";
>
> while (<USERS>) {
>
> chomp;
>
> $user = $_;
>
> $USER = uc($user);
>
> $cmd = "\/usr\/bin\/ldapsearch -x uid=$user +
> passwordexpirationtime|grep passwordexpirationtime:|cut -d: -f2|cut
> -c2-9 >/tmp/date\n";
>
> system $cmd;
>
> system "cat /tmp/date|cut -c1-4 >/tmp/year";
>
> system "cat /tmp/date|cut -c5-6 >/tmp/month";
>
> system "cat /tmp/date|cut -c7-8 >/tmp/day";
>
>
> open FILE, "/tmp/year" or die "Couldn't open file";
>
> while (<FILE>) {
>
> chomp;
>
> $YEAR = $_;
>
> close FILE;
>
> }
>
> open FILE, "/tmp/month" or die "Couldn't open file";
>
> while (<FILE>) {
>
> chomp;
>
> $MONTH = $_;
>
> close FILE;
>
> }
>
> open FILE, "/tmp/day" or die "Couldn't open file";
>
> while (<FILE>) {
>
> chomp;
>
> $DAY = $_;
>
> close FILE;
>
> }
>
>
> ($YEAR2,$MONTH2,$DAY2) = Today();
>
> $days = Delta_Days($YEAR2,$MONTH2,$DAY2, $YEAR,$MONTH,$DAY);
>
>
>
> $DAYS = $days - 7;
>
> #print "$days   $DAYS   $USER\n";
>
> if ($DAYS <= 7 ) {
>
> if ($DAYS <= 0 ) {
>
> %mail = ( To      => "$user\@example.com <http://example.com>",
>
>   Cc      => 'systemsgr...@example.com <mailto:systemsgr...@example.com>',
>
>                           From    => 'systemsgr...@example.com
> <mailto:systemsgr...@example.com>',
>
>                           Subject => "$USER YOUR PASSWORD HAS EXPIRED",
>
>                           Message => "$user, your password has
> expired. You have a limited number of logins avaliable before your
> account will be locked. Proceed immediately to blah, blah, blah\n  
> sysref $days"
>
>                         );
>
>                 sendmail(%mail) or die $Mail::Sendmail::error;
>
>                 }
>
> else {
>
> %mail = ( To      => "$user\@example.com <http://example.com>",
>
>                           From    => 'systemsgr...@example.com
> <mailto:systemsgr...@example.com>',
>
>                           Subject => "$USER YOUR PASSWORD IS ABOUT TO
> EXPIRE",
>
>                           Message => "$user, your password will expire
> in $DAYS days. Reference blah, blah, blah  instructions on changing
> your password."
>
> );
>
> sendmail(%mail) or die $Mail::Sendmail::error;
>
> #print "OK. Log says:\n", $Mail::Sendmail::log;
>
> }
>
> }
>
> }
>
> close USERS;
>
> system "cd /tmp;rm -rf users date year month day";
>
> exit
>
>
> Leo Pleiman
> Senior System Engineer
> Direct 202-787-3622
> Cell 410-688-3873
>
> DonorPro merged with Salsa, read about it here.
> <https://www.salsalabs.com/about/news/salsa-labs-and-donorpro-unite>
>
> On Thu, Nov 3, 2016 at 9:37 AM, Predrag Zečević - Technical Support
> Analyst <predrag.zece...@2e-systems.com
> <mailto:predrag.zece...@2e-systems.com>> wrote:
>
>     On 11/ 3/16 01:21 PM, Mark Reynolds wrote:
>
>         Todor,
>
>         All you need to do is request the passwordexpirationtime
>         attribute from
>         the user entry:
>
>         For example:
>
>         # ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com"
>         uid=USERID passwordexpirationtime
>
>         Regards,
>         Mark
>
>
>     Hi,
>
>     there are also more password attributes:
>     $ ldapsearch -xLLLD "cn=directory manager" -W -b
>     "dc=my-domain,dc=com" uid=USERID passwordExpirationTime
>     passwordExpWarned passwordGraceUserTime passwordRetryCount
>     passwordAllowChangeTime passwordHistory
>
>     With best regards.
>     Predrag Zečević
>
>         On 11/03/2016 03:10 AM, Todor Petkov wrote:
>
>             Hello,
>
>             I am trying to get the user password expiration date, so I
>             can write a
>             script to send warning email before this. I am running the
>             following:
>             ldapsearch -v -LLLx -h localhost -b
>             
> 'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com'
>             "(objectclass=ldapsubentry)"
>
>             But I don't see such attribute in the results. Can you
>             give me a hint
>             what's the ldap query? My versions are:
>
>             389-admin-console-1.1.8-1.el6.noarch
>             389-ds-1.2.2-1.el6.noarch
>             389-adminutil-1.1.19-1.el6.x86_64
>             389-ds-base-libs-1.2.11.15-75.el6_8.x86_64
>             389-ds-base-1.2.11.15-75.el6_8.x86_64
>             389-ds-console-1.2.6-1.el6.noarch
>             389-admin-console-doc-1.1.8-1.el6.noarch
>             389-admin-1.1.35-1.el6.x86_64
>             389-console-1.1.7-1.el6.noarch
>             389-ds-console-doc-1.2.6-1.el6.noarch
>             389-dsgw-1.1.11-1.el6.x86_64
>
>
>             Thanks in advance,
>             _______________________________________________
>             389-users mailing list --
>             389-users@lists.fedoraproject.org
>             <mailto:389-users@lists.fedoraproject.org>
>             To unsubscribe send an email to
>             389-users-le...@lists.fedoraproject.org
>             <mailto:389-users-le...@lists.fedoraproject.org>
>
>
>
>
>         _______________________________________________
>         389-users mailing list -- 389-users@lists.fedoraproject.org
>         <mailto:389-users@lists.fedoraproject.org>
>         To unsubscribe send an email to
>         389-users-le...@lists.fedoraproject.org
>         <mailto:389-users-le...@lists.fedoraproject.org>
>
>
>     -- 
>     Predrag Zečević
>     Technical Support Analyst
>     2e Systems GmbH
>
>     Telephone: +49 6196 9505 815 <tel:%2B49%206196%209505%20815>,
>     Facsimile: +49 6196 9505 894 <tel:%2B49%206196%209505%20894>
>     Mobile:    +49 174 3109 288 <tel:%2B49%20%20174%203109%20288>,   
>      Skype: predrag.zecevic
>     E-mail:    predrag.zece...@2e-systems.com
>     <mailto:predrag.zece...@2e-systems.com>
>
>     Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
>                           65812 Bad Soden am Taunus, Germany
>     Company registration: Amtsgericht Königstein (Germany), HRB 7303
>     Managing director:    Phil Douglas
>
>     http://www.2e-systems.com/ - Making your business fly!
>     _______________________________________________
>     389-users mailing list -- 389-users@lists.fedoraproject.org
>     <mailto:389-users@lists.fedoraproject.org>
>     To unsubscribe send an email to
>     389-users-le...@lists.fedoraproject.org
>     <mailto:389-users-le...@lists.fedoraproject.org>
>
>
>
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org


_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org