On 11/14/2013 12:08 PM, Antti Peltonen wrote:
> Hi all,
>
> I have created the
> following https://bitbucket.org/bcow/freeipa-expired-user-accounts-query
> tool to mitigate a situation when users in directory never login to
> servers and therefore do not receive alerts about expiring passwords.
> My tool can be used to query the LDAP directory and list users that
> have expired passwords and/or users with passwords about to expire in
> given amount of days. External script can then be executed for each
> matching user to generate a warning for the user via selected medium,
> for example by email.
>
> -- 
> Antti Peltonen | Homo sapiens | planet Earth
> blog http://bcow.me | email antti.peltonen@iki.f
> <mailto:antti.pelto...@iki.fi>i
> irc bcow@IRCNet,Freenode
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


Thank you for the contribution!

A quick look at the tool's command line indicates that it is probably
not using any of the IPA framework and rather goes over LDAP. I am not
sure that this is the best approach, let us discuss...
For the tool to become a part of the IPA ecosystem it should probably
take advantage of the framework.
The framework would take care of things like --gssapi --server
ipaserver.example.tld --basedn cn=users,cn=accounts,dc=example,dc=tld

I think next steps would be:
1) Open a ticket for this RFE and describe the use case and need there.
2) Create a design page on the wiki, it should not be long but I suspect
several paragraphs would help others to understand what is going on
under the hood. The page would cover command line parameter, their use,
authentication, examples of scripts, etc. Though may be instead of a
script as an argument the command would allow piped output to a script.
Just a thought... This is exactly a thing that should be discussed
during a design review.
3) Send design for review

Based on the design discussion it would become clearer what needs to
change (if anything) for the tool to be accepted.

Thanks again for the contribution!

I think we have a huge lack of good reporting tools in FreeIPA.
Would be great if someone can make a dent at them some day:
https://fedorahosted.org/freeipa/ticket/3024

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to