On 11/14/2013 12:08 PM, Antti Peltonen wrote: > Hi all, > > I have created the > following https://bitbucket.org/bcow/freeipa-expired-user-accounts-query > tool to mitigate a situation when users in directory never login to > servers and therefore do not receive alerts about expiring passwords. > My tool can be used to query the LDAP directory and list users that > have expired passwords and/or users with passwords about to expire in > given amount of days. External script can then be executed for each > matching user to generate a warning for the user via selected medium, > for example by email. > > -- > Antti Peltonen | Homo sapiens | planet Earth > blog http://bcow.me | email [email protected] > <mailto:[email protected]>i > irc bcow@IRCNet,Freenode > > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel
Thank you for the contribution! A quick look at the tool's command line indicates that it is probably not using any of the IPA framework and rather goes over LDAP. I am not sure that this is the best approach, let us discuss... For the tool to become a part of the IPA ecosystem it should probably take advantage of the framework. The framework would take care of things like --gssapi --server ipaserver.example.tld --basedn cn=users,cn=accounts,dc=example,dc=tld I think next steps would be: 1) Open a ticket for this RFE and describe the use case and need there. 2) Create a design page on the wiki, it should not be long but I suspect several paragraphs would help others to understand what is going on under the hood. The page would cover command line parameter, their use, authentication, examples of scripts, etc. Though may be instead of a script as an argument the command would allow piped output to a script. Just a thought... This is exactly a thing that should be discussed during a design review. 3) Send design for review Based on the design discussion it would become clearer what needs to change (if anything) for the tool to be accepted. Thanks again for the contribution! I think we have a huge lack of good reporting tools in FreeIPA. Would be great if someone can make a dent at them some day: https://fedorahosted.org/freeipa/ticket/3024 -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
