On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote:
> >
> >Yeah, I don't think we want to be in the business of installing and
> >configuring an MTA. However, we should be able to detect if one is available
> >and use it if it is. I think it would be reasonable to restrict it to LMTP
> >with a Unix domain socket (most MTA's support this). Then our config would
> >have a LMTP domain socket pathname, if that pathname exists and we can 
> >connect
> >to it we use, if not we fallback to not generating any mail.
> In meanwhile, it should be relatively simple to code script which
> does ldapsearch from time to time and sends some e-mails. This
> script doesn't have to run on the same server as IPA, only access to
> LDAP and some MTA is required.

Crude, but a start:

#! /bin/bash
ldapsearch -z 500 -x -h ipa1.example.net -b 
cn=users,cn=accounts,dc=example,dc=net "(krbPasswordExpiration<=$(date +%Y%m%d 
--date='+1 week')000000Z)" mail |grep ^mail|cut -d: -f2 |while read mail
        echo password expires in less than a week | mail -s "Password expires" 


Freeipa-users mailing list

Reply via email to