Re: [Freeipa-users] Account Expiration

Wed, 13 Feb 2013 12:41:59 -0800 

James James wrote:

What is the IIRC docs ?


IIRC == If I Recall Correctly.

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#pwd-expiration

rob




2013/2/13 Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>

    Petr Spacek wrote:

        On 12.2.2013 20:21, John Dennis wrote:

            On 02/12/2013 01:40 PM, Rob Crittenden wrote:

                    Is it possible to ipa to send a email to user when
                    his account is about
                    to expire (the current date is near
                    krbprincipalexpiration date) ?


                Not currently. In 3.0+ we will provide a notice when one
                logs into the
                WebUI but that's it.

                We can't be sure that an MTA is properly configured on
                the IPA server at
                install time so we have punted on this for a while. We
                don't want to get
                into the business of picking and configuring one. This
                is one of those
                things that seems really easy but gets complicated the
                deeper you dig
                into it. We're open to suggestions/patches.


            Yeah, I don't think we want to be in the business of
            installing and
            configuring an MTA. However, we should be able to detect if
            one is
            available
            and use it if it is. I think it would be reasonable to
            restrict it to
            LMTP
            with a Unix domain socket (most MTA's support this). Then
            our config
            would
            have a LMTP domain socket pathname, if that pathname exists
            and we can
            connect
            to it we use, if not we fallback to not generating any mail.


        In meanwhile, it should be relatively simple to code script
        which does
        ldapsearch from time to time and sends some e-mails. This script
        doesn't
        have to run on the same server as IPA, only access to LDAP and
        some MTA
        is required.


    Yes, that is our current recommendation. There is a sample query in
    the docs IIRC.

    rob


    _________________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/__mailman/listinfo/freeipa-users
    <https://www.redhat.com/mailman/listinfo/freeipa-users>




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




























					Reply via email to