On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote: > > > >Yeah, I don't think we want to be in the business of installing and > >configuring an MTA. However, we should be able to detect if one is available > >and use it if it is. I think it would be reasonable to restrict it to LMTP > >with a Unix domain socket (most MTA's support this). Then our config would > >have a LMTP domain socket pathname, if that pathname exists and we can > >connect > >to it we use, if not we fallback to not generating any mail. > > In meanwhile, it should be relatively simple to code script which > does ldapsearch from time to time and sends some e-mails. This > script doesn't have to run on the same server as IPA, only access to > LDAP and some MTA is required.
Crude, but a start: ---------------------------------------------------------------- #! /bin/bash ldapsearch -z 500 -x -h ipa1.example.net -b cn=users,cn=accounts,dc=example,dc=net "(krbPasswordExpiration<=$(date +%Y%m%d --date='+1 week')000000Z)" mail |grep ^mail|cut -d: -f2 |while read mail do echo password expires in less than a week | mail -s "Password expires" $mail done ---------------------------------------------------------------- -jf _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users