On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote:
> >
> >Yeah, I don't think we want to be in the business of installing and
> >configuring an MTA. However, we should be able to detect if one is available
> >and use it if it is. I think it would be reasonable to restrict it to LMTP
> >with a Unix domain socket (most MTA's support this). Then our config would
> >have a LMTP domain socket pathname, if that pathname exists and we can
> >connect
> >to it we use, if not we fallback to not generating any mail.
>
> In meanwhile, it should be relatively simple to code script which
> does ldapsearch from time to time and sends some e-mails. This
> script doesn't have to run on the same server as IPA, only access to
> LDAP and some MTA is required.
Crude, but a start:
----------------------------------------------------------------
#! /bin/bash
ldapsearch -z 500 -x -h ipa1.example.net -b
cn=users,cn=accounts,dc=example,dc=net "(krbPasswordExpiration<=$(date +%Y%m%d
--date='+1 week')000000Z)" mail |grep ^mail|cut -d: -f2 |while read mail
do
echo password expires in less than a week | mail -s "Password expires"
$mail
done
----------------------------------------------------------------
-jf
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
