Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread mkawada 

Hi list,

I very much appreciate you all who gave me a help on my question.

Will check and try the stuff based on the given info from you guys.

Thanks a million!

Masaharu Kawada


On 2016年06月09日 00:26, KT Walrus wrote:

I think the easiest solution it to send a mail to the user that the password 
will expire. A cron job and a shell script should do the work.
I don't know any mechanism to send this kind of message via POP.

I agree with you. Don’t bother trying to alert the user when he logs in (where 
there is no universal client support for such alerts). But, simply send a 
notification message from a cron script to their mailbox (a couple days before 
expiration). You could mark the message as high priority/urgent just in case 
their client displays such messages more prominently than normal inbox new 
messages. IMAP or POP login is usually done by the email client in the 
background and the user isn’t necessarily even around to handle the alert. But, 
clients are used to alerting the user that they have new mail.

So, simply sending a notification message, from a cron job, to their INBOX is 
definitely the way I would go.

Kevin


On Jun 8, 2016, at 9:31 AM, Juan Bernhard  wrote:


El 08/06/2016 a las 03:37 a.m., mkaw...@redhat.com  
escribió:

Dear list,

Is it possible to give a notification about password exprire warning to
users authenticated by OpenLDAP when the users login via dovecot using
IMAP or POP? For example, when you ssh to a server and/or run
ldapsearch, you can be warned with password expire warning like below:

# ssh testuser@localhost
testuser@localhost's password:
Your password will expire in 31 minute(s).<==
Last login: Wed Jun  8 12:22:08 2016 from localhost.localdomain

]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w
redhat  "cn=testuser" -e ppolicy
ldap_bind: Success (0) (Password expires in 1808 seconds)<==
dn: uid=testuser,ou=People,dc=example,dc=com

Does the same can be done for dovecot users authenticated by OpenLDAP in
IMAP/POP?


Thanks,


I think the easiest solution it to send a mail to the user that the password 
will expire. A cron job and a shell script should do the work.
I don't know any mechanism to send this kind of message via POP.

Saludos, Juan.



--
Masaharu Kawada

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread KT Walrus 
> I think the easiest solution it to send a mail to the user that the password 
> will expire. A cron job and a shell script should do the work.
> I don't know any mechanism to send this kind of message via POP.

I agree with you. Don’t bother trying to alert the user when he logs in (where 
there is no universal client support for such alerts). But, simply send a 
notification message from a cron script to their mailbox (a couple days before 
expiration). You could mark the message as high priority/urgent just in case 
their client displays such messages more prominently than normal inbox new 
messages. IMAP or POP login is usually done by the email client in the 
background and the user isn’t necessarily even around to handle the alert. But, 
clients are used to alerting the user that they have new mail.

So, simply sending a notification message, from a cron job, to their INBOX is 
definitely the way I would go.

Kevin

> On Jun 8, 2016, at 9:31 AM, Juan Bernhard  wrote:
> 
> 
> El 08/06/2016 a las 03:37 a.m., mkaw...@redhat.com 
>  escribió:
>> Dear list,
>> 
>> Is it possible to give a notification about password exprire warning to
>> users authenticated by OpenLDAP when the users login via dovecot using
>> IMAP or POP? For example, when you ssh to a server and/or run
>> ldapsearch, you can be warned with password expire warning like below:
>> 
>> # ssh testuser@localhost
>> testuser@localhost's password:
>> Your password will expire in 31 minute(s).<==
>> Last login: Wed Jun  8 12:22:08 2016 from localhost.localdomain
>> 
>> ]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w
>> redhat  "cn=testuser" -e ppolicy
>> ldap_bind: Success (0) (Password expires in 1808 seconds)<==
>> dn: uid=testuser,ou=People,dc=example,dc=com
>> 
>> Does the same can be done for dovecot users authenticated by OpenLDAP in
>> IMAP/POP?
>> 
>> 
>> Thanks,
>> 
> I think the easiest solution it to send a mail to the user that the password 
> will expire. A cron job and a shell script should do the work.
> I don't know any mechanism to send this kind of message via POP.
> 
> Saludos, Juan.

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread Michael Slusarz 
The correct way to handle this IMAP-wise would be to return the EXPIRED 
response code (https://tools.ietf.org/html/rfc5530#section-3).  But this 
requires client support to report to the end user.  (And also requires that 
Dovecot would be able to determine from authentication source that the 
credentials are expired, as opposed to incorrect.)

michael

> On June 8, 2016 at 2:51 AM "A.L.E.C"  wrote:
> 
> On 06/08/2016 10:39 AM, mkaw...@redhat.com wrote:
> 
> > To make it happen, no need to add any other configurations on LDAP end
> > once possword policy is correctly set?
> 
> You've got me wrong. I just responded to Aki's question. ALERT feature
> could be used to send the message to the client, but there's no code to
> handle such LDAP password policies/notices yet.
> 
> --
> Aleksander 'A.L.E.C' Machniak
> Kolab Groupware Developer [http://kolab.org]
> 
> Roundcube Webmail Developer [http://roundcube.net]
> 
> ---
> PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread Juan Bernhard 


El 08/06/2016 a las 03:37 a.m., mkaw...@redhat.com escribió:

Dear list,

Is it possible to give a notification about password exprire warning to
users authenticated by OpenLDAP when the users login via dovecot using
IMAP or POP? For example, when you ssh to a server and/or run
ldapsearch, you can be warned with password expire warning like below:

# ssh testuser@localhost
testuser@localhost's password:
Your password will expire in 31 minute(s).<==
Last login: Wed Jun  8 12:22:08 2016 from localhost.localdomain

]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w
redhat  "cn=testuser" -e ppolicy
ldap_bind: Success (0) (Password expires in 1808 seconds)<==
dn: uid=testuser,ou=People,dc=example,dc=com

Does the same can be done for dovecot users authenticated by OpenLDAP in
IMAP/POP?


Thanks,

I think the easiest solution it to send a mail to the user that the 
password will expire. A cron job and a shell script should do the work.

I don't know any mechanism to send this kind of message via POP.

Saludos, Juan.

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread Tom Talpey 

Kawada-san, have you seen this page?

http://wiki2.dovecot.org/PostLoginScripting

You will need to write some shell code to determine the expiration, but
it has examples of similar actions, including sending an ALERT.

On 6/8/2016 4:58 AM, mkaw...@redhat.com wrote:

Alec-san,

Eexcuse me for my misconception.

Anyway, appreciate your comment.

Thanks,
Masaharu Kawada


On 2016年06月08日 17:51, A.L.E.C wrote:

On 06/08/2016 10:39 AM, mkaw...@redhat.com wrote:

To make it happen, no need to add any other configurations on LDAP end
once possword policy is correctly set?

You've got me wrong. I just responded to Aki's question. ALERT feature
could be used to send the message to the client, but there's no code to
handle such LDAP password policies/notices yet.

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread mkawada 

Alec-san,

Eexcuse me for my misconception.

Anyway, appreciate your comment.

Thanks,
Masaharu Kawada


On 2016年06月08日 17:51, A.L.E.C wrote:

On 06/08/2016 10:39 AM, mkaw...@redhat.com wrote:

To make it happen, no need to add any other configurations on LDAP end
once possword policy is correctly set?

You've got me wrong. I just responded to Aki's question. ALERT feature
could be used to send the message to the client, but there's no code to
handle such LDAP password policies/notices yet.




--
Masaharu Kawada
Technical Support Engineer
Red Hat K K
Ebisu Neonato 8F
1-18 Ebisu 4-chome, Shibuya-ku
Tokyo 150-0013, Japan
Direct: +81-3-5798-8347

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread A.L.E.C 
On 06/08/2016 10:39 AM, mkaw...@redhat.com wrote:
> To make it happen, no need to add any other configurations on LDAP end
> once possword policy is correctly set?

You've got me wrong. I just responded to Aki's question. ALERT feature
could be used to send the message to the client, but there's no code to
handle such LDAP password policies/notices yet.

-- 
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer[http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread mkawada 

Alec-san,

Thanks for your comment.

Please lemme make sure one more thing.

>IMAP has ALERT response which is supported by some clients.

To make it happen, no need to add any other configurations on LDAP end 
once possword policy is correctly set?


Thanks,
Masaharu Kawada

On 2016年06月08日 17:27, A.L.E.C wrote:

On 06/08/2016 10:05 AM, mkaw...@redhat.com wrote:

Whatever ways will do.  For instance, in a thunderbird mail client, a
pop-up message or notification email telling client that the password
will be expired in XX days, something like this, would be nice.

IMAP has ALERT response which is supported by some clients. I think
Thunderbird supports that. I don't think POP has such a feature, but I
wouldn't care about POP.




--
Masaharu Kawada

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread A.L.E.C 
On 06/08/2016 10:05 AM, mkaw...@redhat.com wrote:
> Whatever ways will do.  For instance, in a thunderbird mail client, a
> pop-up message or notification email telling client that the password
> will be expired in XX days, something like this, would be nice.

IMAP has ALERT response which is supported by some clients. I think
Thunderbird supports that. I don't think POP has such a feature, but I
wouldn't care about POP.

-- 
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer[http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread mkawada 

Aki-san,

Thanks for your feedback.

Whatever ways will do.  For instance, in a thunderbird mail client, a 
pop-up message or notification email telling client that the password 
will be expired in XX days, something like this, would be nice.


Thanks,
Masaharu Kawada

On 2016年06月08日 15:49, Aki Tuomi wrote:


On 08.06.2016 09:37, mkaw...@redhat.com wrote:

Dear list,

Is it possible to give a notification about password exprire warning
to users authenticated by OpenLDAP when the users login via dovecot
using IMAP or POP? For example, when you ssh to a server and/or run
ldapsearch, you can be warned with password expire warning like below:

# ssh testuser@localhost
testuser@localhost's password:
Your password will expire in 31 minute(s).<==
Last login: Wed Jun  8 12:22:08 2016 from localhost.localdomain

]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w
redhat  "cn=testuser" -e ppolicy
ldap_bind: Success (0) (Password expires in 1808 seconds)<==
dn: uid=testuser,ou=People,dc=example,dc=com

Does the same can be done for dovecot users authenticated by OpenLDAP
in IMAP/POP?


Thanks,


How would this warning get shown to people?

Aki



--
Masaharu Kawada

Re: password expire warning for dovecot users in IMAP/POP login

2016-06-08 Thread Aki Tuomi 


On 08.06.2016 09:37, mkaw...@redhat.com wrote:
> Dear list,
>
> Is it possible to give a notification about password exprire warning
> to users authenticated by OpenLDAP when the users login via dovecot
> using IMAP or POP? For example, when you ssh to a server and/or run
> ldapsearch, you can be warned with password expire warning like below:
>
> # ssh testuser@localhost
> testuser@localhost's password:
> Your password will expire in 31 minute(s).<==
> Last login: Wed Jun  8 12:22:08 2016 from localhost.localdomain
>
> ]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w
> redhat  "cn=testuser" -e ppolicy
> ldap_bind: Success (0) (Password expires in 1808 seconds)<==
> dn: uid=testuser,ou=People,dc=example,dc=com
>
> Does the same can be done for dovecot users authenticated by OpenLDAP
> in IMAP/POP?
>
>
> Thanks,
>
How would this warning get shown to people?

Aki