Hello Anthony,
I don't know if there is an official tool for that, but since I once
wrote a similar script, you might be happy with that. It requires that
your Python 3 installation has got the IPA libraries installed and you
have got a valid Kerberos ticket. I have tested it only on Fedora so far.
I hope it's useful for you and you can modify it to your needs.
Regards,
Julian
On 09/03/2019 05.03, freeipa-users-requ...@lists.fedorahosted.org wrote:
Date: Fri, 8 Mar 2019 11:50:55 -0500
From: Anthony Jarvis-Clark
Subject: [Freeipa-users] list all users and their password expiration
date?
To: FreeIPA users list
Message-ID:
Content-Type: multipart/alternative;
boundary="6d0281058398074b"
--6d0281058398074b
Content-Type: text/plain; charset="UTF-8"
Hello Everyone,
Is there a command line method to get a list of users and their password
expiration date?
Thanks!
-Anthony
--6d0281058398074b
Content-Type: text/html; charset="UTF-8"
Hello Everyone,Is there a command line method to get a list of users and their password expiration
date?Thanks!-Anthony
--6d0281058398074b--
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Export the IPA users in the YAML format.
You need to have a valid Kerberos ticket (e. g. `kinit -f ad...@example.com`)
:Authors: Julian Gethmann
:Contact: free...@gethmann.org
"""
from ipalib import api, cli
import datetime
# https://www.redhat.com/archives/freeipa-users/2012-June/msg00334.html +
# https://www.redhat.com/archives/freeipa-devel/2015-June/msg00478.html +
# https://www.redhat.com/archives/freeipa-users/2016-May/msg00141.html
# use the API overview in the web based backend and use `bash $ ipa console`
#
# mailing list:
# $ ipa console
# (Custom IPA interactive Python console)
# >>> len(api.Command.user_find()['result'][0])
# 11
# >>> len(api.Command.user_find(all=True)['result'][0])
#
def bootstrap():
"""
Bootstrap the script.
I hope that all of this stuff is re-entrant.
Also, api is defined in __init__.py.
"""
api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.rpcclient.connect()
def main():
bootstrap()
api.Command.user_show(u'admin')
users = api.Command.user_find()['result']
print('\n'.join((
''' - firstname: {fname}
name: {name}
uid: {uid}
state: {state}
expiration: {expire}
'''.format(
name=user['uid'][0],
fname=user.get('givenname', '-')[0],
uid=user['uidnumber'][0],
# This is the line you are interested in
expire=api.Command.user_show(user['uid'][0], all=True)["result"].get("krbpasswordexpiration",
(datetime.datetime(1970, 1, 1),))[0],
state={False: 'enabled', True: 'disabled'}[user['nsaccountlock']]
) for user in users))
)
if __name__ == "__main__":
import sys
if len(sys.argv) > 1:
print(__doc__)
sys.exit(0)
main()
# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org