FreeIPA password expriation and locked user notifier
Project description
FreeIPA Notification
Notify IPA Users for password expiration and locked users to admin
Required packages:
- krb5-devel
- Create a new role for notifier
ipa role-add --desc "Notification agent role" "Notification Agent"
- Add privileges to the role
ipa role-add-privilege "Notification Agent" --privileges="User Administrators" ipa role-add-privilege "Notification Agent" --privileges="Group Administrators" ipa role-add-privilege "Notification Agent" --privileges="Password Policy Readers"
- Create a new service and assign the role to this service
ipa service-add NOTIFY/ipa1.example.com ipa role-add-member "Notification Agent" --services="NOTIFY/ipa1.example.com@EXAMPLE.COM" ipa service-allow-retrieve-keytab "NOTIFY/ipa1.example.com@EXAMPLE.COM" --hosts=ipa1.example.com
- Obtain a keytab with fix permissions
ipa-getkeytab -s ipa1.example.com -p "NOTIFY/ipa1.example.com@EXAMPLE.COM" -k ~/.priv/notify.keytab chmod -R 600 ~/.priv
- Run the command in
noopmode for a successful user listing - Create a script with proper permissions under
/usr/local/sbin/ - Add a crontab entry. For example
0 0 * * * root ipa_notify.sh > /var/log/ipa_notify.log
Parameters:
$ ipa-notify --help
usage: ipa_notify.py [-h] [--server SERVER] [--verify-ssl] [--no-verify-ssl] [--principal PRINCIPAL] [--keytab KEYTAB] [--groups GROUPS [GROUPS ...]] [--limit LIMIT] [--smtp-host SMTP_HOST] [--smtp-port SMTP_PORT]
[--smtp-user SMTP_USER] [--smtp-pass SMTP_PASS] [--smtp-from SMTP_FROM] [--admin ADMIN] [--noop NOOP] [--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}]
IPA Notifier
optional arguments:
-h, --help show this help message and exit
--server SERVER ipa server fqdn
--verify-ssl verify ipa connection SSL cert (default)
--no-verify-ssl do not verify ipa connection SSL cert
--principal PRINCIPAL
user principal for kerberos authentication
--keytab KEYTAB keytab path
--groups GROUPS [GROUPS ...]
list of user groups to check
--limit LIMIT number of days before notifying a user
--smtp-host SMTP_HOST
smtp host for sending email
--smtp-port SMTP_PORT
smtp port for sending email
--smtp-user SMTP_USER
smtp user login
--smtp-pass SMTP_PASS
smtp user password
--smtp-from SMTP_FROM
smtp from email address
--admin ADMIN admin user email to notify about locked users
--noop NOOP no operation mode. Do not send emails
--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}
log level
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ipa-notify-0.2.0.tar.gz
(5.3 kB
view details)
Built Distribution
File details
Details for the file ipa-notify-0.2.0.tar.gz.
File metadata
- Download URL: ipa-notify-0.2.0.tar.gz
- Upload date:
- Size: 5.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.6.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e4858062a779c33b1a14ef40984f66b22654e792620d498f667b2bdb8ccfa44f |
|
| MD5 | 069e16bce956727e879abc5a9b2bce95 |
|
| BLAKE2b-256 | 040d12e272857a3726cce97be036b67b81ed96c4734f98f50a537bc2ffff85a3 |
File details
Details for the file ipa_notify-0.2.0-py3-none-any.whl.
File metadata
- Download URL: ipa_notify-0.2.0-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.6.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 334c9634fe09809ec97a6c095c1cd47b0e3ab7d791eff72324787aff8be4b00e |
|
| MD5 | fff97b68b4e9e4ab741424bfe22ec3e5 |
|
| BLAKE2b-256 | a70b9638423a4c15d6d1f7d50217f15b0b1d59d8e03f206c7366569af9b0324c |
