FreeIPA password expriation and locked user notifier
Project description
FreeIPA Notification
Notify IPA Users for password expiration and locked users to admin
Required packages:
- krb5-devel
- Create a new role for notifier
ipa role-add --desc "Notification agent role" "Notification Agent"
- Add privileges to the role
ipa role-add-privilege "Notification Agent" --privileges="User Administrators" ipa role-add-privilege "Notification Agent" --privileges="Group Administrators" ipa role-add-privilege "Notification Agent" --privileges="Password Policy Readers"
- Create a new service and assign the role to this service
ipa service-add NOTIFY/ipa1.example.com ipa role-add-member "Notification Agent" --services="NOTIFY/ipa1.example.com@EXAMPLE.COM" ipa service-allow-retrieve-keytab "NOTIFY/ipa1.example.com@EXAMPLE.COM" --hosts=ipa1.example.com
- Obtain a keytab with fix permissions
ipa-getkeytab -s ipa1.example.com -p "NOTIFY/ipa1.example.com@EXAMPLE.COM" -k ~/.priv/notify.keytab chmod -R 600 ~/.priv
- Run the command in
noopmode for a successful user listing - Create a script with proper permissions under
/usr/local/sbin/ - Add a crontab entry. For example
0 0 * * * root ipa_notify.sh > /var/log/ipa_notify.log
Parameters:
$ ipa-notify --help
usage: ipa_notify.py [-h] [--server SERVER] [--verify-ssl] [--no-verify-ssl] [--principal PRINCIPAL] [--keytab KEYTAB] [--groups GROUPS [GROUPS ...]] [--limit LIMIT] [--smtp-host SMTP_HOST] [--smtp-port SMTP_PORT]
[--smtp-user SMTP_USER] [--smtp-pass SMTP_PASS] [--smtp-from SMTP_FROM] [--admin ADMIN] [--noop NOOP] [--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}]
IPA Notifier
optional arguments:
-h, --help show this help message and exit
--server SERVER ipa server fqdn
--verify-ssl verify ipa connection SSL cert (default)
--no-verify-ssl do not verify ipa connection SSL cert
--principal PRINCIPAL
user principal for kerberos authentication
--keytab KEYTAB keytab path
--groups GROUPS [GROUPS ...]
list of user groups to check
--limit LIMIT number of days before notifying a user
--smtp-host SMTP_HOST
smtp host for sending email
--smtp-port SMTP_PORT
smtp port for sending email
--smtp-user SMTP_USER
smtp user login
--smtp-pass SMTP_PASS
smtp user password
--smtp-from SMTP_FROM
smtp from email address
--admin ADMIN admin user email to notify about locked users
--noop NOOP no operation mode. Do not send emails
--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}
log level
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ipa-notify-0.2.1.tar.gz
(5.6 kB
view details)
Built Distribution
File details
Details for the file ipa-notify-0.2.1.tar.gz.
File metadata
- Download URL: ipa-notify-0.2.1.tar.gz
- Upload date:
- Size: 5.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7341ad6ec133c9730733b2ae1066e269837994e668afe79480eb097229e226f5 |
|
| MD5 | 0d982a97401dda3e17aace404f732c26 |
|
| BLAKE2b-256 | 8b596e0f9679bcd40bf7ca3ab9dd166b2f4f0cd644e7c47259c963f7c1357677 |
File details
Details for the file ipa_notify-0.2.1-py3-none-any.whl.
File metadata
- Download URL: ipa_notify-0.2.1-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c73a212ca87f9a9bbe148a47460ad5ecb03517099810e3710ece82db2d221e25 |
|
| MD5 | 4345ef9c8ccc640b5a6a0380ec371c21 |
|
| BLAKE2b-256 | 5eefd2405400567753dff12ee586f901e2bfc4c07840944641dff5176c1eaf6e |
