FreeIPA password expriation and locked user notifier
Project description
FreeIPA Notification
Notify IPA Users for password expiration and locked users to admin
Required packages:
- krb5-devel
- Create a new role for notifier
ipa role-add --desc "Notification agent role" "Notification Agent"
- Add privileges to the role
ipa role-add-privilege "Notification Agent" --privileges="User Administrators" ipa role-add-privilege "Notification Agent" --privileges="Group Administrators" ipa role-add-privilege "Notification Agent" --privileges="Password Policy Readers"
- Create a new service and assign the role to this service
ipa service-add NOTIFY/ipa1.example.com ipa role-add-member "Notification Agent" --services="NOTIFY/ipa1.example.com@EXAMPLE.COM" ipa service-allow-retrieve-keytab "NOTIFY/ipa1.example.com@EXAMPLE.COM" --hosts=ipa1.example.com
- Obtain a keytab with fix permissions
ipa-getkeytab -s ipa1.example.com -p "NOTIFY/ipa1.example.com@EXAMPLE.COM" -k ~/.priv/notify.keytab chmod -R 600 ~/.priv
- Run the command in
noopmode for a successful user listing - Create a script with proper permissions under
/usr/local/sbin/ - Add a crontab entry. For example
0 0 * * * root ipa_notify.sh > /var/log/ipa_notify.log
Parameters:
$ ipa-notify --help
usage: ipa_notify.py [-h] [--server SERVER] [--verify-ssl] [--no-verify-ssl] [--principal PRINCIPAL] [--keytab KEYTAB] [--groups GROUPS [GROUPS ...]] [--limit LIMIT] [--smtp-host SMTP_HOST] [--smtp-port SMTP_PORT]
[--smtp-user SMTP_USER] [--smtp-pass SMTP_PASS] [--smtp-from SMTP_FROM] [--admin ADMIN] [--noop NOOP] [--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}]
IPA Notifier
optional arguments:
-h, --help show this help message and exit
--server SERVER ipa server fqdn
--verify-ssl verify ipa connection SSL cert (default)
--no-verify-ssl do not verify ipa connection SSL cert
--principal PRINCIPAL
user principal for kerberos authentication
--keytab KEYTAB keytab path
--groups GROUPS [GROUPS ...]
list of user groups to check
--limit LIMIT number of days before notifying a user
--smtp-host SMTP_HOST
smtp host for sending email
--smtp-port SMTP_PORT
smtp port for sending email
--smtp-user SMTP_USER
smtp user login
--smtp-pass SMTP_PASS
smtp user password
--smtp-from SMTP_FROM
smtp from email address
--admin ADMIN admin user email to notify about locked users
--noop NOOP no operation mode. Do not send emails
--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}
log level
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ipa-notify-0.2.2.tar.gz
(6.0 kB
view details)
Built Distribution
File details
Details for the file ipa-notify-0.2.2.tar.gz.
File metadata
- Download URL: ipa-notify-0.2.2.tar.gz
- Upload date:
- Size: 6.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5968fd1546c1f720f6c88b58b861ac4325f5c784235a0a7a06c2a19c9ee8792f |
|
| MD5 | 4f047a0951b76daafa22ebdd7f3799d2 |
|
| BLAKE2b-256 | b9ad09e2454cb96fe6d995bcb77682e9dc84e7b1d4e13b2a2f64bf526b2b1a07 |
File details
Details for the file ipa_notify-0.2.2-py3-none-any.whl.
File metadata
- Download URL: ipa_notify-0.2.2-py3-none-any.whl
- Upload date:
- Size: 11.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 19e43fd09dadf2122d876aa42e9de1d8e3b0da6ba5cda72f31be807710a99769 |
|
| MD5 | 59efc95f97a63c108fe339308eb32081 |
|
| BLAKE2b-256 | e593fab7a46a6e7d16bd52682dc3441c6722eb2ab73528aa129ac26cf379fe6f |
