FreeIPA password expriation and locked user notifier
Project description
FreeIPA Notification
Notify IPA Users for password expiration and locked users to admin
Required packages:
- krb5-devel
- Create a new role for notifier
ipa role-add --desc "Notification agent role" "Notification Agent"
- Add privileges to the role
ipa role-add-privilege "Notification Agent" --privileges="User Administrators" ipa role-add-privilege "Notification Agent" --privileges="Group Administrators" ipa role-add-privilege "Notification Agent" --privileges="Password Policy Readers"
- Create a new service and assign the role to this service
ipa service-add NOTIFY/ipa1.example.com ipa role-add-member "Notification Agent" --services="NOTIFY/ipa1.example.com@EXAMPLE.COM" ipa service-allow-retrieve-keytab "NOTIFY/ipa1.example.com@EXAMPLE.COM" --hosts=ipa1.example.com
- Obtain a keytab with fix permissions
ipa-getkeytab -s ipa1.example.com -p "NOTIFY/ipa1.example.com@EXAMPLE.COM" -k ~/.priv/notify.keytab chmod -R 600 ~/.priv
- Run the command in
noopmode for a successful user listing - Create a script with proper permissions under
/usr/local/sbin/ - Add a crontab entry. For example
0 0 * * * root ipa_notify.sh > /var/log/ipa_notify.log
Parameters:
$ ipa-notify --help
usage: ipa_notify.py [-h] [--server SERVER] [--verify-ssl] [--no-verify-ssl] [--principal PRINCIPAL] [--keytab KEYTAB] [--groups GROUPS [GROUPS ...]] [--limit LIMIT] [--smtp-host SMTP_HOST] [--smtp-port SMTP_PORT]
[--smtp-user SMTP_USER] [--smtp-pass SMTP_PASS] [--smtp-from SMTP_FROM] [--admin ADMIN] [--noop NOOP] [--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}]
IPA Notifier
optional arguments:
-h, --help show this help message and exit
--server SERVER ipa server fqdn
--verify-ssl verify ipa connection SSL cert (default)
--no-verify-ssl do not verify ipa connection SSL cert
--principal PRINCIPAL
user principal for kerberos authentication
--keytab KEYTAB keytab path
--groups GROUPS [GROUPS ...]
list of user groups to check
--limit LIMIT number of days before notifying a user
--smtp-host SMTP_HOST
smtp host for sending email
--smtp-port SMTP_PORT
smtp port for sending email
--smtp-user SMTP_USER
smtp user login
--smtp-pass SMTP_PASS
smtp user password
--smtp-from SMTP_FROM
smtp from email address
--admin ADMIN admin user email to notify about locked users
--noop NOOP no operation mode. Do not send emails
--loglevel {CRITICAL,ERROR,WARNING,INFO,DEBUG,NOTSET}
log level
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ipa-notify-0.2.3.tar.gz
(6.6 kB
view details)
Built Distribution
File details
Details for the file ipa-notify-0.2.3.tar.gz.
File metadata
- Download URL: ipa-notify-0.2.3.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 87460b820d3d78304e47cd05219c5815149780eead2a13c76181470b516d16b3 |
|
| MD5 | 63114531253fc41e06b39820962b6714 |
|
| BLAKE2b-256 | f7bd4d2040105708c667cb21becf9ca726272cf48d22d189d9b6136e32dd3886 |
File details
Details for the file ipa_notify-0.2.3-py3-none-any.whl.
File metadata
- Download URL: ipa_notify-0.2.3-py3-none-any.whl
- Upload date:
- Size: 12.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ad79f7115435db207333b949d7e9908f5ccedc4d27bb9d39d01d43afc319dc96 |
|
| MD5 | 6a6aed993e8d6840a3f4d01f2b5529d0 |
|
| BLAKE2b-256 | 8e7cc0709bf7afeb73c746732e8e3065379b1b5797bb271d3ca5fef86fec5807 |
