Anonymous_User Absent Member.
Absent Member.
596 views

password expiration reminder


I'd like to notify users to change passwords a few days before the
password actually expires. Is it possible to do this?


--
patrickb
------------------------------------------------------------------------
patrickb's Profile: https://forums.netiq.com/member.php?userid=371
View this thread: https://forums.netiq.com/showthread.php?t=2513

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder

On 22/08/2012 21:54, patrickb wrote:

> I'd like to notify users to change passwords a few days before the
> password actually expires. Is it possible to do this?


Yes, there are a couple of Cool Tools that can do this plus I see to
recall there's a solution that utilised IDM (if you have that).

Anyway the two tools I found are

* http://www.novell.com/coolsolutions/tools/14772.html
* http://www.novell.com/coolsolutions/tools/15268.html

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder

link1 - Password Expiration Email Notification

Never managed to behave it correctly, waiting for author to check & come
back to me

link2 - Password-Expiration and Grace-Remaining Email Notify (PERL Script)

Tried also, does nothing useful (yes, adjusted .pl file with details, runs
OK, exits and... nothing)

Seb

"Simon Flood" <smflood@no-mx.forums.netiq.com> wrote in message
news:oVmZr.4184$If2.1013@kovat.provo.novell.com...
> On 22/08/2012 21:54, patrickb wrote:
>
>> I'd like to notify users to change passwords a few days before the
>> password actually expires. Is it possible to do this?

>
> Yes, there are a couple of Cool Tools that can do this plus I see to
> recall there's a solution that utilised IDM (if you have that).
>
> Anyway the two tools I found are
>
> * http://www.novell.com/coolsolutions/tools/14772.html
> * http://www.novell.com/coolsolutions/tools/15268.html
>
> HTH.
> --
> Simon
> Novell/SUSE/NetIQ Knowledge Partner
>
> ------------------------------------------------------------------------
> Do you work with Novell technologies at a university, college or school?
> If so, your campus could benefit from joining the Novell Technology
> Transfer Partner (TTP) program. See novell.com/ttp for more details.
> ------------------------------------------------------------------------



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder


http://www.dreamlan.com/gadgets.html#pwdStatus is one option.


--
peterkuo
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=2513

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder

Am 22.08.2012 22:54, schrieb patrickb:
>
> I'd like to notify users to change passwords a few days before the
> password actually expires. Is it possible to do this?
>
>


I do so with an simple script, triggered by cron.

First set expiration *times* at 03:00h am to prevent expirations in the
middle of the day (otherwise e.g. user can't login via ssl after they
came back from lunch)

Second calculate the days left, if this is equal 22 (duration of
standard holidays plus 1 day) then

Third notify user via email (mailx) and send me a copy.

Tom






0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder


bwisupport;10927 Wrote:
> Am 22.08.2012 22:54, schrieb patrickb:
> >
> > I'd like to notify users to change passwords a few days before the
> > password actually expires. Is it possible to do this?
> >
> >

>
> I do so with an simple script, triggered by cron.
>
> First set expiration *times* at 03:00h am to prevent expirations in
> the
> middle of the day (otherwise e.g. user can't login via ssl after they
> came back from lunch)
>
> Second calculate the days left, if this is equal 22 (duration of
> standard holidays plus 1 day) then
>
> Third notify user via email (mailx) and send me a copy.
>
> Tom


Care to share the script?

Thanks

Seb


--
spgsitsupport
------------------------------------------------------------------------
spgsitsupport's Profile: https://forums.netiq.com/member.php?userid=1171
View this thread: https://forums.netiq.com/showthread.php?t=2513

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: password expiration reminder

Sorry, been out for a while...

Please note that the one-liners are broken here. Add '\' at the end or
insert it again as one-liners.
Please also note that I localized this script (comments in english) and
maybe there are errors during cut'n'paste.
The scripts works fine for me, I you have trouble using it, maybe I can
help...

#!/bin/bash
#
# This script searches for password expirations
#
# 1. calculates the remaining time and sends if there remain ecaxt
# 22 days an email to the user
#
# 2. changes just the expiration *time* so that at first login in the #
morning the passwords are expired (and won't expire during the day
# when users are logged in
#
# Declare variables

JEZ=$(date +%s)
TIMEX=passwordExpirationTime
SRV=%yourserver_here%
STP1=/root/scripts/email_ablauf
STP2=/root/scripts/email_ablauf.rdy
STP3=/root/scripts/pw_ablauf
STP4=/root/scripts/pw_ablauf_rdy
STP5=/root/scripts/pw_ablauf_rdy.ldif
MAILTXT=/root/scripts/expirationTimes.txt

# 1. Who has expiration date? Pipe to /root/scripts/email_ablauf
ldapsearch -x -h $SRV
'(&(objectClass=user)(passwordExpirationTime=*)(mail=*))' mail $TIMEX\
>$STP1


# 2. clear /root/scripts/email_ablauf
# pipe to /root/scripts/email_ablauf.rdy
awk '!/^#/' $STP1 >$STP2
sed -i 's/search: .*//g' $STP2
sed -i 's/result: .*//g' $STP2

# 3. Calculate remaining time, replace 'passwordExpirationTime' with the
result (in /root/scrips/email_ablauf.rdy)
for i in `grep pass $STP2 |tail -n +1|cut -d ':' -f2|cut -b '1-9'`
do
ZUKX=$(date --date=$i +%s )
REST=$(echo $((($ZUKX - $JEZ)/3600/24)))
sed "0,/passwordExpirationTime: .*$/s//$REST/" -i $STP2
EMAIL=$(grep -w -A1 22 /root/scripts/email_ablauf.rdy|cut -d ':' -f2 -s)
sed -i 's/22/twentytwo-days-message-send/g' $STP2
if [ -n "$EMAIL" ]; then
echo "The User" $EMAIL "get's a message"
cat $MAILTXT | mailx -s "Your password will expire." $EMAIL
fi
done

# 4. Change time and pipe to/root/scripts/pw_ablauf, eg.
# dn: cn=rzelsmann,ou=Leipzig,o=BWI-AS
# passwordExpirationTime: 20120821010000Z
# (where '010000Z' is 01:00h)
#
ldapsearch -x -h $SRV -p 389 -x objectClass=user $TIMEX\
|grep -B 1 $TIMEX\
|awk '{sub (/[0-9][0-9][0-9][0-9][0-9][0-9]Z$/,"010000Z")};1'\
>$STP3


# 5. Remove delimiter '--', pipe to/root/scripts/pw_ablauf_rdy
awk '{sub (/--/,"")};1' $STP3\
>$STP4


# 6. create LDIF, pipe to /root/scripts/pw_ablauf_rdy.ldif
gawk '{ print gensub (/(dn: .*$)/,"\\1 \nchangetype: modify\nreplace:
passwordExpirationTime", "1");1}' $STP4\
>$STP5


# 7. LDIF import, create logfiles /root/scripts/[pw_ablauf_rdy.ldif.err
+ pw_ablauf_rdy.ldif.log]

ice -o -l $STP5.log -e $STP5.err -S LDIF -f $STP5 -D LDAP -v -s $SRV -d
cn=admin,o=%your_context% -w %your_credentials_here%
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.