1) Configure Email relay for the host, it would require you to have an SMTP server IP and put that in sendmail or pistfix (MTA) config
2) Test Emails
3) Use below script for rest of the task:
---------------------------------
#!/bin/bash
#written by - Ram Nath (ram@mydomain.com)
# notifies people a set number of days before expiry, once via email
# notifies people a set number of days before expiry, once via email
# open a kerberos ticket using keytab authentication
# the following keytab file was made using ktutil with rc4-hmac
/usr/bin/kinit admin@INFRA.MYDOMAN -k -t /test/bin/admin.keytab
# how many days before expiry? at which point a single email should be sent out
cd /tmp
THENUMBEROFDAYS=30
#queries the ldap server for whatever group you want, or search parameters you want to use
# grepping memberUid for the group you want and piping to awk results in a list of users
USERLIST=$(ldapsearch -x -b cn=users,cn=accounts,dc=infra,dc=MYDOMAIN | grep "uid:" | awk '{print $2}')
# start the main loop
for USER in $USERLIST;
do
# gets todays date in the same format as ipa
TODAYSDATE=$(date +"%Y%m%d")
echo "Checking Expiry For $USER"
# gets date, removes time uses cut to get only first 8 characters of date
EXPIRYDATE=$(ipa user-show $USER --all | grep krbpasswordexpiration | awk '{print $2}' | cut -c 1-8)
# using date command to convert to a proper date format for the subtraction of days left
CALCEXPIRY=$(date -d "$EXPIRYDATE" +%j)
CALCTODAY=$(date -d "$TODAYSDATE" +%j)
DAYSLEFT=$(expr $CALCEXPIRY - $CALCTODAY)
echo "$USER has $DAYSLEFT left"
# send out an email if it matches the specified number of days left
if [ $DAYSLEFT -le $THENUMBEROFDAYS ];
then
# create the email content
echo "Hi There," >> $USER.temp
echo " " >> $USER.temp
echo "Password for Cloud User $USER is going to expire in $DAYSLEFT days." >> $USER.temp
echo "Kindly ask user to reset it." >> $USER.temp
echo " " >> $USER.temp
echo "Regards," >> $USER.temp
echo "IPA Admin" >> $USER.temp
# send the email out
mailx -r PasswordAlerts@ipaserver.infra.mydomain -s "IPA user $USER's password expires in $DAYSLEFT days!" ram@mydomain.com < $USER.temp
# delete content file
rm -rf $USER.temp
fi
done
2) Test Emails
3) Use below script for rest of the task:
---------------------------------
#!/bin/bash
#written by - Ram Nath (ram@mydomain.com)
# notifies people a set number of days before expiry, once via email
# notifies people a set number of days before expiry, once via email
# open a kerberos ticket using keytab authentication
# the following keytab file was made using ktutil with rc4-hmac
/usr/bin/kinit admin@INFRA.MYDOMAN -k -t /test/bin/admin.keytab
# how many days before expiry? at which point a single email should be sent out
cd /tmp
THENUMBEROFDAYS=30
#queries the ldap server for whatever group you want, or search parameters you want to use
# grepping memberUid for the group you want and piping to awk results in a list of users
USERLIST=$(ldapsearch -x -b cn=users,cn=accounts,dc=infra,dc=MYDOMAIN | grep "uid:" | awk '{print $2}')
# start the main loop
for USER in $USERLIST;
do
# gets todays date in the same format as ipa
TODAYSDATE=$(date +"%Y%m%d")
echo "Checking Expiry For $USER"
# gets date, removes time uses cut to get only first 8 characters of date
EXPIRYDATE=$(ipa user-show $USER --all | grep krbpasswordexpiration | awk '{print $2}' | cut -c 1-8)
# using date command to convert to a proper date format for the subtraction of days left
CALCEXPIRY=$(date -d "$EXPIRYDATE" +%j)
CALCTODAY=$(date -d "$TODAYSDATE" +%j)
DAYSLEFT=$(expr $CALCEXPIRY - $CALCTODAY)
echo "$USER has $DAYSLEFT left"
# send out an email if it matches the specified number of days left
if [ $DAYSLEFT -le $THENUMBEROFDAYS ];
then
# create the email content
echo "Hi There," >> $USER.temp
echo " " >> $USER.temp
echo "Password for Cloud User $USER is going to expire in $DAYSLEFT days." >> $USER.temp
echo "Kindly ask user to reset it." >> $USER.temp
echo " " >> $USER.temp
echo "Regards," >> $USER.temp
echo "IPA Admin" >> $USER.temp
# send the email out
mailx -r PasswordAlerts@ipaserver.infra.mydomain -s "IPA user $USER's password expires in $DAYSLEFT days!" ram@mydomain.com < $USER.temp
# delete content file
rm -rf $USER.temp
fi
done
No comments:
Post a Comment