In this tutorial, we are going to learn how to configure OpenLDAP password expiry email notification. If you are using identity and authentication clients such as SSSD on your OpenLDAP clients, you might have realized that, everytime you are logging into a system, SSSD displays a number of days before the password expires, that is only if the OpenLDAP password expiration policies have been implemented.<\/p>\n\n\n\n
However, end users are always end users. They will always ignore these notifications. They never like the idea of changing password, :). Therefore, having different means of notifying them and even the system admins themselves about the password expiry is a great idea. This tutorial therefore will provide some basics steps to take to configure OpenLDAP to send out notifications via email to users mailbox informing them about the password expiration.<\/p>\n\n\n\n
In our previous guides, we learnt how to implement OpenLDAP password policies. The link is provided below;<\/p>\n\n\n\n
Implement OpenLDAP Password Policies<\/a><\/p>\n\n\n\n Similarly, we also covered how users can reset their OpenLDAP passwords by themselves using the OpenLDAP self service password tool;<\/p>\n\n\n\n Setup LDAP Self Service Password Tool on CentOS 8<\/a><\/p>\n\n\n\n While scouring Internet, we came across the LDAP Tool Box (LTB)<\/a>, script that has been written to browse the LDAP directory to look for entries that uses password policy. If the user’s password will expire soon, a mail is sent.<\/p>\n\n\n\n The script is tested with OpenLDAP (ppolicy overlay). We provided a link to configuring password policies using the We downloaded the script and modified it to suit our OpenLDAP directory settings. It can sent the email notification to users whose account passwords are in warning state and at the same time, sent the statistics to a specific administrator.<\/strong><\/p>\n\n\n\n Below is the contents of our modified version of the script with comment lines removed.<\/strong><\/p>\n\n\n\n The original version of the script can be found at the LTB Github LDAP scripts repository<\/a>.<\/p>\n\n\n\n As outlined on the LTB page, the script requires;<\/p>\n\n\n\n Also, update the following variables on the script accordingly.<\/p>\n\n\n\n Below is our sample OpenLDAP user entry. Note the following attributes;<\/p>\n\n\n\n To check the script can get us what is expected of it, simply execute it on the LDAP server as follows;<\/p>\n\n\n\n Our script writes output to, From the output above, we can see that;<\/p>\n\n\n\n Since we do not have any mail utility installed, you may get such an output;<\/p>\n\n\n\n In order for your OpenLDAP server to be able to send mails out, you need to have an MTA installed and configured. If you noticed above, the script tried use Note that our LDAP server is running on a CentOS 8 system<\/p>\n\n\n\n Install and Setup OpenLDAP on CentOS 8<\/a><\/p>\n\n\n\n Make the following adjustments;<\/p>\n\n\n\n Save and exit the configuration.<\/p>\n\n\n\n Enter the authentication credentials on the file, Hash the credentials file.<\/p>\n\n\n\n Set the proper permissions on the credentials file,<\/p>\n\n\n\n Start the Postfix configuration.<\/p>\n\n\n\n Check the logs.<\/p>\n\n\n\n If you see this line, all is well;<\/p>\n\n\n\n Once the email relay configuration is done, rerun the script.<\/p>\n\n\n\n Check the administrator inbox, which in this demo is set to, admin@kifarunix-demo.com<\/strong>, and the inbox for the user whose password is in warning state, janedoe@kifarunix-demo.com<\/strong>.<\/p>\n\n\n\n On Admin Mailbox, this is the email from LDAP;<\/p>\n\n\n\n On the User’s inbox (Janedoe and Koromicha in this case);<\/p>\n\n\n\n And there you go. You are now receiving the status of the LDAP accounts password expiry as the administrator. At the same time, users whose passwords are yet to expire are notified via their respective emails as defined on their LDAP entries. We hope that was informative.<\/p>\n\n\n\n To ensure that the script is executed regularly, all you need to do is to create a cron job to execute the script at a specific regular time and have the LDAP accounts passwords status sent to users.<\/p>\n\n\n\n Before you can install a cron job, ensure that the script is executable.<\/p>\n\n\n\n To install a cron job, run the command below;<\/p>\n\n\n\n Enter the line below, to have the script executed every day from Monday-Friday at 0800 hrs.<\/p>\n\n\n\n That marks the end of our guide on how to send OpenLDAP password expiry notifications via email.<\/p>\n\n\n\n Configure Offline Authentication via OpenLDAP on MacOS X<\/a><\/p>\n\n\n\n Install and Setup OpenLDAP Server on Ubuntu 20.04<\/a><\/p>\n\n\n\n Disable Password Expiry for Specific Users on OpenLDAP<\/a><\/p>\n\n\n\nSend OpenLDAP Password Expiry Notifications via Email<\/h2>\n\n\n\n
ppolicy overlay<\/strong><\/code> above.<\/p>\n\n\n\nCheck LDAP Password Expiration Script<\/h3>\n\n\n\n
grep -Ev \"^\\s[#\\;]|^\\s$|^#\" checkLdapPwdExpiration.sh<\/code><\/pre>\n\n\n\nMY_LDAP_HOSTURI=\"ldapi:\/\/\/\"\nMY_LDAP_DEFAULTPWDPOLICYDN=\"cn=default,ou=pwpolicy,dc=ldapmaster,dc=kifarunix-demo,dc=com\"\nMY_LDAP_SEARCHBASE=\"ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\"\nMY_LDAP_SEARCHFILTER=\"(&(uid=*)(objectClass=inetOrgPerson))\"\nMY_LDAP_SEARCHSCOPE=\"one\"\nMY_LDAP_SEARCHBIN=\"\/usr\/bin\/ldapsearch\"\nMY_LDAP_NAME_ATTR=cn\nMY_LDAP_LOGIN_ATTR=uid\nMY_LDAP_MAIL_ATTR=mail\nexport LC_ALL=en_US.UTF-8\nMY_MAIL_BODY=\"Hi %name,\\n\\n \\\n\tYour password will expire in %expireDays days on %expireTimeTZ.\\n\\n \\\n Visit Kifarunix-demo Self Service Password site, https:\/\/ldap-ssp.kifarunix-demo.com to reset your password.\\n\\n \\\n\tAs a reminder, ensure that your password conforms to the company outlined password policies.\\n\\n \\\n\tKifarunix-demo IT team,\\n\n\tRegards.\"\nEX_MAIL_BODY=\"Hi %name,\\n\\n \\\n\tYour password expired on %expireTimeTZ.\\n\\n \\\n Kindly contact Kifarunix-demo IT team to help reset the password.\\n\\n \\\n\tKifarunix-demo IT team,\\n\n\tRegards.\"\nMY_MAIL_SUBJECT=\"LDAP Account Password Expiry Status\"\nMY_MAIL_BIN=\"mail\"\nMY_LOG_HEADER=\"`date +\\\"%b %e,%Y %T\\\"`\"\nMY_GAWK_BIN=\"\/usr\/bin\/gawk\"\ngetTimeInSeconds() {\n\tdate=0\n\tos=`uname -s`\n\tif [ \"$1\" ]; then\n\t\tdate=`${MY_GAWK_BIN} 'BEGIN { \\\n\t\t\tif (ARGC == 2) { \\\n\t\t \tprint mktime(ARGV[1]) \\\n\t\t\t} \\\n\t\t\texit 0 }' \"$1\"`\n\telse\n\t\tif [ \"${os}\" = \"SunOS\" ]; then\n\t\t\tdate=`\/usr\/bin\/truss \/usr\/bin\/date 2>&1 | nawk -F= \\\n\t\t\t\t'\/^time\\(\\)\/ {gsub(\/ \/,\"\",$2);print $2}'`\n\t\telse\n\t\t\tnow=`date +\"%Y %m %d %H %M %S\" -u`\n\t\t\tdate=`getTimeInSeconds \"$now\"`\n\t\tfi\n\tfi\n\techo ${date}\n}\ntmp_dir=\"\/tmp\/$$.checkldap.tmp\"\nresult_file=\"${tmp_dir}\/res.tmp.1\"\nbuffer_file=\"${tmp_dir}\/buf.tmp.1\"\ntmp_dir_stats=\"\/tmp\/ldap-password-stats\"\nldap_param=\"-Y EXTERNAL -H ${MY_LDAP_HOSTURI} -LLL -Q\"\nnb_users=0\nnb_expired_users=0\nnb_warning_users=0\nif [ -d ${tmp_dir} ]; then\n\techo \"Error : temporary directory exists (${tmp_dir})\"\n\texit 1\nfi\nmkdir ${tmp_dir}\nif [ ${MY_LDAP_ROOTDN} ]; then\n\tldap_param=\"${ldap_param} -D ${MY_LDAP_ROOTDN} -w ${MY_LDAP_ROOTPW}\"\nfi\n${MY_LDAP_SEARCHBIN} ${ldap_param} -s ${MY_LDAP_SEARCHSCOPE} \\\n\t-b \"${MY_LDAP_SEARCHBASE}\" \"${MY_LDAP_SEARCHFILTER}\" \\\n\t\"dn\" > ${result_file}\nwhile read dnStr\ndo\n\tif [ ! \"${dnStr}\" ]; then\n\t\tcontinue\n\tfi\n\tdn=`echo ${dnStr} | cut -d : -f 2`\n\tnb_users=`expr ${nb_users} + 1`\n\t${MY_LDAP_SEARCHBIN} ${ldap_param} -s base -b \"${dn}\" \\\n\t\t${MY_LDAP_NAME_ATTR} ${MY_LDAP_LOGIN_ATTR} ${MY_LDAP_MAIL_ATTR} pwdChangedTime pwdPolicySubentry \\\n\t\t> ${buffer_file}\n\tlogin=`grep -w \"${MY_LDAP_LOGIN_ATTR}:\" ${buffer_file} | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tname=`grep -w \"${MY_LDAP_NAME_ATTR}:\" ${buffer_file} | cut -d : -f 2\\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tmail=`grep -w \"${MY_LDAP_MAIL_ATTR}:\" ${buffer_file} | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tpwdChangedTime=`grep -w \"pwdChangedTime:\" ${buffer_file} \\\n\t\t| cut -d : -f 2 | cut -c 1-15 | sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tpwdPolicySubentry=`grep -w \"pwdPolicySubentry:\" ${buffer_file} \\\n\t\t| cut -d : -f 2 | sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tif [ ! \"${pwdChangedTime}\" ]; then\n\t\techo \"No password change date for ${login} (${mail})\" >> ${tmp_dir_stats}\n\t\tcontinue\n\tfi\n\tif [ ! \"${pwdPolicySubentry}\" -a ! \"${MY_LDAP_DEFAULTPWDPOLICYDN}\" ]; then\n\t\techo \"No password policy for ${login} (${mail})\" >> ${tmp_dir_stats}\n\t\tcontinue\n\tfi\n\tldap_search=\"${MY_LDAP_SEARCHBIN} ${ldap_param} -s base\"\n\tif [ \"${pwdPolicySubentry}\" ]; then\n\t\tldap_search=\"${ldap_search} -b ${pwdPolicySubentry}\"\n\telse\n\t\tldap_search=\"${ldap_search} -b ${MY_LDAP_DEFAULTPWDPOLICYDN}\"\n\tfi\n\tldap_search=\"$ldap_search pwdMaxAge pwdExpireWarning pwdMinLength pwdInHistory\"\n\tpwdMaxAge=`${ldap_search} | grep -w \"pwdMaxAge:\" | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tpwdExpireWarning=`${ldap_search} | grep -w \"pwdExpireWarning:\" | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tpwdMinLength=`${ldap_search} | grep -w \"pwdMinLength:\" | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n\tpwdInHistory=`${ldap_search} | grep -w \"pwdInHistory:\" | cut -d : -f 2 \\\n\t\t| sed \"s\/^ *\/\/;s\/ *$\/\/\"`\n if [ ! \"${pwdMaxAge}\" ]; then\n echo \"No password expiration configured for ${login} (${mail})\" >> ${tmp_dir_stats}\n continue\n fi\n\tMY_MAIL_DELAY=${MY_MAIL_DELAY:=$pwdExpireWarning}\n\tif [ \"${pwdChangedTime}\" ]; then\n\t\ts=`echo ${pwdChangedTime} | cut -c 13-14`\n\t\tm=`echo ${pwdChangedTime} | cut -c 11-12`\n\t\th=`echo ${pwdChangedTime} | cut -c 9-10`\n\t\td=`echo ${pwdChangedTime} | cut -c 7-8`\n\t\tM=`echo ${pwdChangedTime} | cut -c 5-6`\n\t\ty=`echo ${pwdChangedTime} | cut -c 1-4`\n\t\tcurrentTime=`getTimeInSeconds`\n\t\tpwdChangedTime=`getTimeInSeconds \"$y $M $d $h $m $s\"`\n\t\tdiffTime=`expr ${currentTime} - ${pwdChangedTime}`\n\tfi\n\texpireTime=`expr ${pwdChangedTime} + ${pwdMaxAge}`\n\tif [ ${currentTime} -gt ${expireTime} ]; then\n\t\tnb_expired_users=`expr ${nb_expired_users} + 1`\n\t\texpireTime=`date -d @$expireTime \"+%A %d, %B %Y at %T\"`\n\t logmsg=\"${EX_MAIL_BODY}\"\n\t\tlogmsg=`echo -e ${logmsg} | sed \"s\/%name\/${name}\/; \\\n\t\t\ts\/%login\/${login}\/; s\/%expireTimeTZ\/${expireTime}\/; s\/%pwdMinLength\/${pwdMinLength}\/; s\/%pwdInHistory\/${pwdInHistory}\/; \\\n\t\t\ts\/%expireDays\/${expireDays}\/\"`\n\t\techo \"${logmsg}\" | ${MY_MAIL_BIN} -s \"${MY_MAIL_SUBJECT}\" ${mail} >&2\n\t\techo \"Password expired for ${login} on ${expireTime}. Mail sent to ${mail}\" >> ${tmp_dir_stats}\n\t\tcontinue\n\tfi\n\texpireTimeTZ=`date -d @$expireTime \"+%A %d, %B %Y at %T\"`\n\texpireTimeMail=`date -d @$expireTime \"+%s\"`\n\tnow=`date +%s`\n\texpireDays=`echo $(( (${expireTimeMail} - ${now} )\/(60*60*24) ))`\n\tif [ \"${mail}\" -a \"${name}\" \\\n\t\t-a \"${login}\" -a \"${diffTime}\" -a \"${pwdMaxAge}\" ]\n\tthen\n\t\tdiffTime=`expr ${diffTime} + ${MY_MAIL_DELAY}`\n\t\tif [ ${diffTime} -gt ${pwdMaxAge} ]; then\n\t\t\tlogmsg=\"${MY_MAIL_BODY}\"\n\t\t\tlogmsg=`echo -e ${logmsg} | sed \"s\/%name\/${name}\/; \\\n\t\t\t\ts\/%login\/${login}\/; s\/%expireTimeTZ\/${expireTimeTZ}\/; s\/%pwdMinLength\/${pwdMinLength}\/; s\/%pwdInHistory\/${pwdInHistory}\/; \\\n\t\t\t\ts\/%expireDays\/${expireDays}\/\"`\n\t\t\techo \"${logmsg}\" | ${MY_MAIL_BIN} -s \"${MY_MAIL_SUBJECT}\" ${mail} >&2\n\t\t\techo \"Password warning for ${login} (expiry date, ${expireTimeTZ}). Mail sent to ${mail}\" >> ${tmp_dir_stats}\n\t\t\tnb_warning_users=`expr ${nb_warning_users} + 1`\n\t\tfi\n\tfi\ndone < ${result_file}\nsed -i \"1iHello Admin,\\nFind the LDAP users account password expiry status as at ${MY_LOG_HEADER}.\\n\" ${tmp_dir_stats}\necho \"Total User Accounts checked: ${nb_users}\" >> ${tmp_dir_stats}\necho \"Accounts with Expired Passwords: ${nb_expired_users}\" >> ${tmp_dir_stats}\necho \"Accounts with Passwords in Warning state: ${nb_warning_users}\" >> ${tmp_dir_stats}\nsed -i -e '\/^Total.*\/i\\\\ ' -e '\/^Total.*\/i ===== Statistics =====' ${tmp_dir_stats}\nmail -s \"LDAP Password Expiration Status\" kifaunix@gmail.com < ${tmp_dir_stats}\nrm -rf ${tmp_dir}\nrm -rf ${tmp_dir_stats}\nexit 0\n<\/code><\/pre>\n\n\n\nThe Script Requirements<\/h4>\n\n\n\n
\n
which gawk<\/code>)<\/li>\n\n\n\nwhich ldapsearch<\/code>)<\/li>\n\n\n\nwhich mailx<\/code>)<\/li>\n\n\n\nwhich date<\/code>)<\/li>\n<\/ul>\n\n\n\nwhich<\/strong><\/code> utility enables you to check if the command is installed and the full path to its location.<\/p>\n\n\n\nThe Script Variables<\/h4>\n\n\n\n
\n
MY_LDAP_HOSTURI<\/code>: LDAP URI<\/li>\n\n\n\nMY_LDAP_ROOTDN<\/code> (optional): DN to use to bind. No DN means anonymous<\/li>\n\n\n\nMY_LDAP_ROOTPW<\/code>: Password<\/li>\n\n\n\nMY_LDAP_DEFAULTPWDPOLICYDN<\/code>: Default password policy DN. Do not set if no default policy is used. In this case, the script will only affect users with password policy in their entry (pwdPolicySubentry<\/em>)<\/li>\n\n\n\nMY_LDAP_SEARCHBASE<\/code>: Users search base<\/li>\n\n\n\nMY_LDAP_SEARCHFILTER<\/code>: Users search filter<\/li>\n\n\n\nMY_LDAP_SEARCHBIN<\/code>: Path to ldapsearch binary<\/li>\n\n\n\nMY_MAIL_DELAY<\/code>: Time before expiration where a mail is sent. No mail sent after expiration. If no value, the script will take the pwdExpireWarning<\/em> of the password policy<\/li>\n\n\n\nMY_LDAP_NAME_ATTR<\/code>: attribute containing user’s name<\/li>\n\n\n\nMY_LDAP_LOGIN_ATTR<\/code>: attribute containing user’s login<\/li>\n\n\n\nMY_LDAP_MAIL_ATTR<\/code>:attribute containing user’s name<\/li>\n\n\n\nMY_MAIL_BODY<\/code>: message body<\/li>\n\n\n\nMY_MAIL_SUBJECT<\/code>: message subject<\/li>\n\n\n\nMY_MAIL_BIN<\/code>: mail binary<\/li>\n\n\n\nMY_LOG_HEADER<\/code>: log header<\/li>\n\n\n\nMY_GAWK_BIN<\/code>: path to gawk binary<\/li>\n<\/ul>\n\n\n\nSample LDAP User entry<\/h4>\n\n\n\n
\n
MY_LDAP_NAME_ATTR=cn<\/code><\/li>\n\n\n\nMY_LDAP_LOGIN_ATTR=uid<\/code><\/li>\n\n\n\nMY_LDAP_MAIL_ATTR=mail<\/code><\/li>\n<\/ul>\n\n\n\nldapsearch -Y EXTERNAL -H ldapi:\/\/\/ -s one -b \"ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\" -LLL -Q uid=janedoe <\/code><\/pre>\n\n\n\ndn: uid=janedoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: shadowAccount\nobjectClass: extensibleObject\nuid: janedoe\ncn: Jane<\/strong>\nsn: Doe\nloginShell: \/bin\/bash\nuidNumber: 10010\ngidNumber: 10010\nhomeDirectory: \/home\/janedoe\nshadowMax: 60\nshadowMin: 1\nshadowWarning: 7\nshadowInactive: 7\nshadowLastChange: 0\nuserPassword:: e1NTSEF9dmczUGpBa0EybUtOanJ4QWc1dWN5d20wNnlmOGg4cE8=\nmail: janedoe@kifarunix-demo.com<\/strong>\n<\/code><\/pre>\n\n\n\nTesting the LDAP Password Expiration Notification Script<\/h4>\n\n\n\n
bash checkLdapPwdExpiration.sh<\/code><\/pre>\n\n\n\n\/tmp\/ldap-password-stats<\/code>, file.<\/p>\n\n\n\ncat \/tmp\/ldap-password-stats<\/code><\/pre>\n\n\n\nHello Admin,\nFind the LDAP users account password expiry status as Jun 13,2020 21:19:18.\n\nPassword warning for janedoe (expiry date, Thursday 18, June 2020 at 11:12:37). Mail sent to janedoe@kifarunix-demo.com\nPassword expired for koromicha on Friday 08, May 2020 at 21:34:02. Mail sent to koromicha@kifarunix-demo.com\nNo password change date for johndoe (johndoe@kifarunix-demo.com)\n\n===== Statistics =====\nTotal User Accounts checked: 4\nAccounts with Expired Passwords: 1\nAccounts with Passwords in Warning state: 1\n<\/code><\/pre>\n\n\n\n\n
koromicha<\/strong><\/code>, has expired on Friday 08, May 2020 at 21:34:02. Notification email sent to user. <\/li>\n\n\n\njanedoe<\/code><\/strong>, will expire on Thursday 18, June 2020 at 11:12:37. Notification email sent to user.<\/li>\n\n\n\nmail: command not found<\/code><\/pre>\n\n\n\nConfigure your LDAP Server to Send Mails<\/h3>\n\n\n\n
sendmail<\/code>. In this demo, we will be using postfix instead.<\/p>\n\n\n\nInstall Postfix MTA on CentOS 8<\/h4>\n\n\n\n
yum install postfix cyrus-sasl-plain mailx<\/code><\/pre>\n\n\n\nConfigure Postfix to use Gmail SMTP relay<\/h4>\n\n\n\n
cp \/etc\/postfix\/main.cf \/etc\/postfix\/main.cf.old<\/code><\/pre>\n\n\n\nvim \/etc\/postfix\/main.cf<\/code><\/pre>\n\n\n\nmyhostname = ldap.kifarunix-demo.com<\/code><\/pre>\n\n\n\ninet_protocols = ipv4<\/code><\/pre>\n\n\n\nrelayhost = [smtp.gmail.com]:587<\/code><\/pre>\n\n\n\nsmtp_use_tls = yes<\/code><\/pre>\n\n\n\nsmtp_sasl_auth_enable = yes<\/code><\/pre>\n\n\n\nsmtp_sasl_password_maps = hash:\/etc\/postfix\/sasl_passwd<\/code><\/pre>\n\n\n\nsmtp_sasl_security_options = noanonymous<\/code><\/pre>\n\n\n\n\/etc\/postfix\/sasl_passwd<\/code> in the format;<\/p>\n\n\n\n[smtp.gmail.com]:587 userid@gmail:password<\/code><\/pre>\n\n\n\npostmap \/etc\/postfix\/sasl_passwd<\/code><\/pre>\n\n\n\nchown root:postfix \/etc\/postfix\/sasl_passwd*\nchmod 640 \/etc\/postfix\/sasl_passwd*<\/code><\/pre>\n\n\n\nsystemctl enable --now postfix<\/code><\/pre>\n\n\n\nTest Email Delivery<\/h4>\n\n\n\n
echo \"Test Postfix gmail relay\" | mail -s \"Test postfix gmail relay\" admin@kifarunix-demo.com<\/code><\/pre>\n\n\n\ntail \/var\/log\/maillog<\/code><\/pre>\n\n\n\n...to=admin@kifarunix-demo.com, relay=smtp.gmail.com[74.125.133.108]:587, ...status=sent (250 2.0.0 OK<\/strong> ..<\/code><\/pre>\n\n\n\nbash checkLdapPwdExpiration.sh<\/code><\/pre>\n\n\n\nSubject: LDAP Password Expiration Status\n\nHello Admin,\nFind the LDAP users account password expiry status as Jun 13,2020 21:31:11.\n\nPassword warning for janedoe (expiry date, Thursday 18, June 2020 at 11:12:37). Mail sent to janedoe@kifarunix-demo.com\nPassword expired for koromicha on Friday 08, May 2020 at 21:34:02. Mail sent to koromicha@kifarunix-demo.com\nNo password change date for johndoe (johndoe@kifarunix-demo.com)\n\n===== Statistics =====\nTotal User Accounts checked: 4\nAccounts with Expired Passwords: 1\nAccounts with Passwords in Warning state: 1\n<\/code><\/pre>\n\n\n\nSubject: LDAP Account Password Expiry Status\n\nHi jane,\n\n Your password will expire in 4 days on Thursday 18, June 2020 at 11:12:37.\n\n Visit Kifarunix-demo Self Service Password site, https:\/\/ldap-ssp.kifarunix-demo.com to reset your password.\n\n As a reminder, ensure that your password conforms to the company outlined password policies.\n\n Kifarunix-demo IT team,\n Regards.\n<\/code><\/pre>\n\n\n\nSubject: LDAP Account Password Expiry Status\n\nHi koromicha,\n\n Your password expired on Friday 08, May 2020 at 21:34:02.\n\n Kindly contact Kifarunix-demo IT team to help reset the password.\n\n Kifarunix-demo IT team,\n Regards.\n<\/code><\/pre>\n\n\n\nCreate Daily Cron Job for the Script<\/h4>\n\n\n\n
chmod +x \/home\/kifarunix\/checkLdapPwdExpiration.sh<\/code><\/pre>\n\n\n\ncrontab -e<\/code><\/pre>\n\n\n\n0 8 * * 1-5 \/home\/kifarunix\/checkLdapPwdExpiration.sh<\/code><\/pre>\n\n\n\nRelated Tutorials<\/h3>\n\n\n\n