Automatic Password Expiry Notification Tool for LDAP and AD
Hi,
I am looking for a recommended automatic password expiration notification tool Can anyone advice on the best secure and most recommended tool out there, commercial or free preferably free. We run a Linux and Windows platform that uses windows Active Directory and OpenLDAP 2.3.43-3.el5 to authenticate users. However we do get a lot of users requesting password resets particularly in the Linux environment and we need a good ,tried and tested automated tool or script that can manage this .We need an LDAP and Active Directory tool that notifies users particularly Linux users automatically days before their password will expire and force them to change it themselves or have it reset by the Linux administrator.I am kinda new to LDAP is tere any such facility withing OpenLDAP? I have read about Netwrix and Novell Tools but not sure if these are tried and tested tools. Any advice will be greatly appreciated. |
I haven't stumbled upon a ready made tool to do this, but using
perl or shell script (in combination with ldapsearch) it should be easy enough to script a solution. All it takes is to pull all users pwdChangedTime attribute, and do some date maths on it. Run from a cron job, and you're done. Cheers, Tink |
Thanks for your help
|
Humm, I thinkt ppolicy OpenLDAP module can help you. See http://linux.die.net/man/5/slapo-ppolicy for more information. ;)
Good luck. |
Quote:
password expiry? Cheers, Tink |
Quote:
BR |
Quote:
and then they can't log in. He wants people to be alerted of an upcoming expiry ahead of time (or at least that's my understanding). Cheers, Tink |
You're right, ppolicy will answer only if asked but since users log in regularly, you still can warn users before their password expires with pwdExpireWarning attribute. ;)
BR |
Quote:
who will sit dormant for months at a time, and then when they finally wish to login again they call us up. Testers, for example, who work on projects, and don't need the shell on a daily basis. He (the OP) seems to have a similar situation. Cheers, Tink |
Quote:
BR |
Guys thank you all very much for your help i really appreciate it ... i will research into how to use the ppolicy OpenLDAP that Fenandomerces suggested it seems promising Fernando i dont want to reinvent the wheel but is there a more direct step by step guide on how to do this also if i do this successfully this i will document it and send you a copy or share the knowledge. any other suggestion will be appreciated Gurus keep replying..
|
All times are GMT -5. The time now is 12:21 AM. |