1717# Copyright (C) 2008 Clement OUDOT
1818# Copyright (C) 2007 Thomas CHEMINEAU
1919# Copyright (C) 2009 LTB-project.org
20+ # Copyright (C) 2019 Worteks
2021#
2122# This program is free software; you can redistribute it and/or
2223# modify it under the terms of the GNU General Public License
3536# ====================================================================
3637# Changelog
3738# ====================================================================
39+ # Version 0.4 (11/2019)
40+ # - #11 fixed:
41+ # Add remaning time before password expiration in mail.
3842# Version 0.3 (03/2010):
3943# - #295 fixed:
4044# Add a parameter to specify the search scope
6266# Configuration
6367# ====================================================================
6468
69+
70+
6571#
6672# LDAP host URI
6773# eg: ldap://localhost:389
@@ -105,7 +111,7 @@ MY_LDAP_SEARCHSCOPE="one"
105111#
106112# Path to LDAP search binary
107113#
108- MY_LDAP_SEARCHBIN=" /opt /openldap/bin/ldapsearch"
114+ MY_LDAP_SEARCHBIN=" /usr/local /openldap/bin/ldapsearch"
109115
110116#
111117# Delay to begin sending adverts
@@ -123,14 +129,28 @@ MY_LDAP_NAME_ATTR=cn
123129MY_LDAP_LOGIN_ATTR=uid
124130MY_LDAP_MAIL_ATTR=mail
125131
132+ #
133+ # Locale for date
134+ # eg: export LC_ALL=en_US.UTF-8
135+ #
136+ export LC_ALL=en_US.UTF-8
137+
126138#
127139# Mail body message, with particular variables :
128140# %name : user name
129141# %login : user login
130142#
131- MY_MAIL_BODY=" From: support @example.com\n\n \
143+ MY_MAIL_BODY=" From: noreply @example.com\n\n \
132144 Hi %name,\n\n \
133- please change your password.\n\nThe LDAP team."
145+
146+ Please change your password. It will expire in %expireDays days on %expireTimeTZ.\n\n \
147+
148+ As a reminder, the password policy is :\n\n \
149+
150+ - Minimum Password Length : %pwdMinLength characters\n\n \
151+ - There is a password history, your new password must be different from you last %pwdInHistory passwords.\n\n \
152+
153+ The LDAP team."
134154
135155#
136156# Mail subject
266286 else
267287 ldap_search=" ${ldap_search} -b ${MY_LDAP_DEFAULTPWDPOLICYDN} "
268288 fi
269-
270- ldap_search=" $ldap_search pwdMaxAge pwdExpireWarning"
289+
290+ ldap_search=" $ldap_search pwdMaxAge pwdExpireWarning pwdMinLength pwdInHistory "
271291 pwdMaxAge=` ${ldap_search} | grep -w " pwdMaxAge:" | cut -d : -f 2 \
272292 | sed " s/^ *//;s/ *$//" `
273293 pwdExpireWarning=` ${ldap_search} | grep -w " pwdExpireWarning:" | cut -d : -f 2 \
274294 | sed " s/^ *//;s/ *$//" `
295+ pwdMinLength=` ${ldap_search} | grep -w " pwdMinLength:" | cut -d : -f 2 \
296+ | sed " s/^ *//;s/ *$//" `
297+ pwdInHistory=` ${ldap_search} | grep -w " pwdInHistory:" | cut -d : -f 2 \
298+ | sed " s/^ *//;s/ *$//" `
275299
276300 # Go to next user if no pwdMaxAge (no expiration)
277301 if [ ! " ${pwdMaxAge} " ; then
302326 echo " ${MY_LOG_HEADER} Password expired for ${login} " >&2
303327 continue
304328 fi
329+
330+ expireTimeTZ=` date -d @$expireTime " +%A %d %B %Y %T" `
331+
332+ expireTimeMail=` date -d @$expireTime " +%s" `
333+
334+ now=` date +%s`
335+
336+ expireDays=` echo $(( (${expireTimeMail} - ${now} )/ (60 * 60 * 24 ) )) `
305337
306338 # ALL LDAP attributes should be there, else continue to next user
307339 if [ " ${mail} " -a " ${name} "
312344 if [ ${diffTime} -gt ${pwdMaxAge} ]; then
313345 logmsg=" ${MY_MAIL_BODY} "
314346 logmsg=` echo ${logmsg} | sed " s/%name/${name} /; \
315- s/%login/${login} /" `
347+ s/%login/${login} /; s/%expireTimeTZ/${expireTimeTZ} /; s/%pwdMinLength/${pwdMinLength} /; s/%pwdInHistory/${pwdInHistory} /; \
348+ s/%expireDays/${expireDays} /" `
316349
317350 # Sending mail...
318351 echo " ${logmsg} " | ${MY_MAIL_BIN} -s " ${MY_MAIL_SUBJECT} " ${mail} >&2
0 commit comments