Hey all,
Just wanted to share a couple of tools I whipped up to flesh out some of
the more time consuming or lean feature areas of FreeIPA. Hopefully they
help you! Pull Reuquests and Issues are welcome.
https://github.com/noahbliss/freeipa-sam
FreeIPA-SAM is a simple menu-driven bash script for lifecycle management
of system (service) accounts in LDAP. As a refresher, these seem to be
the accounts you use as connectors to various services, but not for
typical human user login. As there doesn't seem to be a convenient way
to manage these in the WebUI and consistency is key when doing manual
account management, I've found this to be a huge time-saver.
https://github.com/noahbliss/freeipa-pen
FreeIPA-PEN is a bash script designed to be installed on an IPA server
and invoked by cron. It uses a system account to check LDAP and notify
users via email if their password is going to expire soon. For accounts
that do not have an email address or have already expired, it can
generate a weekly/monthly report for you as an admin.
Looks cool, thanks for sharing.
Note that the IPA in 4.9.0+ provides a similar service for your expiring
account notification project, similarly named EPN (Expired Password
Notification).
rob