hbasria/gist:c2cb6451b29eefe083d1e34808f1047a

## gistfile1.txt
#!/bin/bash

# https://gosysop.com/freeipa-password-expiry-notification-script-for-red-hat-identity-management/
# notifies people a set number of days before expiry, once via email

# open a kerberos ticket using keytab authentication
# the following keytab file was made using ktutil with rc4-hmac

/usr/bin/kinit admin@YOURDOMAIN.COM -k -t /sextoys/admin.keytab

# how many days before expiry? at which point a single email should be sent out

cd /tmp
THENUMBEROFDAYS=2

#queries the ldap server for whatever group you want, or search parameters you want to use
# grepping memberUid for the group you want and piping to awk results in a list of users
USERLIST=$(ldapsearch -x -b cn=sextoyboys,cn=groups,cn=compat,dc=yourdomain,dc=com | grep memberUid | awk '{print $2}')

# start the main loop
for USER in $USERLIST;
do
# gets todays date in the same format as ipa
TODAYSDATE=$(date +"%Y%m%d")
echo "Checking Expiry For $USER"

# gets date, removes time uses cut to get only first 8 characters of date
EXPIRYDATE=$(ipa user-show $USER --all | grep krbpasswordexpiration | awk '{print $2}' | cut -c 1-8)

# using date command to convert to a proper date format for the subtraction of days left
CALCEXPIRY=$(date -d "$EXPIRYDATE" +%j)
CALCTODAY=$(date -d "$TODAYSDATE" +%j)
DAYSLEFT=$(expr $CALCEXPIRY - $CALCTODAY)

echo "$USER has $DAYSLEFT left"

# send out an email if it matches the specified number of days left
if [ $DAYSLEFT = $THENUMBEROFDAYS ];
then

# create the email content
echo "HEY BUDDY, YOUR PASSWORD IS GOING TO EXPIRE" >> $USER.temp
echo " " >> $USER.temp
echo "MaxMouse" >> $USER.temp

# send the email out
mailx -s "Hey $USER This is a great subject line right" $USER@yourdomain.com < $USER.temp
# delete content file
rm -rf $USER.temp
fi

done
	#!/bin/bash

	# https://gosysop.com/freeipa-password-expiry-notification-script-for-red-hat-identity-management/
	# notifies people a set number of days before expiry, once via email

	# open a kerberos ticket using keytab authentication
	# the following keytab file was made using ktutil with rc4-hmac

	/usr/bin/kinit admin@YOURDOMAIN.COM -k -t /sextoys/admin.keytab

	# how many days before expiry? at which point a single email should be sent out

	cd /tmp
	THENUMBEROFDAYS=2

	#queries the ldap server for whatever group you want, or search parameters you want to use
	# grepping memberUid for the group you want and piping to awk results in a list of users
	USERLIST=$(ldapsearch -x -b cn=sextoyboys,cn=groups,cn=compat,dc=yourdomain,dc=com \| grep memberUid \| awk '{print $2}')

	# start the main loop
	for USER in $USERLIST;
	do
	# gets todays date in the same format as ipa
	TODAYSDATE=$(date +"%Y%m%d")
	echo "Checking Expiry For $USER"

	# gets date, removes time uses cut to get only first 8 characters of date
	EXPIRYDATE=$(ipa user-show $USER --all \| grep krbpasswordexpiration \| awk '{print $2}' \| cut -c 1-8)

	# using date command to convert to a proper date format for the subtraction of days left
	CALCEXPIRY=$(date -d "$EXPIRYDATE" +%j)
	CALCTODAY=$(date -d "$TODAYSDATE" +%j)
	DAYSLEFT=$(expr $CALCEXPIRY - $CALCTODAY)

	echo "$USER has $DAYSLEFT left"

	# send out an email if it matches the specified number of days left
	if [ $DAYSLEFT = $THENUMBEROFDAYS ];
	then

	# create the email content
	echo "HEY BUDDY, YOUR PASSWORD IS GOING TO EXPIRE" >> $USER.temp
	echo " " >> $USER.temp
	echo "MaxMouse" >> $USER.temp

	# send the email out
	mailx -s "Hey $USER This is a great subject line right" $USER@yourdomain.com < $USER.temp
	# delete content file
	rm -rf $USER.temp
	fi

	done