Aki-san,

Thanks for your feedback.

Whatever ways will do. For instance, in a thunderbird mail client, a pop-up message or notification email telling client that the password will be expired in XX days, something like this, would be nice.

Thanks, Masaharu Kawada

On 2016年06月08日 15:49, Aki Tuomi wrote:

On 08.06.2016 09:37, mkawada@redhat.com wrote:

...

Dear list,

Is it possible to give a notification about password exprire warning to users authenticated by OpenLDAP when the users login via dovecot using IMAP or POP? For example, when you ssh to a server and/or run ldapsearch, you can be warned with password expire warning like below:

# ssh testuser@localhost testuser@localhost's password: Your password will expire in 31 minute(s). <== Last login: Wed Jun 8 12:22:08 2016 from localhost.localdomain

]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w redhat "cn=testuser" -e ppolicy ldap_bind: Success (0) (Password expires in 1808 seconds) <== dn: uid=testuser,ou=People,dc=example,dc=com

Does the same can be done for dovecot users authenticated by OpenLDAP in IMAP/POP?

Thanks,

How would this warning get shown to people?

Aki

-- Masaharu Kawada

Alec-san,

Thanks for your comment.

Please lemme make sure one more thing.

IMAP has ALERT response which is supported by some clients.

To make it happen, no need to add any other configurations on LDAP end once possword policy is correctly set?

Thanks, Masaharu Kawada

On 2016年06月08日 17:27, A.L.E.C wrote:

On 06/08/2016 10:05 AM, mkawada@redhat.com wrote:

...

Whatever ways will do. For instance, in a thunderbird mail client, a pop-up message or notification email telling client that the password will be expired in XX days, something like this, would be nice. IMAP has ALERT response which is supported by some clients. I think Thunderbird supports that. I don't think POP has such a feature, but I wouldn't care about POP.

-- Masaharu Kawada

Alec-san,

Eexcuse me for my misconception.

Anyway, appreciate your comment.

Thanks, Masaharu Kawada

On 2016年06月08日 17:51, A.L.E.C wrote:

On 06/08/2016 10:39 AM, mkawada@redhat.com wrote:

...

To make it happen, no need to add any other configurations on LDAP end once possword policy is correctly set? You've got me wrong. I just responded to Aki's question. ALERT feature could be used to send the message to the client, but there's no code to handle such LDAP password policies/notices yet.

-- Masaharu Kawada Technical Support Engineer Red Hat K K Ebisu Neonato 8F 1-18 Ebisu 4-chome, Shibuya-ku Tokyo 150-0013, Japan Direct: +81-3-5798-8347

I think the easiest solution it to send a mail to the user that the password will expire. A cron job and a shell script should do the work. I don't know any mechanism to send this kind of message via POP.

I agree with you. Don’t bother trying to alert the user when he logs in (where there is no universal client support for such alerts). But, simply send a notification message from a cron script to their mailbox (a couple days before expiration). You could mark the message as high priority/urgent just in case their client displays such messages more prominently than normal inbox new messages. IMAP or POP login is usually done by the email client in the background and the user isn’t necessarily even around to handle the alert. But, clients are used to alerting the user that they have new mail.

So, simply sending a notification message, from a cron job, to their INBOX is definitely the way I would go.

Kevin

On Jun 8, 2016, at 9:31 AM, Juan Bernhard juan@inti.gob.ar wrote:

El 08/06/2016 a las 03:37 a.m., mkawada@redhat.com mailto:mkawada@redhat.com escribió:

...

Dear list,

Is it possible to give a notification about password exprire warning to users authenticated by OpenLDAP when the users login via dovecot using IMAP or POP? For example, when you ssh to a server and/or run ldapsearch, you can be warned with password expire warning like below:

# ssh testuser@localhost testuser@localhost's password: Your password will expire in 31 minute(s). <== Last login: Wed Jun 8 12:22:08 2016 from localhost.localdomain

]$ ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -w redhat "cn=testuser" -e ppolicy ldap_bind: Success (0) (Password expires in 1808 seconds) <== dn: uid=testuser,ou=People,dc=example,dc=com

Does the same can be done for dovecot users authenticated by OpenLDAP in IMAP/POP?

Thanks,

I think the easiest solution it to send a mail to the user that the password will expire. A cron job and a shell script should do the work. I don't know any mechanism to send this kind of message via POP.

Saludos, Juan.