#!/bin/bash hostname=`hostname` errortext="ERROR:NEVER" arg="$1" function shortshow() { echo ${user}": "$email } function queryLDAPAttribute() { ldapsearch -x "$1" "$2" | grep -E "${2}: " | sed "s/^${2}: //" } basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\ | sed 's/dn: cn=root,//'` maxAge="$(queryLDAPAttribute '(cn=default)' pwdMaxAge)" changeAge=$(( $maxAge - 2592000 )) deleteAge=$(( 2 * $maxAge )) for user in `queryLDAPAttribute '(uid=*)' uid`; do # Pull changed stats lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '` created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '` email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '` if [ -z "$lastChanged" ]; then lastChanged="$errortext"; else delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8) +%s`))" fi lastlog=`lastlog -u $user | tail -n 1` if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then lastlog=$errortext else lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'` fi printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | ( case "$arg" in "--inactive") if grep -E $errortext'$' &> /dev/null; then shortshow; fi ;; "--needschange") if [ "$lastChanged" == "$errortext" ]; then shortshow else if [ $delta -gt "$changeAge" ] && [ $delta -lt "$maxAge" ]; then shortshow; fi fi ;; "--expired") if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then shortshow; fi ;; "--removeable") if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge "$deleteAge" ]; then shortshow; fi ;; *) cat ;; esac ) done