AniNIX/Kapisi
AniNIX/Kapisi
3
0
Fork 0
Code Issues 25 Pull Requests Projects 1 Releases Wiki Activity
7b98c953b1
Kapisi/roles/Sora/files/ldap-userreport

68 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
hostname=`hostname`
errortext="ERROR:NEVER"
arg="$1"
function shortshow() {
echo ${user}": "$email
}
function queryLDAPAttribute() {
ldapsearch -x "$1" "$2" | grep -E "${2}: " | sed "s/^${2}: //"
}
basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\ | sed 's/dn: cn=root,//'`
maxAge="$(queryLDAPAttribute '(cn=default)' pwdMaxAge)"
changeAge=$(( $maxAge - 2592000 ))
deleteAge=$(( 2 * $maxAge ))
for user in `queryLDAPAttribute '(uid=*)' uid`; do
# Pull changed stats
lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`
if [ -z "$lastChanged" ]; then
lastChanged="$errortext";
else
delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8) +%s`))"
fi
lastlog=`lastlog -u $user | tail -n 1`
if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
lastlog=$errortext
else
lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
fi
printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
case "$arg" in
"--inactive")
if grep -E $errortext'$' &> /dev/null; then shortshow; fi
;;
"--needschange")
if [ "$lastChanged" == "$errortext" ]; then
shortshow
else
if [ $delta -gt "$changeAge" ] && [ $delta -lt "$maxAge" ]; then shortshow; fi
fi
;;
"--expired")
if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
shortshow;
fi
;;
"--removeable")
if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge "$deleteAge" ]; then
shortshow;
fi
;;
*)
cat
;;
esac
)
done
Reference in New Issue View Git Blame Copy Permalink