ClearFoundation Tracker - ClearOS
View Issue Details
0007481ClearOSapp-password-policies - Password Policiespublic2016-02-26 12:132020-11-06 03:56
dloper 
 
lowfeaturealways
closedsuspended 
7.1.0 
 
0007481: Notification for expired passwords in UI per user
This feature would provide:

1) A way to see in the admin UI that a user's password was expired. This would be an alert on the userpage (ie. /app/users/edit/aschmoe), and an exclamation point icon in front of the username on the userlist (/app/users). The alert on the userpage would say:

USER PASSWORD EXPIRED: The password for this user has expired. The user can change the password by logging into the ClearOS Portal with their credentials (http://webconfig_address:81 [^]) or you can change the password for the user on the master LDAP server or this interface if this is your master LDAP server.

2) 'email notification' being able to be enabled in the password policy app (/app/password_policies) as would a field for global notification. The behavior of this would be to notify the user directly if the user's mail address is on file with the server or if there is not mail attribute, notify the admin specified of the system for all expiring accounts. The fields would be:

Enable Email Notification [Checkbox]
Fallback notification address: [_ _ _ _ textbox _ _ _ _]
Email threshold [pulldown]

1%
3%
2%
10%
20%
50%

This would tie into the scheduler and run periodically to check. The logic would use the epoch time of the system and calculate notifications based on a percent rule. If the password expiry is under the percentage of time remaining, notification will happen. Of if the expiry has happened within the last 24 hours (plus 1 minute).

Email notification might look like this:

TO: $mail

SUBJECT: User password expiry for $cn

BODY: The password for $cn ($uid) is nearing expiry or has expired. Please reset the password at $webconfig_URL or contact your IT administrator for support.

Data needed from directory:

slapcat -n3 | egrep "^ pwdMaxAge: "

Conditionals on test script would be to look in the LDAP directory:

Conditional

slapcat -n3 | egrep "^pwdLockout: TRUE"

From the directory we would need to pull the dataset

slapcat -n3 | egrep "^sambaPwdLastSet|^clearAccountStatus: enabled|^uid:|^$|^cn:|mail:"

Get current time for math

date +s%
No tags attached.
Issue History
2016-02-26 12:13dloperNew Issue
2016-02-27 06:47bchambersNote Added: 0002691
2016-03-03 11:52user2Statusnew => confirmed
2016-11-16 09:12user2Target Version7.3.0 Beta 1 => 7.3.0 Beta 1
2016-11-16 09:19user2Target Version7.3.0 Beta 1 =>
2020-11-06 03:56NickHNote Added: 0014701
2020-11-06 03:56NickHStatusconfirmed => closed
2020-11-06 03:56NickHResolutionopen => suspended

Notes
(0002691)
bchambers   
2016-02-27 06:47   
This would be a good use of the "Events" app...displayed as alert in weconfig, optional email alerts etc.

Simple.
(0014701)
NickH   
2020-11-06 03:56   
Migrated to https://gitlab.com/clearos/clearfoundation/app-password-policies/-/issues/4 [^]