ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007481ClearOSapp-password-policies - Password Policiespublic2016-02-26 12:132016-11-16 09:19
Reporterdloper 
Assigned To 
PrioritylowSeverityfeatureReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version7.1.0 
Target VersionFixed in Version 
Summary0007481: Notification for expired passwords in UI per user
DescriptionThis feature would provide:

1) A way to see in the admin UI that a user's password was expired. This would be an alert on the userpage (ie. /app/users/edit/aschmoe), and an exclamation point icon in front of the username on the userlist (/app/users). The alert on the userpage would say:

USER PASSWORD EXPIRED: The password for this user has expired. The user can change the password by logging into the ClearOS Portal with their credentials (http://webconfig_address:81 [^]) or you can change the password for the user on the master LDAP server or this interface if this is your master LDAP server.

2) 'email notification' being able to be enabled in the password policy app (/app/password_policies) as would a field for global notification. The behavior of this would be to notify the user directly if the user's mail address is on file with the server or if there is not mail attribute, notify the admin specified of the system for all expiring accounts. The fields would be:

Enable Email Notification [Checkbox]
Fallback notification address: [_ _ _ _ textbox _ _ _ _]
Email threshold [pulldown]

1%
3%
2%
10%
20%
50%

This would tie into the scheduler and run periodically to check. The logic would use the epoch time of the system and calculate notifications based on a percent rule. If the password expiry is under the percentage of time remaining, notification will happen. Of if the expiry has happened within the last 24 hours (plus 1 minute).

Email notification might look like this:

TO: $mail

SUBJECT: User password expiry for $cn

BODY: The password for $cn ($uid) is nearing expiry or has expired. Please reset the password at $webconfig_URL or contact your IT administrator for support.

Additional InformationData needed from directory:

slapcat -n3 | egrep "^ pwdMaxAge: "

Conditionals on test script would be to look in the LDAP directory:

Conditional

slapcat -n3 | egrep "^pwdLockout: TRUE"

From the directory we would need to pull the dataset

slapcat -n3 | egrep "^sambaPwdLastSet|^clearAccountStatus: enabled|^uid:|^$|^cn:|mail:"

Get current time for math

date +s%
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0002691)
bchambers (administrator)
2016-02-27 06:47

This would be a good use of the "Events" app...displayed as alert in weconfig, optional email alerts etc.

Simple.

- Issue History
Date Modified Username Field Change
2016-02-26 12:13 dloper New Issue
2016-02-27 06:47 bchambers Note Added: 0002691
2016-03-03 11:52 user2 Status new => confirmed
2016-11-16 09:12 user2 Target Version 7.3.0 Beta 1 => 7.3.0 Beta 1
2016-11-16 09:19 user2 Target Version 7.3.0 Beta 1 =>