Kapisi/roles/Password/package/ldap-userreport

#!/bin/bash

hostname=`hostname`
errortext="ERROR:NEVER"
arg="$1"

function shortshow() {
    echo ${user}": "$email
}

basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\  | sed 's/dn: cn=root,//'`

for user in `ldapsearch -x -b "ou=People,$basedn" '(uid=*)' uid | grep -E ^uid:\  | sed 's/^uid: //'`; do

    # Pull changed stats
    lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
    created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
    email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`

    if [ -z "$lastChanged" ]; then
        lastChanged="$errortext";
    else
        delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8)  +%s`))"
    fi
    lastlog=`lastlog -u $user | tail -n 1`
    if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
        lastlog=$errortext
    else
        lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
    fi
    printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
    case "$arg" in
        "--inactive")
            if grep -E $errortext'$' &> /dev/null; then shortshow; fi
            ;;
        "--needschange")
            if [ "$lastChanged" == "$errortext" ]; then
                shortshow
            else
                if [ $delta -gt 28512000 ] && [ $delta -lt 31536000 ]; then shortshow; fi
            fi
            ;;
        "--expired")
            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
                shortshow;
            fi
            ;;
        *)
            cat
            ;;
    esac
    )

done
Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing 2023-02-20 16:50:10 -06:00			`#!/bin/bash`

			hostname=`hostname`
			`errortext="ERROR:NEVER"`
			`arg="$1"`

			`function shortshow() {`
			`echo ${user}": "$email`
			`}`

			basedn=`ldapsearch -x '(cn=root)' dn \| grep -E ^dn:\ \| sed 's/dn: cn=root,//'`

Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password 2024-03-07 12:27:21 -06:00			for user in `ldapsearch -x -b "ou=People,$basedn" '(uid=*)' uid \| grep -E ^uid:\ \| sed 's/^uid: //'`; do
Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing 2023-02-20 16:50:10 -06:00
			`# Pull changed stats`
			lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + \| grep pwdChangedTime \| cut -f 2 -d ' '`
			created=`/usr/sbin/ldapsearch -x "(uid=$user)" + \| grep createTimestamp \| cut -f 2 -d ' '`
			email=`/usr/sbin/ldapsearch -x "(uid=$user)" \| grep mail \| cut -f 2 -d ' '`

			`if [ -z "$lastChanged" ]; then`
			`lastChanged="$errortext";`
			`else`
			delta="$(( `date +%s` - `date -d $(echo $lastChanged \| head -c 8) +%s`))"
			`fi`
			lastlog=`lastlog -u $user \| tail -n 1`
			if [ `echo $lastlog \| grep -c 'Never logged in'` -gt 0 ]; then
			`lastlog=$errortext`
			`else`
			lastlog=`echo $lastlog \| awk '{$1="";$2="";$3="";print $0 }'`
			`fi`
			`printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" \| (`
			`case "$arg" in`
			`"--inactive")`
			`if grep -E $errortext'$' &> /dev/null; then shortshow; fi`
			`;;`
			`"--needschange")`
			`if [ "$lastChanged" == "$errortext" ]; then`
			`shortshow`
			`else`
Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password 2024-03-07 12:27:21 -06:00			`if [ $delta -gt 28512000 ] && [ $delta -lt 31536000 ]; then shortshow; fi`
Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing 2023-02-20 16:50:10 -06:00			`fi`
			`;;`
			`"--expired")`
			`if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then`
			`shortshow;`
			`fi`
			`;;`
			`*)`
			`cat`
			`;;`
			`esac`
			`)`

			`done`