Provided by: freeipa-client-epn_4.10.2-1_amd64 bug

NAME

       ipa-epn - Send expiring password notifications

SYNOPSIS

       ipa-epn [options]

DESCRIPTION

       ipa-epn provides a method to warn users via email that their IPA account password is about
       to expire.

       It can be used in dry-run mode which is recommended during setup.  The  output  is  always
       JSON in this case.

       It  can  also  be  launched  daily  by  its systemd timer.  In this case it will parse its
       configuration file epn.conf(5) and send an email to users  whose  passwords  are  expiring
       within the defined future date ranges.

       See the OPTIONS section below and the epn.conf(5) man page on how to configure the tool.

OPTIONS

       --to-nbdays <number of days>
              The  --to-nbdays  CLI  option  can be used to determine the number of notifications
              that would be sent in a given timeframe.

              If --from-nbdays is not specified, ipa-epn will look within  a  24-hour  long  time
              range in <number of days> days.

              if  --from-nbdays  is specified, the date range starts at --from-nbdays days in the
              future and ends at --to-nbdays in the future.

              Together, these two CLI options can be used to determine how many emails  would  be
              sent in a specific time in the future.

              The --to-nbdays CLI option implies --dry-run.

       --from-nbdays <number of days>
              See  --to-nbdays  for  an explanation. This option must be used in conjunction with
              --to-nbdays.

       --dry-run
              The --dry-run CLI option is intended to test ipa-epn's configuration.

              For instance, if notify_ttls is set to 21, 14, 3, --dry-run would display the  list
              of users whose passwords would expire in 21, 14, and 3 days in the future.

       --mail-test
              The  --mail-test  CLI option will send an e-mail to the configured smtp_admin value
              in /etc/ipa/epn.conf. Generic values for the substitution variables are set so this
              is also useful for testing and configuring the mail template.

TEMPLATE

       The  template for the e-mail message is contained in /etc/ipa/epn/expire_msg.template. The
       following template variables are available.

       User ID: uid

       Full name: fullname

       First name: first

       Last name: Last

       Password expiration date: expiration

EXAMPLES

          # date
          Sun 12 Apr 2020 06:23:08 AM CEST
          # ipa-epn --dry-run
          [
             {
                "uid": "user5",
                "cn": "user 5",
                "krbpasswordexpiration": "2020-04-17 15:51:53",
                "mail": "['user5@ipa.test']"
             }
          ]
          The IPA-EPN command was successful

          # ipa-epn --to-nbdays 6 --dry-run
          [
             {
                "uid": "user5",
                "cn": "user 5",
                "krbpasswordexpiration": "2020-04-17 15:51:53",
                "mail": "['user5@ipa.test']"
             }
          ]
          The IPA-EPN command was successful

          # ipa-epn --from-nbdays 2 --to-nbdays 6 --dry-run
          [
             {
                "uid": "user5",
                "cn": "user 5",
                "krbpasswordexpiration": "2020-04-17 15:51:53",
                "mail": "['user5@ipa.test']"
             }
          ]
          The IPA-EPN command was successful

          # ipa-epn --from-nbdays 8 --to-nbdays 12 --dry-run
          [
             {
                "uid": "user3",
                "cn": "user 5",
                "krbpasswordexpiration": "2020-04-21 00:00:08",
                "mail": "['user3@ipa.test']"
             }
          ]
          The IPA-EPN command was successful

EXIT STATUS

       The exit status is 0 on success, nonzero on error.

SEE ALSO

          RFE: https://pagure.io/freeipa/issue/3687
          Design  document:  https://github.com/freeipa/freeipa/blob/master/doc/designs/expiring-
       password-notification.md

KNOWN BUGS

          None yet.

REPORTING BUGS AND ENHANCEMENT IDEAS

          Please make sure first the issue is not already reported by searching at https://pagure.io/freeipa/issues. If it is not, file a new issue at https://pagure.io/freeipa/new_issue.