check_passwd

Perl script to check if an LDAP account is about to expire.

It searches an LDAP tree for accounts and evaluates their PWDLASTSET value (if the ACCOUNTEXPIRES is not 0, which would mean that the account does not expire).

The maximum age of a password is typically determined by your organisation (typically something like 1 or 3 years). You can set the max using the --max-age flag. You need to provide the LDAP server URL using --ldapserver and the base DN, which hosts the accounts to check, using --ldapbase.

The warning and critical thresholds can be configured in seconds using --warning (default: 30*24*60*60 = 30 days) and --critical (default: 5*24*60*60 = 5 days).

Download the tool at check_passwd_exp.pl (or see GitHub)

Please consider to take a look at my general monitoring setup notes.

Martin Scharm

stuff. just for the records.

Do you like this page?
You can actively support me!

There are multiple options to leave a comment:

send me an email
submit a comment through the feedback page (anonymously via TOR)
Fork this repo at GitHub, add your comment to the _data/comments directory and send me a pull request
Fill the following form and Staticman will automagically create a pull request for you:

check_passwd_exp.pl

Share Post

Martin Scharm

Leave a comment