Perl script to check if an LDAP account is about to expire.
It searches an LDAP tree for accounts and evaluates their
PWDLASTSET value (if the
ACCOUNTEXPIRES is not
0, which would mean that the account does not expire).
The maximum age of a password is typically determined by your organisation (typically something like 1 or 3 years). You can set the max using the
You need to provide the LDAP server URL using
--ldapserver and the base DN, which hosts the accounts to check, using
The warning and critical thresholds can be configured in seconds using
30*24*60*60 = 30 days) and
5*24*60*60 = 5 days).
Please consider to take a look at my general monitoring setup notes.