diff --git a/lam/HISTORY b/lam/HISTORY
index 568fcf4f..a3fcf7c6 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -4,6 +4,7 @@ December 2018 6.6
- Windows users: manage "departmentNumber" (needs to be activated via LAM server profile)
- LAM Pro:
-> Easy setting of background color in self service profile
+ -> Cron jobs: added Windows/Qmail/FreeRadius account expiration notification jobs
25.09.2018 6.5
diff --git a/lam/docs/manual-sources/chapter-configuration.xml b/lam/docs/manual-sources/chapter-configuration.xml
index 6e05c95a..28daadfb 100644
--- a/lam/docs/manual-sources/chapter-configuration.xml
+++ b/lam/docs/manual-sources/chapter-configuration.xml
@@ -907,6 +907,11 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
users about password expiration
+
+ Windows:
+ Notify users about account expiration
+
+
Windows: Delete or
move expired accounts
@@ -917,10 +922,21 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
Delete or move expired accounts
+
+ FreeRadius:
+ Notify users about account expiration
+
+
Qmail: Delete or move
expired accounts
+
+
+ Qmail:
+ Notify users about account expiration
+
@@ -1373,6 +1389,90 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
"2016-12-31".
+
+ Windows: Notify users about account expiration
+
+ This will send your users an email reminder before their whole
+ account expires.
+
+ You need to activate the Windows module for users to be able
+ to add this job. The job can be added multiple times (e.g. to send a
+ second warning at a later time).
+
+
+
+
+
+
+ Options
+
+
+
+
+ Option
+
+ Description
+
+
+
+ From address
+
+ The email address to set as FROM.
+
+
+
+ Reply-to address
+
+ Optional Reply-to address for email.
+
+
+
+ CC address
+
+ Optional CC mail address.
+
+
+
+ BCC address
+
+ Optional BCC mail address.
+
+
+
+ Subject
+
+ The email subject line. Supports wildcards, see
+ below.
+
+
+
+ Text
+
+ The email body text. Supports wildcards, see
+ below.
+
+
+
+ Notification period
+
+ Number of days to notify before account
+ expires.
+
+
+
+
Wildcards:
+
+ You can enter LDAP attributes as wildcards in the form
+ @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
+ For the common name it would be "@@cn@@".
+
+ There are also two special wildcards for the expiration date.
+ @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
+ @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
+ "2016-12-31".
+
+
Windows: Delete or move expired accounts
@@ -1469,6 +1569,90 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
+
+ FreeRadius: Notify users about account expiration
+
+ This will send your users an email reminder before their
+ FreeRadius account expires.
+
+ You need to activate the FreeRadius module for users to be
+ able to add this job. The job can be added multiple times (e.g. to
+ send a second warning at a later time).
+
+
+
+
+
+
+ Options
+
+
+
+
+ Option
+
+ Description
+
+
+
+ From address
+
+ The email address to set as FROM.
+
+
+
+ Reply-to address
+
+ Optional Reply-to address for email.
+
+
+
+ CC address
+
+ Optional CC mail address.
+
+
+
+ BCC address
+
+ Optional BCC mail address.
+
+
+
+ Subject
+
+ The email subject line. Supports wildcards, see
+ below.
+
+
+
+ Text
+
+ The email body text. Supports wildcards, see
+ below.
+
+
+
+ Notification period
+
+ Number of days to notify before account
+ expires.
+
+
+
+
Wildcards:
+
+ You can enter LDAP attributes as wildcards in the form
+ @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
+ For the common name it would be "@@cn@@".
+
+ There are also two special wildcards for the expiration date.
+ @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
+ @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
+ "2016-12-31".
+
+
Qmail: Delete or move expired accounts
@@ -1517,6 +1701,90 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
+
+
+ Qmail: Notify users about account expiration
+
+ This will send your users an email reminder before their Qmail
+ account expires.
+
+ You need to activate the Qmail module for users to be able to
+ add this job. The job can be added multiple times (e.g. to send a
+ second warning at a later time).
+
+
+
+
+
+
+ Options
+
+
+
+
+ Option
+
+ Description
+
+
+
+ From address
+
+ The email address to set as FROM.
+
+
+
+ Reply-to address
+
+ Optional Reply-to address for email.
+
+
+
+ CC address
+
+ Optional CC mail address.
+
+
+
+ BCC address
+
+ Optional BCC mail address.
+
+
+
+ Subject
+
+ The email subject line. Supports wildcards, see
+ below.
+
+
+
+ Text
+
+ The email body text. Supports wildcards, see
+ below.
+
+
+
+ Notification period
+
+ Number of days to notify before account
+ expires.
+
+
+
+
Wildcards:
+
+ You can enter LDAP attributes as wildcards in the form
+ @@ATTRIBUTE_NAME@@. E.g. to add the user's common name use "@@cn@@".
+ For the common name it would be "@@cn@@".
+
+ There are also two special wildcards for the expiration date.
+ @@EXPIRE_DATE_DDMMYYYY@@ will print the date as e.g. "31.12.2016".
+ @@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
+ "2016-12-31".
+
diff --git a/lam/docs/manual-sources/images/jobs_freeradiusAccountExpiration.png b/lam/docs/manual-sources/images/jobs_freeradiusAccountExpiration.png
new file mode 100644
index 00000000..83da57b1
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_freeradiusAccountExpiration.png differ
diff --git a/lam/docs/manual-sources/images/jobs_qmailAccountExpiration.png b/lam/docs/manual-sources/images/jobs_qmailAccountExpiration.png
new file mode 100644
index 00000000..363280ba
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_qmailAccountExpiration.png differ
diff --git a/lam/docs/manual-sources/images/jobs_windowsAccountExpiration.png b/lam/docs/manual-sources/images/jobs_windowsAccountExpiration.png
new file mode 100644
index 00000000..b6d1c378
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_windowsAccountExpiration.png differ
diff --git a/lam/lib/modules/freeRadius.inc b/lam/lib/modules/freeRadius.inc
index efdaa034..261dcfdf 100644
--- a/lam/lib/modules/freeRadius.inc
+++ b/lam/lib/modules/freeRadius.inc
@@ -776,7 +776,8 @@ class freeRadius extends baseModule {
*/
public function getSupportedJobs(&$config) {
return array(
- new FreeRadiusAccountExpirationCleanupJob()
+ new FreeRadiusAccountExpirationCleanupJob(),
+ new FreeRadiusAccountExpirationNotifyJob()
);
}
@@ -856,6 +857,89 @@ if (interface_exists('\LAM\JOB\Job', false)) {
}
+ /**
+ * Job to notify users about account expiration.
+ *
+ * @package jobs
+ */
+ class FreeRadiusAccountExpirationNotifyJob extends \LAM\JOB\PasswordExpirationJob {
+
+ /**
+ * {@inheritDoc}
+ * @see \LAM\JOB\Job::getAlias()
+ */
+ public function getAlias() {
+ return _('FreeRadius') . ': ' . _('Notify users about account expiration');
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see \LAM\JOB\PasswordExpirationJob::getDescription()
+ */
+ public function getDescription() {
+ return _('This job sends out emails to inform your users that their account will expire soon.');
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see \LAM\JOB\PasswordExpirationJob::findUsers()
+ */
+ protected function findUsers($jobID, $options) {
+ // read users
+ $sysattrs = array('radiusExpiration', 'mail');
+ $attrs = $this->getAttrWildcards($jobID, $options);
+ $attrs = array_values(array_unique(array_merge($attrs, $sysattrs)));
+ $userResults = searchLDAPByFilter('(&(radiusExpiration=*)(mail=*))', $attrs, array('user'));
+ return $userResults;
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see \LAM\JOB\PasswordExpirationJob::checkSingleUser()
+ */
+ protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
+ $dn = $user['dn'];
+ // get time when account expires
+ $expirationTime = DateTime::createFromFormat('d M Y H:i', $user['radiusexpiration'][0], new DateTimeZone('UTC'));
+ $this->jobResultLog->logDebug("Account expiration on " . $expirationTime->format('Y-m-d'));
+ // skip if account itself is expired
+ if ($expirationTime <= $now) {
+ $this->jobResultLog->logDebug($dn . ' already expired');
+ return;
+ }
+ $numDaysToWarn = $options[$this->getConfigPrefix() . '_mailNotificationPeriod' . $jobID][0];
+ $this->jobResultLog->logDebug("Number of days before warning " . $numDaysToWarn);
+ // calculate time of notification
+ $notifyTime = clone $expirationTime;
+ $notifyTime->sub(new DateInterval('P' . $numDaysToWarn . 'D'));
+ $notifyTime->setTimeZone(getTimeZone());
+ $this->jobResultLog->logDebug("Account expiration notification on " . $notifyTime->format('Y-m-d H:i'));
+ // skip if notification is in the future
+ if ($notifyTime > $now) {
+ $this->jobResultLog->logDebug($dn . ' does not need notification yet.');
+ return;
+ }
+ $dbLastChange = $this->getDBLastPwdChangeTime($jobID, $pdo, $dn);
+ // skip entries where mail was already sent
+ if ($dbLastChange == $user['radiusexpiration'][0]) {
+ $this->jobResultLog->logDebug($dn . ' was already notified.');
+ return;
+ }
+ if ($isDryRun) {
+ // no action for dry run
+ $this->jobResultLog->logInfo('Not sending email to ' . $dn . ' because of dry run.');
+ return;
+ }
+ // send email
+ $success = $this->sendMail($options, $jobID, $user, $expirationTime);
+ // update DB if mail was sent successfully
+ if ($success) {
+ $this->setDBLastPwdChangeTime($jobID, $pdo, $dn, $user['radiusexpiration'][0]);
+ }
+ }
+
+ }
+
}
diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc
index 7f408e4d..38885919 100644
--- a/lam/lib/modules/windowsUser.inc
+++ b/lam/lib/modules/windowsUser.inc
@@ -3849,7 +3849,7 @@ if (interface_exists('\LAM\JOB\Job', false)) {
$notifyTime = clone $expirationTime;
$notifyTime->sub(new DateInterval('P' . $numDaysToWarn . 'D'));
$notifyTime->setTimeZone(getTimeZone());
- $this->jobResultLog->logDebug("Password notification on " . $notifyTime->format('Y-m-d H:i'));
+ $this->jobResultLog->logDebug("Account expiration notification on " . $notifyTime->format('Y-m-d H:i'));
// skip if notification is in the future
if ($notifyTime > $now) {
$this->jobResultLog->logDebug($dn . ' does not need notification yet.');