Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expiring password email notification #7229

Closed
DavidePrincipi opened this issue Dec 20, 2024 · 4 comments
Closed

Expiring password email notification #7229

DavidePrincipi opened this issue Dec 20, 2024 · 4 comments
Labels
milestone goal 👑 This describes an announced milestone goal verified All test cases were verified successfully

Comments

@DavidePrincipi
Copy link
Member

With an internal LDAP and Mail instance, users can be notified when their password is about to expire.

Discussion https://mattermost.nethesis.it/nethesis/pl/xe9sg3xx47nwuxsm3zwcbze45e

@DavidePrincipi DavidePrincipi converted this from a draft issue Dec 20, 2024
@DavidePrincipi DavidePrincipi added the milestone goal 👑 This describes an announced milestone goal label Dec 20, 2024
@DavidePrincipi DavidePrincipi added this to the NethServer 8.4 milestone Dec 20, 2024
@DavidePrincipi DavidePrincipi moved this from Backlog to ToDo in NethServer Dec 20, 2024
@DavidePrincipi DavidePrincipi moved this from ToDo to In Progress in NethServer Mar 6, 2025
@gsanchietti
Copy link
Member

Additional details:

  • Only internal domains are supported.
  • Mail notification can be configured from the domain settings page.
  • Make the email field for users configurable.
  • If the user's email field is not available inside the LDAP, a fallback mechanism should be used: use the mail associated to the user inside the first Mail server instance
  • A default template should be used for all notifications, but a customizable email template should be available per domain; the default template must include a link to the user portal.

Things to consider:

  • The ldapproxy should access the LDAP server with ldapservice. If permissions are insufficient, invoke an action on a module list-user-with-expired-info.

Future improvements:

  • Show the email field inside the user portal, the mail field can be modified by the administrator

@gsanchietti
Copy link
Member

gsanchietti commented Mar 11, 2025

Testing versions:

  • Samba 2.3.5-dev.1
  • OpenLDAP 2.2.7-dev.2
  • Core 3.6.0-dev.3

Install
Install the custom core image:

curl https://raw.githubusercontent.com/NethServer/ns8-core/main/core/install.sh > install.sh 
bash install.sh ghcr.io/nethserver/core:3.6.0-dev.3
create-cluster rl1.leader.cluster0.gs.nethserver.net:55820 10.5.4.0/24 Nethesis,1234

Setup custom images for Samba and OpenLDAP:

redis-cli hset cluster/override/modules samba ghcr.io/nethserver/samba:2.3.5-dev.1
redis-cli hset cluster/override/modules openldap ghcr.io/nethserver/openldap:2.2.7-dev.2

Test case 1: password warning UI

  • Install on a clean machine (see install above)
  • Install an OpenLDAP internal user domain and provision it
  • Create a new user named user1
  • Go to Configuration of the domain
  • Verify "Password warning" is disabled
  • Open "Edit password warning", verify it shows an info box with a link to mail notifications settings
  • Go to the Mail notification page and configure an external SMTP
  • Return to the domain Configuration page
  • Open "Edit password warning", verify it shows no info box and the configuration can proceed
  • Disable the password aging
  • Open "Edit password warning", verify it shows an info box about password aging

Test case 2: password warning, default English template with Mail server

  • After test case 1
  • Install a mail server instance and connect it to the OpenLDAP domain on test case
  • Go to the Mail notification page and configure the mail instance as
  • Enable again password aging
  • Open "Edit password warning", enable it and select the default English template
  • Set expiration days to 1000
  • Go the shell and verity the timer is enabled: systemctl status password-warning.timer
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user1 receives the mail (you can install a Roundcubemail instance to check it)
  • You can also check if the mail has been sent by using journalctl -u password-warning.service, you should find something like:
    Mar 12 08:49:35 rl1.leader.cluster0.gs.nethserver.net runagent[77927]: Password notification sent for user user1 to user1@leader.cluster0.gs.nethserver.net
    

Test case 3: password warning, default Italian template with Mail server

  • After test case 2
  • Open "Edit password warning", select the Italian template
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user1 receives the mail (you can install a Roundcubemail instance to check it)

Test case 4: password warning, custom template with Mail server

  • After test case 3
  • Open "Edit password warning", select a custom template
  • Make sure that if you do not enter mail subject or mail content, the UI raises a validation error
  • Add a plain text mail subject using at least one placeholder
  • Add the mail template using at least one placeholder
  • Save the configuration
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user1 receives the mail (you can install a Roundcubemail instance to check it)
  • Return to the "Edit password warning" configuration
  • Add an HTML mail template
  • Save the configuration
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user1 receives the mail (you can install a Roundcubemail instance to check it)

Test case 5: OpenLDAP edit user, password warning, with external SMTP server

  • After test case 2
  • Go to Mail notification page, configure an external SMTP server
  • Access the user portal manager
  • Set an external mail address for user1 by editing the user
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user1 receives the mail into the newly configured address

Test case 6: OpenLDAP add user, password warning, with external SMTP server

  • After test case 5
  • Access the user portal manager
  • Create a new user2 with an external mail address
  • Go to the shell and execute: systemctl start password-warning.service
  • Verify the user2 receives the mail into the newly configured address
  • Modify user2 by removing the mail address
  • Verify the user2 does not receives the mail

Test case 7: Samba edit user, password warning, with external SMTP server

  • Install a local Samba domain
  • Repeat test case 5 but with user portal associated to Samba user domain

Test case 8: Samba add user, password warning, with external SMTP server

  • Repeat test case 6 but with user portal associated to Samba user domain

Test case 9: OpenLDAP, user portal, expired password

  • After test case 8
  • Move the date into the future date --set="+2 years"
  • Access the OpenLDAP user portal
  • Verify there is a warning icon next to the expired users

Test case 9: Samba, user portal, expired password

  • After test case 9
  • Access the Samba user portal
  • Verify there is a warning icon next to the expired users

Test case 10: update cluster

  • Install a cluster with the stable release
  • Update it to the testing version: api-cli run update-core --data '{"core_url":"ghcr.io/nethserver/core:3.6.0-dev.2","nodes":[1], "force": true}'
  • Go the shell and verity the timer is enabled: systemctl status password-warning.timer

gsanchietti added a commit to NethServer/ns8-samba that referenced this issue Mar 12, 2025
gsanchietti added a commit to NethServer/ns8-openldap that referenced this issue Mar 12, 2025
gsanchietti added a commit to NethServer/ns8-core that referenced this issue Mar 12, 2025
@gsanchietti gsanchietti removed their assignment Mar 13, 2025
@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Mar 13, 2025
@nethbot nethbot moved this from In Progress to Testing in NethServer Mar 13, 2025
@DavidePrincipi DavidePrincipi self-assigned this Mar 13, 2025
DavidePrincipi added a commit to NethServer/ns8-core that referenced this issue Mar 13, 2025
DavidePrincipi pushed a commit to NethServer/ns8-core that referenced this issue Mar 13, 2025
Translate-URL: https://hosted.weblate.org/projects/ns8/core/ar/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/de/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/es/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/eu/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/it/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/pt/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/pt_BR/
Translation: NS8/core

Co-authored-by: Davide Principi <davide.principi@nethesis.it>
Co-authored-by: LibreTranslate <noreply-mt-libretranslate@weblate.org>
Co-authored-by: Prefill add-on <noreply-addon-prefill@weblate.org>
Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>

Refs NethServer/dev#7229
DavidePrincipi pushed a commit to NethServer/ns8-core that referenced this issue Mar 14, 2025
Translate-URL: https://hosted.weblate.org/projects/ns8/core/it/
Translation: NS8/core

Co-authored-by: Davide Principi <davide.principi@nethesis.it>

Refs NethServer/dev#7229
@DavidePrincipi
Copy link
Member Author

DavidePrincipi commented Mar 14, 2025

VERIFIED

Note: the $portal_url placeholder always points to the leader node FQDN. This behavior does not fit multi-node clusters, where I can workaround the issue by configuring a custom template that does not use $portal_url.

@DavidePrincipi DavidePrincipi removed their assignment Mar 14, 2025
@DavidePrincipi DavidePrincipi added the verified All test cases were verified successfully label Mar 14, 2025
@github-actions github-actions bot removed the testing Packages are available from testing repositories label Mar 14, 2025
@nethbot nethbot moved this from Testing to Verified in NethServer Mar 14, 2025
DavidePrincipi pushed a commit to NethServer/ns8-docs that referenced this issue Mar 14, 2025
@github-project-automation github-project-automation bot moved this from Verified to Done in NethServer Mar 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
milestone goal 👑 This describes an announced milestone goal verified All test cases were verified successfully
Projects
Status: Done
Development

No branches or pull requests

2 participants