add more logging into the password expiry checks

This commit is contained in:
2026-04-16 09:12:46 -04:00
parent 8633309968
commit 093b33db0d
2 changed files with 8 additions and 2 deletions

View File

@@ -40,6 +40,9 @@ func authenticateUser(username, password string) (*UserData, error) {
connected, err := ldapServer.AuthenticateUser(userDN, password) connected, err := ldapServer.AuthenticateUser(userDN, password)
if err != nil { if err != nil {
if strings.Contains(err.Error(), "Password is expired") {
return nil, fmt.Errorf("Password expired for %s\n", username)
}
return nil, err return nil, err
} }
if connected == false { if connected == false {
@@ -87,7 +90,6 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// 2. Logic for processing the form
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
username := r.FormValue("username") username := r.FormValue("username")
if strings.Contains(username, "/") { if strings.Contains(username, "/") {

View File

@@ -17,14 +17,18 @@ func InitPasswordExpiry() {
} }
func CheckPasswordExpriy() { func CheckPasswordExpriy() {
logging.Infof("Starting password expiry check")
now := time.Now().UTC() now := time.Now().UTC()
formatted := now.Format("20060102150405Z") formatted := now.Format("20060102150405Z")
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"uid", "cn", "mail", "krbPasswordExpiration"}) search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
if err != nil { if err != nil {
logging.Warn(err.Error()) logging.Warn(err.Error())
} }
logging.Infof("%d users with expired passwords", search.EntryCount())
for i := range search.EntryCount() { for i := range search.EntryCount() {
emailAddr := search.GetEntry(i).GetAttributeValue("mail") emailAddr := search.GetEntry(i).GetAttributeValue("mail")
if len(emailAddr) <= 0 { if len(emailAddr) <= 0 {