-- Line Below will take the username of the current logged in user and log it to CurrUser
set CurrUser to do shell script "whoami"
-- Line Below will be the address of the LDAP server to use when looking up this information
set LDAPServer to "YOUR_LDAP_SERVER"
-- Line Below will be the searchbase to look for users.  This is optional.   If not used, remove the entry below of: "-b " & BaseDN "
set BaseDN to "SEARCH_BASE"
-- Line below will direct the user to the address of web-based password management page
set PasswordChangeSite to "PASSWORD_PORTAL_SITE"
-- Line below will be at which point, in days,  to start notifying people if their password expires.
set ExpireWarning to 5


set shellScriptReturn to do shell script "ldapsearch -x -h " & LDAPServer & " -LLL -b " & BaseDN & " cn=" & CurrUser & " passwordExpirationTime" as text
if length of shellScriptReturn is not 0 then
	
	set n to (text 1 thru 14 of word -1 of shellScriptReturn) as number
	set expiryDate to date "Monday, December 1, 1000 12:00:0 AM"
	set expiryDate's year to n div 1.0E+10 - 1
	set expiryDate's day to (n mod 1.0E+10 div 100000000) * 32
	set expiryDate's day to n mod 100000000 div 1000000
	set expiryDate's time to n mod 1000000 div 10000 * hours + n mod 10000 div 100 * minutes + n mod 100
	set expiryDays to ((expiryDate - (current date)) div days)
	log expiryDays
	if expiryDays < ExpireWarning and expiryDays > 0 then
		set theReply to display dialog "Your password will expire in " & expiryDays & " day(s).  Do you want to change it now?" buttons {"Yes", "No"} default button 1
		if button returned of theReply is "Yes" then
			tell application "Safari"
				activate
				make new document at the beginning of documents
				set the URL of the front document to PasswordChangeSite
				set the bounds of window 1 to {0, 22, 900, 644}
				close (every window whose name is "Untitled 1")
			end tell
		end if
	else if expiryDays < 1 then
		set shellScriptReturn to do shell script "ldapsearch -x -h " & LDAPServer & " -LLL cn=" & CurrUser & " -b " & BaseDN & " loginGraceRemaining | grep loginGraceRemaining:' '" as text
		set k to (text 1 thru 1 of word -1 of shellScriptReturn) as number
		if k is 0 then
			set theReply to display dialog "You have no grace logins remaining.  Click on Yes to change your password now." buttons {"Yes"} default button 1
			if button returned of theReply is "Yes" then
				tell application "Safari"
					activate
					make new document at the beginning of documents
					set the URL of the front document to PasswordChangeSite
					set the bounds of window 1 to {0, 22, 900, 644}
					close (every window whose name is "Untitled 1")
				end tell
			end if
		else
			display dialog "Your account has used all of its grace logins.  Please contact the help desk to have your account reset." buttons {"Okay"} default button 1
		end if
	end if
end if