nhneutrino

Untitled

Dec 19th, 2014
431
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 5.41 KB | None | 0 0
  1.    
  2.  
  3.     #!/usr/bin/perl -T -w
  4.     # This script will pull all users' SMTP addresses from your Active Directory
  5.     # (including primary and secondary email addresses) and list them in the
  6.     # format "[email protected] OK" which Postfix uses with relay_recipient_maps.
  7.     # Be sure to double-check the path to perl above.
  8.     # This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
  9.     # type "perl -MCPAN -e shell" and then "install Net::LDAP"
  10.     use Net::LDAP;
  11.     use Net::LDAP::Control::Paged;
  12.     use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );
  13.     # Enter the path/file for the output
  14.     $VALID = "/etc/postfix/relay_recipients";
  15.     open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
  16.     # Enter the FQDN of your Active Directory domain controllers below
  17.     $dc1="mydc1.local";
  18.     $dc2="mydc2.local";
  19.     # Enter the LDAP container for your userbase.
  20.     # The syntax is CN=Users,dc=example,dc=com
  21.     # This can be found by installing the Windows 2000 Support Tools
  22.     # then running ADSI Edit.
  23.     # In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
  24.     # you will see, for example, DC=example,DC=com (this is your base).
  25.     # The Users Container will be specified in the right pane as
  26.     # CN=Users depending on your schema (this is your container).
  27.     # You can double-check this by clicking "Properties" of your user
  28.     # folder in ADSI Edit and examining the "Path" value, such as:
  29.     # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
  30.     # which would be $hqbase="cn=Users,dc=example,dc=com"
  31.     # Note:  You can also use just $hqbase="dc=example,dc=com"
  32.     #$hqbase="cn=Users,dc=example,dc=com";
  33.     $hqbase="ou=blabla Users,dc=blabla,dc=local";
  34.     # Enter the username & password for a valid user in your Active Directory
  35.     # with username in the form cn=username,cn=Users,dc=example,dc=com
  36.     # Make sure the user's password does not expire.  Note that this user
  37.     # does not require any special privileges.
  38.     # You can double-check this by clicking "Properties" of your user in
  39.     # ADSI Edit and examining the "Path" value, such as:
  40.     # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
  41.     # which would be $user="cn=user,cn=Users,dc=example,dc=com"
  42.     # Note: You can also use the UPN login: "user\@example.com"
  43.     $user="cn=ldapquery,ou=blabla Users,dc=blabla,dc=local";
  44.     $passwd="password";
  45.     # Connecting to Active Directory domain controllers
  46.     $noldapserver=0;
  47.     $ldap = Net::LDAP->new($dc1) or
  48.        $noldapserver=1;
  49.     if ($noldapserver == 1)  {
  50.        $ldap = Net::LDAP->new($dc2) or
  51.           die "Error connecting to specified domain controllers $@ \n";
  52.     }
  53.     $mesg = $ldap->bind ( dn => $user,
  54.                           password =>$passwd);
  55.     if ( $mesg->code()) {
  56.         die ("error:", $mesg->error_text((),"\n"));
  57.     }
  58.     # How many LDAP query results to grab for each paged round
  59.     # Set to under 1000 for Active Directory
  60.     $page = Net::LDAP::Control::Paged->new( size => 990 );
  61.     @args = ( base     => $hqbase,
  62.     # Play around with this to grab objects such as Contacts, Public Folders, etc.
  63.     # A minimal filter for just users with email would be:
  64.     # filter => "(&(sAMAccountName=*)(mail=*))"
  65.              filter => "(& (mailnickname=*) (| (&(objectCategory=person)
  66.                       (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
  67.                       (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
  68.                       (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
  69.                       (objectCategory=group)(objectCategory=publicFolder) ))",
  70.               control  => [ $page ],
  71.               attrs  => "proxyAddresses",
  72.     );
  73.     my $cookie;
  74.     while(1) {
  75.       # Perform search
  76.       my $mesg = $ldap->search( @args );
  77.      
  78.     print "DEBUG: $mesg\n";
  79.      
  80.     # Filtering results for proxyAddresses attributes
  81.       foreach my $entry ( $mesg->entries ) {
  82.         my $name = $entry->get_value( "cn" );
  83.      
  84.     print "DEBUG: $name\n";
  85.      
  86.     # LDAP Attributes are multi-valued, so we have to print each one.
  87.         foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
  88.     # Test if the Line starts with one of the following lines:
  89.          # proxyAddresses: [smtp|SMTP]:
  90.          # and also discard this starting string, so that $mail is only the
  91.          # address without any other characters...
  92.          if ( $mail =~ s/^(smtp|SMTP)://gs ) {
  93.            print VALID $mail." OK\n";
  94.          }
  95.         }
  96.       }
  97.       # Only continue on LDAP_SUCCESS
  98.       $mesg->code and last;
  99.       # Get cookie from paged control
  100.       my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
  101.       $cookie    = $resp->cookie or last;
  102.       # Set cookie in paged control
  103.       $page->cookie($cookie);
  104.     }
  105.     if ($cookie) {
  106.       # We had an abnormal exit, so let the server know we do not want any more
  107.       $page->cookie($cookie);
  108.       $page->size(0);
  109.       $ldap->search( @args );
  110.       # Also would be a good idea to die unhappily and inform OP at this point
  111.          die("LDAP query unsuccessful");
  112.     }
  113.     # Add additional restrictions, users, etc. to the output file below.
  114.     #print VALID "user\@domain1.com OK\n";
  115.     #print VALID "user\@domain2.com 550 User unknown.\n";
  116.     #print VALID "domain3.com 550 User does not exist.\n";
  117.     close VALID;
Advertisement
Add Comment
Please, Sign In to add comment