#!/usr/bin/perl -T -w# This script will pull all users' SMTP addresses from yo

1. #!/usr/bin/perl -T -w
2. # This script will pull all users' SMTP addresses from your Active Directory
3. # (including primary and secondary email addresses) and list them in the
4. # format "[email protected] OK" which Postfix uses with relay_recipient_maps.
5. # Be sure to double-check the path to perl above.
6. # This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
7. # type "perl -MCPAN -e shell" and then "install Net::LDAP"
8. use Net::LDAP;
9. use Net::LDAP::Control::Paged;
10. use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );
11. use Data::Dumper;
12. # Enter the path/file for the output
13. $VALID = "/etc/postfix/relay_recipients";
14. open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
15. # Enter the FQDN of your Active Directory domain controllers below
16. $dc1="DC ADDRESS";
17. $dc2="DC2 ADDRESS";
18. # Enter the LDAP container for your userbase.
19. # The syntax is CN=Users,dc=example,dc=com
20. # This can be found by installing the Windows 2000 Support Tools
21. # then running ADSI Edit.
22. # In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
23. # you will see, for example, DC=example,DC=com (this is your base).
24. # The Users Container will be specified in the right pane as
25. # CN=Users depending on your schema (this is your container).
26. # You can double-check this by clicking "Properties" of your user
27. # folder in ADSI Edit and examining the "Path" value, such as:
28. # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
29. # which would be $hqbase="cn=Users,dc=example,dc=com"
30. # Note:  You can also use just $hqbase="dc=example,dc=com"
31. #$hqbase="cn=Users,dc=example,dc=com";
32. $hqbase="ou=<ouname> Users,dc=<domain>,dc=<tld>";
33. # Enter the username & password for a valid user in your Active Directory
34. # with username in the form cn=username,cn=Users,dc=example,dc=com
35. # Make sure the user's password does not expire.  Note that this user
36. # does not require any special privileges.
37. # You can double-check this by clicking "Properties" of your user in
38. # ADSI Edit and examining the "Path" value, such as:
39. # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
40. # which would be $user="cn=user,cn=Users,dc=example,dc=com"
41. # Note: You can also use the UPN login: "user\@example.com"
42. $user="cn=ldapquery,ou=<ouname>,dc=<domain>,dc=<tld>";
43. $passwd="Password";
44. # Connecting to Active Directory domain controllers
45. $noldapserver=0;
46. $ldap = Net::LDAP->new($dc1) or
47.    $noldapserver=1;
48. if ($noldapserver == 1)  {
49.    $ldap = Net::LDAP->new($dc2) or
50.       die "Error connecting to specified domain controllers $@ \n";
51. }
52. $mesg = $ldap->bind ( dn => $user,
53.                       password =>$passwd);
54. if ( $mesg->code()) {
55.     die ("error:", $mesg->error_text((),"\n"));
56. }
57. # How many LDAP query results to grab for each paged round
58. # Set to under 1000 for Active Directory
59. $page = Net::LDAP::Control::Paged->new( size => 990 );
60. @args = ( base     => $hqbase,
61. # Play around with this to grab objects such as Contacts, Public Folders, etc.
62. # A minimal filter for just users with email would be:
63. # filter => "(&(sAMAccountName=*)(mail=*))"
64.          filter => "(& (mailnickname=*) (| (&(objectCategory=person)
65.                    (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
66.                    (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
67.                    (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
68.                    (objectCategory=group)(objectCategory=publicFolder) ))",
69.           control  => [ $page ],
70.           attrs => [ "proxyAddresses" ],
71. #ORIG          attrs  => "proxyAddresses",
72. );
73. my $cookie;
74. while(1) {
75.   # Perform search
76.   my $mesg = $ldap->search( @args );
77.  
78. #print "DEBUG: $mesg\n" . Dumper($mesg);
79.  
80. # Filtering results for proxyAddresses attributes
81.   foreach my $entry ( $mesg->entries ) {
82.     my $name = $entry->get_value( "cn" );
83.  
84. #print "DEBUG: $name\n";
85.  
86. # LDAP Attributes are multi-valued, so we have to print each one.
87.     foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
88.      # Test if the Line starts with one of the following lines:
89.      # proxyAddresses: [smtp|SMTP]:
90.      # and also discard this starting string, so that $mail is only the
91.      # address without any other characters...
92.      if ( $mail =~ s/^(smtp|SMTP)://gs ) {
93.        print VALID $mail." OK\n";
94.      }
95.     }
96.   }
97.   # Only continue on LDAP_SUCCESS
98.   $mesg->code and last;
99.   # Get cookie from paged control
100.   my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
101.   $cookie    = $resp->cookie or last;
102.   # Set cookie in paged control
103.   $page->cookie($cookie);
104. }
105. if ($cookie) {
106.   # We had an abnormal exit, so let the server know we do not want any more
107.   $page->cookie($cookie);
108.   $page->size(0);
109.   $ldap->search( @args );
110.   # Also would be a good idea to die unhappily and inform OP at this point
111.      die("LDAP query unsuccessful");
112. }
113. # Add additional restrictions, users, etc. to the output file below.
114. #print VALID "user\@domain1.com OK\n";
115. #print VALID "user\@domain2.com 550 User unknown.\n";
116. #print VALID "domain3.com 550 User does not exist.\n";
117. close VALID;