#!/usr/bin/perl -T -w# This script will pull all users' SMTP addresses from yo

1. #!/usr/bin/perl -T -w
2. # This script will pull all users' SMTP addresses from your Active Directory
3. # (including primary and secondary email addresses) and list them in the
4. # format "user@example.com OK" which Postfix uses with relay_recipient_maps.
5. # Be sure to double-check the path to perl above.
6. # This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
7. # type "perl -MCPAN -e shell" and then "install Net::LDAP"
8. use Net::LDAP;
9. use Net::LDAP::Control::Paged;
10. use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );
11. # Enter the path/file for the output
12. $VALID = "/etc/postfix/relay_recipients";
13. open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
14. # Enter the FQDN of your Active Directory domain controllers below
15. $dc1="leadgtsxchngtmp.leadsys.local";
16. $dc2="leadgtsxchngtmp2.leadsys.local";
17. # Enter the LDAP container for your userbase.
18. # The syntax is CN=Users,dc=example,dc=com
19. # This can be found by installing the Windows 2000 Support Tools
20. # then running ADSI Edit.
21. # In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
22. # you will see, for example, DC=example,DC=com (this is your base).
23. # The Users Container will be specified in the right pane as
24. # CN=Users depending on your schema (this is your container).
25. # You can double-check this by clicking "Properties" of your user
26. # folder in ADSI Edit and examining the "Path" value, such as:
27. # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
28. # which would be $hqbase="cn=Users,dc=example,dc=com"
29. # Note:  You can also use just $hqbase="dc=example,dc=com"
30. #$hqbase="cn=Users,dc=example,dc=com";
31. $hqbase="ou=Leadsys Users,dc=leadsys,dc=local";
32. # Enter the username & password for a valid user in your Active Directory
33. # with username in the form cn=username,cn=Users,dc=example,dc=com
34. # Make sure the user's password does not expire.  Note that this user
35. # does not require any special privileges.
36. # You can double-check this by clicking "Properties" of your user in
37. # ADSI Edit and examining the "Path" value, such as:
38. # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
39. # which would be $user="cn=user,cn=Users,dc=example,dc=com"
40. # Note: You can also use the UPN login: "user\@example.com"
41. $user="cn=ldapquery,ou=Leadsys Users,dc=leadsys,dc=local";
42. $passwd="ASDFGASDFGqwertqwert%=()@&ASDFGASDFGqwertqwert%=()@&";
43. # Connecting to Active Directory domain controllers
44. $noldapserver=0;
45. $ldap = Net::LDAP->new($dc1) or
46.    $noldapserver=1;
47. if ($noldapserver == 1)  {
48.    $ldap = Net::LDAP->new($dc2) or
49.       die "Error connecting to specified domain controllers $@ \n";
50. }
51. $mesg = $ldap->bind ( dn => $user,
52.                       password =>$passwd);
53. if ( $mesg->code()) {
54.     die ("error:", $mesg->error_text((),"\n"));
55. }
56. # How many LDAP query results to grab for each paged round
57. # Set to under 1000 for Active Directory
58. $page = Net::LDAP::Control::Paged->new( size => 990 );
59. @args = ( base     => $hqbase,
60. # Play around with this to grab objects such as Contacts, Public Folders, etc.
61. # A minimal filter for just users with email would be:
62. # filter => "(&(sAMAccountName=*)(mail=*))"
63.          filter => "(& (mailnickname=*) (| (&(objectCategory=person)
64.                    (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
65.                    (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
66.                    (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
67.                    (objectCategory=group)(objectCategory=publicFolder) ))",
68.           control  => [ $page ],
69.           attrs  => "proxyAddresses",
70. );
71. my $cookie;
72. while(1) {
73.   # Perform search
74.   my $mesg = $ldap->search( @args );
75.  
76. print "DEBUG: $mesg\n";
77.  
78. # Filtering results for proxyAddresses attributes
79.   foreach my $entry ( $mesg->entries ) {
80.     my $name = $entry->get_value( "cn" );
81.  
82. print "DEBUG: $name\n";
83.  
84. # LDAP Attributes are multi-valued, so we have to print each one.
85.     foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
86. # Test if the Line starts with one of the following lines:
87.      # proxyAddresses: [smtp|SMTP]:
88.      # and also discard this starting string, so that $mail is only the
89.      # address without any other characters...
90.      if ( $mail =~ s/^(smtp|SMTP)://gs ) {
91.        print VALID $mail." OK\n";
92.      }
93.     }
94.   }
95.   # Only continue on LDAP_SUCCESS
96.   $mesg->code and last;
97.   # Get cookie from paged control
98.   my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
99.   $cookie    = $resp->cookie or last;
100.   # Set cookie in paged control
101.   $page->cookie($cookie);
102. }
103. if ($cookie) {
104.   # We had an abnormal exit, so let the server know we do not want any more
105.   $page->cookie($cookie);
106.   $page->size(0);
107.   $ldap->search( @args );
108.   # Also would be a good idea to die unhappily and inform OP at this point
109.      die("LDAP query unsuccessful");
110. }
111. # Add additional restrictions, users, etc. to the output file below.
112. #print VALID "user\@domain1.com OK\n";
113. #print VALID "user\@domain2.com 550 User unknown.\n";
114. #print VALID "domain3.com 550 User does not exist.\n";
115. close VALID;