Postfix Script for Domino/Exchange users

Pete pete at eatathome.com.au
Fri Mar 12 03:27:56 GMT 2004


A colleague and i adapted a perl script we found on the net that was
designed to retrieve all the usernames from a Lotus Domino Directory
(with ldap turned on) and build an access map, or local recipient map or
relay access smap in postfix from the results. Am sure it wouldnt be
hard to modify the format and use for other MTAs?

See this page for full instructions
http://www.plusone.com/gaptuning/postfix/

We have configured it to allow for all our naming posibilities eg
prussell at sub.domain1.com
pete.russell at sub.domain1.com
p.russell at sub.domain1.com
prussell at domain1.com
p.russell at domain1.com
pete.russell at domain1.com


NOTE: we only modded this to suit us to work with Domino, ad posted it
here in the hope it would be usefull to another Domino user. :)
-------------- next part --------------
#!/usr/bin/perl -w

# This script will pull all users' SMTP addresses from your Domino Directory
# and list them in the # format "user at example.com OK" which Postfix uses
# with relay_recipient_maps.
# Be sure to double-check the path to perl above.

# This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
# type "perl -MCPAN -e shell" and then "install Net::LDAP"

use Net::LDAP;

# Enter the FQDN of your Domino Directory servers, you can use IP addresses if you want.
$dc1="domain1.com";
$dc2="domain2.com";

# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Softerra LDAP browsers
# and hitting the Fetch base DN button.
# IN Domino its normally your O certifier - O=oCertifiername
# to filter the list based on usernames, you may want to leave this blank
# to obtain group names etc our cert if Pete Russell/MMBS
# which would be $hqbase="o=MMBS"
$hqbase="o=MMBS";

# Enter the username & password for a valid user in your Domino Directory
# with username in the form cn=username
# Make sure the user's password does not expire.  Note that this user
# does not require any special privileges. Use a default admin user account.
# which would be $user="cn=user,cn=Users,dc=example,dc=com"
$user="cn=Administrator";
$passwd="internetpasswordforuseraccount";

# That's it, you're done.  Let the script do its job.
# Dont forget to chmod +x this script to make it executable
# run it with a command like ./getadsmtp.pl > names


# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
   $noldapserver=1;
if ($noldapserver == 1)  {
   $ldap = Net::LDAP->new($dc2) or
      die "Error connecting to specified domain controllers $@ \n";
}
$mesg = $ldap->bind ( dn =>
$user,

password =>$passwd);

if ( $mesg->code()) {
    die ("error:", $mesg->code(),"\n");
  }

$searchbase = $hqbase;

# Searching for users (not contacts) that are mail-enabled
$mesg = $ldap->search (base   => $searchbase,
                       filter => "(&(givenname=*)(sn=*)(shortname=*))",
                       attrs  => "mail");

$entries = $mesg->count;

if ($entries lt 1) {
  print "entries=0 \n";
}

# Filtering results for proxyAddresses attributes, thanks to Markus Schabel
# and Viktor Duchovni
foreach my $entry ( $mesg->entries ) {

   # SHORT NAME VARIATIONS
   foreach my $tmp ( $entry->get_value( "shortname" ) ) {
     print $tmp."\@subdomain.domain1.com.au\tOK\n";
     print $tmp."\@domain1.com.au\tOK\n";
     # get 1st character of $tmp
     ($firstchar,$therest) = split(//,$tmp,2);
     $userwithdot = "$firstchar.$therest";
     print $userwithdot."\@subdomain.domain1.com.au\tOK\n";
     print $userwithdot."\@domain1.com.au\tOK\n";
   }

   # FULL NAME
   $sn = $entry->get_value( "sn" );
   $fn = $entry->get_value( "givenname" );
   print "$fn.$sn\@subdomain.domain1.com.au\tOK\n";
   print "$fn.$sn\@domain1.com.au\tOK\n";

}


# Unbinding
$ldap->unbind;


More information about the MailScanner mailing list