Active Directory abfragen

Dieses Forum ist für alle Copfilter support Anfragen in Deutsch.
Post Reply
bexx
Posts: 20
Joined: 01 Dec 2010 12:01

Active Directory abfragen

Post by bexx »

Hallo Leute,
erstmal wünsche ich frohe Weihnachten gehabt zu haben :)

Nun zu meinem Anliegen. Wäre es möglich, AD Abfragen zu nutzen um Mails an nicht vorhande Adressen gleich zu verwerfen?

Hatte in einem Beitrag gelesen, dass ASSP das können soll?

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: Active Directory abfragen

Post by karesmakro »

Mit ASSP sollte das möglich sein, aber ASSP wird erst in Copfilter v2 integriert und das Erscheinungsdatum steht dafür noch nicht fest! Leider müssen die einzelnen Optionen noch einzeln durchgegangen, bzw. dann in Copfilter integriert werden.

Grüßé

jvp
Posts: 14
Joined: 12 Dec 2009 16:10

Re: Active Directory abfragen

Post by jvp »

ich habe sowas am Laufen, in http://copfilter.org/forum/viewtopic.php?f=4&t=342 ist im vorletzten Beitrag die Änderung in der mailscanner.sh beschrieben. Allerdings frage ich nicht bei jedem Posteingang das LDAP ab (auch um eine Störung des AD durch zu viele ungültige Abfragen zu vermeiden). Die /usr/local/bin/extract_email_adresses_to.awk sieht so aus:

Code: Select all

/^To:/{

ORS = " "

#check http://www.icann.org/registries/top-level-domains.htm and add new TLD here

regexp="[a-z0-9][a-z0-9._+-]*@(([a-z0-9._+-])+.)+(com|net|org|edu|int|mil|gov|arpa|biz|aero|name|coop|info|pro|museum
|travel|[a-z][a-z])";
line=$0;

while (length(line)!=0) {
    if (match(toupper(line),toupper(regexp))) {
        print substr(line,RSTART,RLENGTH);
    }
    else
        break;
    line=substr(line,RSTART+RLENGTH,length(line));
}

}
die LDAP-Abfrage wird per crontab einmal täglich aufgerufen und sieht so aus (stammt glaube ich noch aus dem alten CopFilter-Forum):

Code: Select all

#!/usr/bin/perl -T -w

# Version 1.02

# This script will pull all users' SMTP addresses from your Active Directory
# (including primary and secondary email addresses) and list them in the
# format "user@example.com OK" which Postfix uses with relay_recipient_maps.
# Be sure to double-check the path to perl above.

# This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
# type "perl -MCPAN -e shell" and then "install Net::LDAP"

use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );

# Enter the path/file for the output
$VALID = "/etc/recipients";

# Enter the FQDN of your Active Directory domain controllers below
$dc1="domaincontroller1.example.com";
$dc2="domaincontroller2.example.com";

# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Windows 2000 Support Tools
# then running ADSI Edit.
# In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
# you will see, for example, DC=example,DC=com (this is your base).
# The Users Container will be specified in the right pane as
# CN=Users depending on your schema (this is your container).
# You can double-check this by clicking "Properties" of your user
# folder in ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
# which would be $hqbase="cn=Users,dc=example,dc=com"
# Note:  You can also use just $hqbase="dc=example,dc=com"
$hqbase="cn=Users,dc=domain,dc=local";

# Enter the username & password for a valid user in your Active Directory
# with username in the form cn=username,cn=Users,dc=example,dc=com
# Make sure the user's password does not expire.  Note that this user
# does not require any special privileges.
# You can double-check this by clicking "Properties" of your user in
# ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
# which would be $user="cn=user,cn=Users,dc=example,dc=com"
# Note: You can also use the UPN login: "user\@example.com"
$user="cn=user,cn=Users,dc=domain,dc=local";
$passwd="password";

# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
   $noldapserver=1;
if ($noldapserver == 1)  {
   $ldap = Net::LDAP->new($dc2) or
      die "Error connecting to specified domain controllers $@ \n";
}

$mesg = $ldap->bind ( dn => $user,
                     password =>$passwd);
if ( $mesg->code()) {
    die ("error:", $mesg->code(),"\n","error name: ",$mesg->error_name(),
        "\n", "error text: ",$mesg->error_text(),"\n");
}

# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
$page = Net::LDAP::Control::Paged->new( size => 990 );

@args = ( base     => $hqbase,
# Play around with this to grab objects such as Contacts, Public Folders, etc.
# A minimal filter for just users with email would be:
# filter => "(&(sAMAccountName=*)(mail=*))"
#         filter => "(& (mailnickname=*) (| (&(objectCategory=person)
#                    (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
#                    (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
#                    (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
#                    (objectCategory=group)(objectCategory=publicFolder)(objectClass=msExchDynamicDistributionList) ))",
	filter => "(&(&(proxyaddresses=*)(|(objectclass=user)(objectclass=publicFolder)(objectclass=group)(objectclass=Contact))))",
          control  => [ $page ],
          attrs  => "proxyAddresses",
);

my $cookie;
while(1) {
  # Perform search
  my $mesg = $ldap->search( @args );

# Filtering results for proxyAddresses attributes  
  foreach my $entry ( $mesg->entries ) {
    my $name = $entry->get_value( "cn" );
    # LDAP Attributes are multi-valued, so we have to print each one.
    foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
     # Test if the Line starts with one of the following lines:
     # proxyAddresses: [smtp|SMTP]:
     # and also discard this starting string, so that $mail is only the
     # address without any other characters...
     if ( $mail =~ s/^(smtp|SMTP)://gs ) {
	if ( $mail !~ /[\{\/\=\+]/ ) {
		push(@valid, $mail."\n"); 
#	} else {
#		print $mail."\n";
	}
     }
    }
  }

  # Only continue on LDAP_SUCCESS
  $mesg->code and last;

  # Get cookie from paged control
  my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
  $cookie    = $resp->cookie or last;

  # Set cookie in paged control
  $page->cookie($cookie);
}

if ($cookie) {
  # We had an abnormal exit, so let the server know we do not want any more
  $page->cookie($cookie);
  $page->size(0);
  $ldap->search( @args );
  # Also would be a good idea to die unhappily and inform OP at this point
     die("LDAP query unsuccessful");
}
# Only write the file once the query is successful
open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
print VALID sort @valid;
# Add additional restrictions, users, etc. to the output file below.
#print VALID "user\@example.com OK\n";
#print VALID "user1\@example.com 550 User unknown.\n";
#print VALID "bad.example.com 550 User does not exist.\n";

close VALID;

Anpassen mußt Du

Code: Select all

$VALID=
$dc1=
$dc2=
$hqbase=
$user=
$passwd=

cjmatsel
Posts: 46
Joined: 05 Jan 2010 18:16

Re: Active Directory abfragen

Post by cjmatsel »

Hi,

hat das mal jemand auf dem aktuellen Copfilter 2.1.93beta1 umgesetzt? Mir fehlen wohl die Perl::LDAP-Module, obwohl im Copfilter-Verzeichnis welche enthalten sind...

cu,
cjmatsel

Post Reply