Created
June 22, 2018 22:13
-
-
Save lanbugs/8dd71b0849d063bc96b67c7527dbcc38 to your computer and use it in GitHub Desktop.
Generates email alias list from active directory for postfix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# getadsmtp.py | |
# Written by Maximilian Thoma 2016 | |
# Version 1.0 | |
# The script is an translation from the orginal perl script getadsmtp.pl | |
# This script will pull all users' SMTP addresses from your Active Directory | |
# (including primary and secondary email addresses) and list them in the | |
# format "user@example.com OK" which Postfix uses with relay_recipient_maps. | |
# Be sure to double-check the path to python above. | |
# This requires python-ldap to be installed. To install python-ldap on debian based systems, | |
# at a shell type "apt-get install python-ldap" or "sudo apt-get install python-ldap" | |
import os, sys, ldap | |
# Enter the path/file for the output | |
valid_addresses = "/etc/postfix/example_recipients" | |
# Enter the FQDN of your Active Directory domain controllers below | |
dc1="dc01.example.com" | |
dc2="dc02.example.com" | |
# Enter the LDAP container for your userbase. | |
# The syntax is CN=Users,dc=example,dc=com | |
# This can be found by installing the Windows 2000 Support Tools | |
# then running ADSI Edit. | |
# In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" & | |
# you will see, for example, DC=example,DC=com (this is your base). | |
# The Users Container will be specified in the right pane as | |
# CN=Users depending on your schema (this is your container). | |
# You can double-check this by clicking "Properties" of your user | |
# folder in ADSI Edit and examining the "Path" value, such as: | |
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com | |
# which would be hqbase="cn=Users,dc=example,dc=com" | |
# Note: You can also use just hqbase="dc=example,dc=com" | |
hqbase="cn=Users,dc=example,dc=com" | |
# Enter the username & password for a valid user in your Active Directory | |
# with username in the form cn=username,cn=Users,dc=example,dc=com | |
# Make sure the user's password does not expire. Note that this user | |
# does not require any special privileges. | |
# You can double-check this by clicking "Properties" of your user in | |
# ADSI Edit and examining the "Path" value, such as: | |
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com | |
# which would be $user="cn=user,cn=Users,dc=example,dc=com" | |
# Note: You can also use the UPN login: "user@example.com" | |
user="cn=user,cn=Users,dc=example,dc=com" | |
passwd="password" | |
try: | |
l = ldap.initialize("ldap://%s" %(dc1)) | |
l.set_option(ldap.OPT_REFERRALS, 0) | |
l.protocol_version = 3 | |
l.simple_bind_s(user, passwd) | |
except ldap.LDAPError, e: | |
try: | |
l = ldap.initialize("ldap://%s" %(dc2)) | |
l.set_option(ldap.OPT_REFERRALS, 0) | |
l.protocol_version = 3 | |
l.simple_bind_s(user, passwd) | |
except ldap.LDAPError, e: | |
print "Error connecting to specified domain controllers\n" | |
sys.exit() | |
# Play around with this to grab objects such as Contacts, Public Folders, etc. | |
# A minimal filter for just users with email would be: | |
# filter = "(&(sAMAccountName=*)(mail=*))" | |
filter = "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectClass=msExchDynamicDistributionList) ))" | |
attrs = ["proxyAddresses"] | |
scope = ldap.SCOPE_SUBTREE | |
r = l.search(hqbase, scope, filter, attrs) | |
type,a = l.result(r) | |
result_set = [] | |
for x in a: | |
name,attrs = x | |
if hasattr(attrs, 'has_key') and attrs.has_key('proxyAddresses'): | |
proxyAddresses = attrs['proxyAddresses'] | |
for y in proxyAddresses: | |
result_set.append("%s OK" %(y.replace("smtp:","").replace("SMTP:",""))) | |
# Add additional restrictions, users, etc. to the output file below. | |
#result_set.append("user@example.com OK") | |
#result_set.append("user1@example.com 550 User unknown.") | |
#result_set.append("bad.example.com 550 User does not exist.") | |
####################################################################### | |
# Build file ... | |
output = file(valid_addresses,'w') | |
for line in result_set: | |
output.write("%s\n" %(line)) | |
output.close() | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment