View Single Post
Old 26th June 2013, 22:40
Chluz Chluz is offline
Junior Member
Join Date: Jun 2013
Posts: 9
Thanks: 0
Thanked 4 Times in 4 Posts
Default Code for exchange 2013 and domain controller 2012

Hi all
First off, thanks for your guide: at last I can get proper spamfilter for exchange 2013 without paying an arm and a leg
Also I just wanted to say I got the LDAP scripts working for exchange 2013.
Im using a python script instead of pearl so to be pasted in /usr/bin/ : I got this script from liveraverage so all credits go to him

as you can see i kinda hacked the beginning because ive never programed in python: just edit

arg.connect = ""
arg.user = "username"
arg.password = "password"
arg.ou = "cn=Users,dc=domain,dc=com"

for your settings
!/usr/bin/env python

#Credits: Marc Smith,
#         DarkPixel,
#         JR,

import sys, ldap, argparse
import ldap.modlist as modlist
from ldap.controls import SimplePagedResultsControl

parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter, description="Retrieve e-m$
parser.add_argument('-c', '--connect', required=False, action='store', help='The host to connect to (AD/Exchange S$
parser.add_argument('-r', '--port', action='store', help='Port to use for connecting, defaults to 636')
parser.add_argument('-u', '--user', action='store', required=False, help='Username to use (either cn=blah,dc=cust,$
parser.add_argument('-p', '--password', action='store', required=False, help='Password')
parser.add_argument('-o', '--ou', action='store', required=False, help='Org Unit (Base DN) to export from')

arg = parser.parse_args()
arg.connect = ""
arg.user = "username"
arg.password = "password"
arg.ou = "cn=Users,dc=domain,dc=com"

LDAP_SERVER = 'ldaps://%s:%s' %(arg.connect, arg.port or '3269')
BIND_DN = arg.user
BIND_PASS = arg.password
USER_FILTER = "(& (mailnickname=*) (| (objectClass=publicFolder)(&(objectCategory=person)(objectClass=user)(!(home$
USER_BASE = arg.ou

# LDAP connection
  ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
  ldap_connection = ldap.initialize(LDAP_SERVER)
  ldap_connection.set_option(ldap.OPT_REFERRALS, 0)
  ldap_connection.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
  ldap_connection.set_option( ldap.OPT_X_TLS_DEMAND, True )
  ldap_connection.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
  ldap_connection.simple_bind_s(BIND_DN, BIND_PASS)
except ldap.LDAPError, e:
  sys.stderr.write('Error connecting to LDAP server: ' + str(e) + '\n')

# Lookup usernames from LDAP via paged search
paged_results_control = SimplePagedResultsControl(
accounts = []
pages = 0
while True:
  serverctrls = [paged_results_control]
      msgid = ldap_connection.search_ext(USER_BASE,
then just modify /usr/bin/ to read
#rm -f /etc/postfix/relay_recipients
python /usr/bin/ > /etc/postfix/relay_recipients
postmap /etc/postfix/relay_recipients
postfix reload
and you should be good to go. I should specify this hasnt been tested in a working environent yet

Last edited by Chluz; 27th June 2013 at 15:53. Reason: No need to delete file with valid recipients; avoids problems when active directory server is down
Reply With Quote