View Single Post
  #15  
Old 26th June 2013, 21:40
Chluz Chluz is offline
Junior Member
 
Join Date: Jun 2013
Posts: 9
Thanks: 0
Thanked 4 Times in 4 Posts
Default Code for exchange 2013 and domain controller 2012

Hi all
First off, thanks for your guide: at last I can get proper spamfilter for exchange 2013 without paying an arm and a leg
Also I just wanted to say I got the LDAP scripts working for exchange 2013.
Im using a python script instead of pearl so to be pasted in /usr/bin/getadsmtp.py : I got this script from liveraverage so all credits go to him

as you can see i kinda hacked the beginning because ive never programed in python: just edit

arg.connect = "host.domain.com"
arg.user = "username"
arg.password = "password"
arg.ou = "cn=Users,dc=domain,dc=com"

for your settings
Code:
!/usr/bin/env python

#Credits: Marc Smith, http://marcitland.blogspot.com/2011/02/python-active-directory-linux.html
#         DarkPixel, https://github.com/darkpixel/scripts/blob/master/getadsmtp.py
#         JR, http://liveaverage.com

import sys, ldap, argparse
import ldap.modlist as modlist
from ldap.controls import SimplePagedResultsControl

parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter, description="Retrieve e-m$
parser.add_argument('-c', '--connect', required=False, action='store', help='The host to connect to (AD/Exchange S$
parser.add_argument('-r', '--port', action='store', help='Port to use for connecting, defaults to 636')
parser.add_argument('-u', '--user', action='store', required=False, help='Username to use (either cn=blah,dc=cust,$
parser.add_argument('-p', '--password', action='store', required=False, help='Password')
parser.add_argument('-o', '--ou', action='store', required=False, help='Org Unit (Base DN) to export from')

arg = parser.parse_args()
arg.connect = "host.domain.com"
arg.user = "username"
arg.password = "password"
arg.ou = "cn=Users,dc=domain,dc=com"

LDAP_SERVER = 'ldaps://%s:%s' %(arg.connect, arg.port or '3269')
BIND_DN = arg.user
BIND_PASS = arg.password
USER_FILTER = "(& (mailnickname=*) (| (objectClass=publicFolder)(&(objectCategory=person)(objectClass=user)(!(home$
USER_BASE = arg.ou
PAGE_SIZE = 500

# LDAP connection
try:
  ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
  ldap_connection = ldap.initialize(LDAP_SERVER)
  ldap_connection.set_option(ldap.OPT_REFERRALS, 0)
  ldap_connection.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
  ldap_connection.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
  ldap_connection.set_option( ldap.OPT_X_TLS_DEMAND, True )
  ldap_connection.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
  ldap_connection.simple_bind_s(BIND_DN, BIND_PASS)
except ldap.LDAPError, e:
  sys.stderr.write('Error connecting to LDAP server: ' + str(e) + '\n')
  sys.exit(1)

# Lookup usernames from LDAP via paged search
paged_results_control = SimplePagedResultsControl(
  ldap.LDAP_CONTROL_PAGE_OID, True, (PAGE_SIZE, ''))
accounts = []
pages = 0
while True:
  serverctrls = [paged_results_control]
  try:
      msgid = ldap_connection.search_ext(USER_BASE,
                                         ldap.SCOPE_SUBTREE,
                                         USER_FILTER,
                                         attrlist=['proxyAddresses'],
                                         serverctrls=serverctrls)
then just modify /usr/bin/update-relay-recipients.sh to read
Code:
#!/bin/sh
#rm -f /etc/postfix/relay_recipients
python /usr/bin/getadsmtp.py > /etc/postfix/relay_recipients
postmap /etc/postfix/relay_recipients
postfix reload
and you should be good to go. I should specify this hasnt been tested in a working environent yet

Last edited by Chluz; 27th June 2013 at 14:53. Reason: No need to delete file with valid recipients; avoids problems when active directory server is down
Reply With Quote