I use this perl program with Ldap to manage the system. Adapt it to suit
your system.
It uses flags to know the account's state :
1 : account to create
2 : account to deactivate
3 : account to delete
4 : account to reactivate
See below for more details.
No quota management. To add it should be easy.
------ CUT HERE ----------
#!/usr/bin/perl
#/*====================================================================
# * Babel Objects, Version 1.0
# * ====================================================================
# *
# * Copyright (c) 2000 The Babel Objects Network. All rights reserved.
# *
# * This source file is subject to version 1.1 of The Babel Objects
# * License, that is bundled with this package in the file LICENSE,
# * and is available through the world wide web at :
# *
# * http://www.BabelObjects.Org/law/license/1.1.txt
# *
# * If you did not receive a copy of the Babel Objects license and are
# * unable to obtain it through the world wide web, please send a note
# * to [EMAIL PROTECTED] so we can mail you a copy immediately.
# *
# * --------------------------------------------------------------------
# *
# * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
# * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# * DISCLAIMED. IN NO EVENT SHALL THE BABEL OBJECTS NETWORK OR
# * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# * SUCH DAMAGE.
# *
# * ====================================================================
# *
# * This software consists of voluntary contributions made by many
# * individuals on behalf of The Babel Objects Network. For more
# * information on The Babel Objects Network, please see
# * <http://www.BabelObjects.org/>.
# *
# */
#
# author Jean-Christophe Kermagoret ([EMAIL PROTECTED])
# date 2000.11.30
use Mozilla::LDAP::Conn;
use Mozilla::LDAP::Entry;
use Cyrus::IMAP::Admin;
my $CYRUS_HOST = "$(CONFIGURATOR.CYRUS_HOST)";
my $POSTADM_LOGIN = "$(CONFIGURATOR.POSTADM_LOGIN)";
my $POSTADM_PW = "$(CONFIGURATOR.POSTADM_PW)";
my $LDAP_VERSION = "$(CONFIGURATOR.LDAP_VERSION)";
my $LDAP_HOST = "$(CONFIGURATOR.LDAP_HOST)";
my $LDAP_PORT = "$(CONFIGURATOR.LDAP_PORT)";
my $LDAP_BINDDN = "$(CONFIGURATOR.LDAP_BINDDN)";
my $LDAP_BINDPW = "$(CONFIGURATOR.LDAP_BINDPW)";
my $LOGDIR = "/var/log/babelobjects";
my $LOGFILE = $LOGDIR."/ldap2cyrus.log";
my $base = "$(CONFIGURATOR.LDAP_BASE)";
my $scope = "subtree";
$conn = new Mozilla::LDAP::Conn($LDAP_HOST,
$LDAP_PORT,
$LDAP_BINDDN,
$LDAP_BINDPW)
|| die "Couldn't connect to LDAP server ldap" unless $conn;
my $client = Cyrus::IMAP::Admin->new('localhost');
$client->authenticate(-mechanism => "login",
-user => $POSTADM_LOGIN,
-password => $POSTADM_PW);
# Définition des flags
# 1 : to create -> -1 (created, encrypted password)
# 2 : to deactivate -> -2 (deactivated with a '*' in front
of the encrypted password)
# 3 : to delete -> nothing (deleted)
# 4 : to reactivate -> -1 (ok, encrypted password)
# We get all the information on the database we use. Here a Ldap
directory
print "Account management for LDAP\n";
print "\n";
logs("**** Script Ldap2Cyrus", 'Start');
print "Account creation\n";
print "---------------------\n";
CreateAccount($conn->search($base, $scope, "(flag=1)"));
print "\n";
print "Account deactivation\n";
print "--------------------------\n";
DeactivateAccount($conn->search($base, $scope, "(flag=2)"));
print "\n";
print "Account deletion\n";
print "------------------------\n";
DeleteAccount($conn->search($base, $scope, "(flag=3)"));
print "\n";
print "Account reactivation\n";
print "-------------------------\n";
ReactivateAccount($conn->search($base, $scope, "(flag=4)"));
print "\n";
print "End\n";
logs("**** Script Ldap2Cyrus", 'End');
print "\n";
#####
#
# Flag = 1 : Account creation
#
sub CreateAccount {
local ($account) = @_;
$i = 0;
while ($account) {
$i = $i + 1;
$login = $account->{uid}[0];
print "Creation n° $i ($login)\n";
$rc = $client->create("user.".$login);
$rc = 1;
if ($rc == 1) {
# Ldap update
print $account->getDN(), "\n";
$passwdToEncrypt = $account->{userpassword}[0];
if ( ! ($passwdToEncrypt =~ /\{crypt\}/) ) {
# passwd is clear. We crypt it
$account->remove("userPassword");
$account->addValue("userPassword",
"{crypt}".crypt($passwdToEncrypt,
'mS'));
} else {
# passwd is already crypted. We do nothing.
}
$account->remove("flag");
$account->addValue("flag", -1);
print $account->printLDIF();
$conn->update($account);
# send a mail
`echo "Welcome" |mail -s "Your first message" $login`;
print "-- Ok\n";
logs("Creation",$login);
} else {
print "-- Failure ($login)";
logs("XXXX creation failure : ",$login);
}
$account = $conn->nextEntry();
}
print "End\n";
}
#####
#
# Flag = 2 : Account deactivation
#
sub DeactivateAccount {
local ($account) = @_;
$i = 0;
while ($account) {
$login = $account->{uid}[0];
$i = $i + 1;
if ( $login ne "" ) {
print "Deactivation n° $i ($login)\n";
print $account->getDN(), "\n";
$passwdToDeactivate = $account->{userpassword}[0];
$account->remove("userPassword");
$account->addValue("userPassword","*".$passwdToDeactivate);
$account->remove("flag");
$account->addValue("flag", -2);
$conn->update($account);
logs("Désactivation",$login);
}
$account = $conn->nextEntry();
}
print "End\n";
}
#####
#
# Flag = 3 : Account deletion
#
sub DeleteAccount {
local ($account) = @_;
$i = 0;
while ($account) {
$login = $account->{uid}[0];
$i = $i + 1;
print "Deletion n° $i ($login)\n";
print $account->getDN(), "\n";
# We first give rights for the cyrus admin to delete others'
mailboxes
$rc = $client->setacl("user.".$login, $POSTADM_LOGIN, "all");
$rc = $client->delete("user.".$login);
if ($rc == 1) {
# Ldap update
print $account->getDN();
$conn->delete($account);
print "-- Ok";
logs("Deletion",$login);
} else {
print "-- Failure ($login)";
logs("XXXX Deletion failure : ",$login);
}
$account = $conn->nextEntry();
}
print "End\n";
}
#####
#
# Flag = 4 : Account reactivation
#
sub ReactivateAccount {
local ($account) = @_;
$i=0;
while ($account) {
$i = $i + 1;
$login = $account->{uid}[0];
if ($login ne null) {
# we drop the * at the beginning of the password
print "Reactivation n° $i ($login)\n";
print $account->getDN(), "\n";
$_ = $account->{userPassword}[0];
($passwdToReactivate) = /\*(.*)/;
$account->remove("userPassword");
$account->addValue("userPassword", $passwdToReactivate);
$account->remove("flag");
$account->addValue("flag", -1);
$conn->update($account);
logs("Réactivation",$login);
}
$account = $conn->nextEntry();
}
print "End\n";
}
sub RemoveIfExist {
local ($login) = @_;
# print "/opt/var/spool/imap/user/$login existe ?\n";
# if ( ($login ne "")
# && ($login !=~ /\*/)
# && (-d "/opt/var/spool/imap/user/$login")) {
# print "On supprime le compte $login\n";
# $rc = $client->setacl("user.".$login, $POSTADM_LOGIN, "all");
# $rc = $client->delete("user.".$login);
# print "Résultat de la suppression : $resultat\n";
# }
}
## Gestion des logs
sub logs {
local ($operation,$login) = @_;
if ( ! -d $LOGDIR ) {
system("mkdir -p $LOGDIR");
}
$date = `date`;
system("echo \"$login : $operation $date\""
." >> $LOGFILE");
}
------- CUT HERE --------
--
Jean-Christophe Kermagoret
[EMAIL PROTECTED]
