dani
/
zimbra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[zmldapsync] spacing fixes

This commit is contained in:
Daniel Berteaud 2022-01-15 16:17:00 +01:00
parent 732d240885
commit 5deeeb3792
1 changed files with 96 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
zmldapsync/zmldapsync.pl
View File

@ -16,7 +16,6 @@ use Email::MIME;
use Email::Sender::Simple qw(sendmail);
use Email::Sender::Transport::Sendmail;
use utf8;
use Data::Dumper;
# This is needed for Email::Sender::Simple
# See https://rt.cpan.org/Public/Bug/Display.html?id=76533
@ -114,8 +113,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
} else {
handle_error(
$domain,
'Zimbra domain lookup',
"Domain $domain doesn't exist in Zimbra"
'Zimbra domain lookup',
"Domain $domain doesn't exist in Zimbra"
);
next DOMAIN;
}
@ -143,8 +142,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
} else {
handle_error(
$domain,
'Domain external auth check',
"domain $domain must be configured for LDAP or AD authentication first"
'Domain external auth check',
"domain $domain must be configured for LDAP or AD authentication first"
);
next DOMAIN;
}
@ -197,7 +196,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
}
log_verbose( "Trying to connect to " .
join( ' or ', @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ) );
join( ' or ', @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ) );
my $ext_ldap = Net::LDAP->new( [ @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ] );
if ( not $ext_ldap ) {
@ -248,8 +247,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
if ( $zim_aliases_search->code ) {
handle_error(
$domain,
'Zimbra user and distribution lists alias lookup',
$zim_aliases_search->error
'Zimbra user and distribution lists alias lookup',
$zim_aliases_search->error
);
next DOMAIN;
}
@ -257,10 +256,12 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$zim_aliases->{$domain_alias} = ldap2hashref( $zim_aliases_search, 'uid' );
}
log_verbose( "Searching for potential users in " .
$conf->{domains}->{$domain}->{users}->{base} .
" matching filter " .
$conf->{domains}->{$domain}->{users}->{filter} );
log_verbose(
"Searching for potential users in " .
$conf->{domains}->{$domain}->{users}->{base} .
" matching filter " .
$conf->{domains}->{$domain}->{users}->{filter}
);
# List of attributes to fetch from LDAP
# First, we want all the attributes which are mapped to Zimbra fields
@ -291,8 +292,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN;
}
log_verbose( "Found " . scalar $ext_user_search->entries .
" users in external LDAP" );
log_verbose(
"Found " . scalar $ext_user_search->entries .
" users in external LDAP"
);
log_verbose( "Searching for users in Zimbra" );
@ -301,14 +304,18 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
base => 'ou=people,' . $domain_entry->{dn},
filter => '(&(objectClass=zimbraAccount)(!(zimbraIsSystemAccount=TRUE))(!(zimbraIsSystemResource=TRUE)))',
attrs => [
( map { $conf->{domains}->{$domain}->{users}->{attr_map}->{$_} }
keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ),
( 'uid',
'zimbraAccountStatus',
'zimbraAuthLdapExternalDn',
'zimbraMailAlias',
'mail',
'zimbraNotes' )
(
map { $conf->{domains}->{$domain}->{users}->{attr_map}->{$_} }
keys %{$conf->{domains}->{$domain}->{users}->{attr_map}}
),
(
'uid',
'zimbraAccountStatus',
'zimbraAuthLdapExternalDn',
'zimbraMailAlias',
'mail',
'zimbraNotes'
)
]
);
if ( $zim_user_search->code ) {
@ -320,8 +327,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN;
}
log_verbose( "Found " . scalar $zim_user_search->entries .
" users in Zimbra" );
log_verbose(
"Found " . scalar $zim_user_search->entries .
" users in Zimbra"
);
log_verbose( "Comparing the accounts" );
@ -359,7 +368,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Except for sn which is mandatory in Zimbra
log_verbose( "Attribute $attr for user $user removed from LDAP, removing it from Zimbra");
$attrs .= '-' . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " .
zim_attr_value( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} );
zim_attr_value( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} );
} elsif (
( $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} ne 'sn' and
$ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' )
@ -369,11 +378,13 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' )
) {
$attrs .= " " . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " .
zim_attr_value( $ext_users->{$user}->{$attr} );
log_verbose( "Attribute $attr for user $user changed from " .
( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || 'an empty value' ).
" to " .
$ext_users->{$user}->{$attr} );
zim_attr_value( $ext_users->{$user}->{$attr} );
log_verbose(
"Attribute $attr for user $user changed from " .
( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || 'an empty value' ).
" to " .
$ext_users->{$user}->{$attr}
);
}
}
@ -412,7 +423,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
not defined $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} );
push @ext_aliases, ref $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} eq 'ARRAY' ?
@{ $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} } :
$ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}};
$ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}};
}
@ext_aliases = uniq( sort @ext_aliases );
@ -435,17 +446,23 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
foreach my $alias ( @{ $alias_diff->deleted } ) {
my ( $al, $dom ) = split /\@/, $alias;
next if ( not defined $zim_aliases->{$dom} or
not defined $zim_aliases->{$dom}->{$al} );
log_verbose( "Removing LDAP alias $alias from user $user " .
"as it doesn't exist in LDAP anymore" );
next if (
not defined $zim_aliases->{$dom} or
not defined $zim_aliases->{$dom}->{$al}
);
log_verbose(
"Removing LDAP alias $alias from user $user " .
"as it doesn't exist in LDAP anymore"
);
send_zmprov_cmd( "removeAccountAlias $user\@$domain $alias" );
}
my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases);
if ( $note ne ($zim_users->{$user}->{zimbraNotes} || '') ) {
send_zmprov_cmd( "modifyAccount $user\@$domain zimbraNotes " .
zim_attr_value( $note ) );
send_zmprov_cmd(
"modifyAccount $user\@$domain zimbraNotes " .
zim_attr_value( $note )
);
}
}
@ -458,8 +475,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$zim_users->{$user}->{zimbraNotes} =~ m/^$sync_from_ldap/ and
defined $zim_users->{$user}->{zimbraAccountStatus} and
$zim_users->{$user}->{zimbraAccountStatus} =~ m/^active|lockout$/ ) {
log_verbose( "User $user doesn't exist in external LDAP anymore, " .
"locking it in Zimbra" );
log_verbose(
"User $user doesn't exist in external LDAP anymore, " .
"locking it in Zimbra"
);
send_zmprov_cmd( "modifyAccount $user\@$domain zimbraAccountStatus locked" );
}
}
@ -467,10 +486,11 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Now, we try to sync groups in external LDAP into distribution lists in Zimbra
if ( defined $conf->{domains}->{$domain}->{groups} ) {
log_verbose( "Searching for potential groups in " .
$conf->{domains}->{$domain}->{groups}->{base} .
" matching filter " .
$conf->{domains}->{$domain}->{groups}->{filter}
log_verbose(
"Searching for potential groups in " .
$conf->{domains}->{$domain}->{groups}->{base} .
" matching filter " .
$conf->{domains}->{$domain}->{groups}->{filter}
);
$fetch_attrs = [ keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ];
@ -492,8 +512,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN;
}
log_verbose( "Found " . scalar $ext_group_search->entries .
" groups in external LDAP" );
log_verbose(
"Found " . scalar $ext_group_search->entries .
" groups in external LDAP"
);
log_verbose( "Searching for distribution lists in Zimbra" );
@ -506,26 +528,28 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ),
(
'uid',
'zimbraDistributionListSubscriptionPolicy',
'zimbraDistributionListUnsubscriptionPolicy',
'zimbraDistributionListSubscriptionPolicy',
'zimbraDistributionListUnsubscriptionPolicy',
'zimbraMailForwardingAddress',
'zimbraNotes',
'zimbraMailStatus',
'mail'
'zimbraNotes',
'zimbraMailStatus',
'mail'
)
]
);
if ( $zim_dl_search->code ) {
handle_error(
$domain,
'Zimbra distribution lists lookup',
$zim_dl_search->error
'Zimbra distribution lists lookup',
$zim_dl_search->error
);
next DOMAIN;
}
log_verbose( "Found " . scalar $zim_dl_search->entries .
" distribution list(s) in Zimbra" );
log_verbose(
"Found " . scalar $zim_dl_search->entries .
" distribution list(s) in Zimbra"
);
log_verbose( "Comparing groups with distribution lists" );
my @single = keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}};
@ -570,8 +594,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Attr exists in both but doesn't match
$attrs .= " " . ( $conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr} || '' ) . " " .
zim_attr_value( $ext_groups->{$group}->{$attr} );
log_verbose( "Attribute $attr for group $group changed from " . ( $ext_groups->{$group}->{$attr} || 'an empty value' ) . " to " .
( $zim_dl->{$group}->{$conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr}} || 'an empty value' ) );
log_verbose(
"Attribute $attr for group $group changed from " . ( $ext_groups->{$group}->{$attr} || 'an empty value' ) . " to " .
( $zim_dl->{$group}->{$conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr}} || 'an empty value' )
);
}
}
@ -587,7 +613,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# If the group in LDAP has a mail defined, enable mail delivery in Zimbra. Else, disable it
my $mail_status = ( defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{mail_attr}} ) ?
'enabled' : 'disabled';
'enabled' : 'disabled';
if ( not defined $zim_dl->{$group}->{zimbraMailStatus} or
$zim_dl->{$group}->{zimbraMailStatus} ne $mail_status ) {
$attrs .= " zimbraMailStatus $mail_status";
@ -660,7 +686,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
not defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} );
push @ext_aliases, ref $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} eq 'ARRAY' ?
@{ $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} } :
$ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}};
$ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}};
}
@ext_aliases = uniq( sort @ext_aliases );
foreach my $alias ( @ext_aliases ) {
@ -686,18 +712,24 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases);
if ( $note ne ($zim_dl->{$group}->{zimbraNotes} || '') ) {
send_zmprov_cmd( "modifyDistributionList $group\@$domain zimbraNotes " .
zim_attr_value( $note ) );
send_zmprov_cmd(
"modifyDistributionList $group\@$domain zimbraNotes " .
zim_attr_value( $note )
);
}
}
# Now, look at all the distribution list which were created from LDAP but doesn't exist anymore in LDAP
foreach my $dl ( keys %{$zim_dl} ) {
next if ( not defined $zim_dl->{$dl}->{zimbraNotes} or
$zim_dl->{$dl}->{zimbraNotes} !~ m/^$sync_from_ldap/ );
next if (
not defined $zim_dl->{$dl}->{zimbraNotes} or
$zim_dl->{$dl}->{zimbraNotes} !~ m/^$sync_from_ldap/
);
next if ( defined $ext_groups->{$dl} );
log_verbose( "Group $dl doesn't exist in LDAP anymore, " .
"removing the corresponding distribution list" );
log_verbose(
"Group $dl doesn't exist in LDAP anymore, " .
"removing the corresponding distribution list"
);
send_zmprov_cmd( "deleteDistributionList $dl\@$domain" );
}
}