dani
/
zimbra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[zmldapsync] spacing fixes

This commit is contained in:
Daniel Berteaud 2022-01-15 16:17:00 +01:00
parent 732d240885
commit 5deeeb3792
1 changed files with 96 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
zmldapsync/zmldapsync.pl
View File

@ -16,7 +16,6 @@ use Email::MIME;
use Email::Sender::Simple qw(sendmail); use Email::Sender::Simple qw(sendmail);
use Email::Sender::Transport::Sendmail; use Email::Sender::Transport::Sendmail;
use utf8; use utf8;
use Data::Dumper;
# This is needed for Email::Sender::Simple # This is needed for Email::Sender::Simple
# See https://rt.cpan.org/Public/Bug/Display.html?id=76533 # See https://rt.cpan.org/Public/Bug/Display.html?id=76533
@ -114,8 +113,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
} else { } else {
handle_error( handle_error(
$domain, $domain,
'Zimbra domain lookup', 'Zimbra domain lookup',
"Domain $domain doesn't exist in Zimbra" "Domain $domain doesn't exist in Zimbra"
); );
next DOMAIN; next DOMAIN;
} }
@ -143,8 +142,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
} else { } else {
handle_error( handle_error(
$domain, $domain,
'Domain external auth check', 'Domain external auth check',
"domain $domain must be configured for LDAP or AD authentication first" "domain $domain must be configured for LDAP or AD authentication first"
); );
next DOMAIN; next DOMAIN;
} }
@ -197,7 +196,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
} }
log_verbose( "Trying to connect to " . log_verbose( "Trying to connect to " .
join( ' or ', @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ) ); join( ' or ', @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ) );
my $ext_ldap = Net::LDAP->new( [ @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ] ); my $ext_ldap = Net::LDAP->new( [ @{ $conf->{domains}->{$domain}->{ldap}->{servers} } ] );
if ( not $ext_ldap ) { if ( not $ext_ldap ) {
@ -248,8 +247,8 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
if ( $zim_aliases_search->code ) { if ( $zim_aliases_search->code ) {
handle_error( handle_error(
$domain, $domain,
'Zimbra user and distribution lists alias lookup', 'Zimbra user and distribution lists alias lookup',
$zim_aliases_search->error $zim_aliases_search->error
); );
next DOMAIN; next DOMAIN;
} }
@ -257,10 +256,12 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$zim_aliases->{$domain_alias} = ldap2hashref( $zim_aliases_search, 'uid' ); $zim_aliases->{$domain_alias} = ldap2hashref( $zim_aliases_search, 'uid' );
} }
log_verbose( "Searching for potential users in " . log_verbose(
$conf->{domains}->{$domain}->{users}->{base} . "Searching for potential users in " .
" matching filter " . $conf->{domains}->{$domain}->{users}->{base} .
$conf->{domains}->{$domain}->{users}->{filter} ); " matching filter " .
$conf->{domains}->{$domain}->{users}->{filter}
);
# List of attributes to fetch from LDAP # List of attributes to fetch from LDAP
# First, we want all the attributes which are mapped to Zimbra fields # First, we want all the attributes which are mapped to Zimbra fields
@ -291,8 +292,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN; next DOMAIN;
} }
log_verbose( "Found " . scalar $ext_user_search->entries . log_verbose(
" users in external LDAP" ); "Found " . scalar $ext_user_search->entries .
" users in external LDAP"
);
log_verbose( "Searching for users in Zimbra" ); log_verbose( "Searching for users in Zimbra" );
@ -301,14 +304,18 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
base => 'ou=people,' . $domain_entry->{dn}, base => 'ou=people,' . $domain_entry->{dn},
filter => '(&(objectClass=zimbraAccount)(!(zimbraIsSystemAccount=TRUE))(!(zimbraIsSystemResource=TRUE)))', filter => '(&(objectClass=zimbraAccount)(!(zimbraIsSystemAccount=TRUE))(!(zimbraIsSystemResource=TRUE)))',
attrs => [ attrs => [
( map { $conf->{domains}->{$domain}->{users}->{attr_map}->{$_} } (
keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ), map { $conf->{domains}->{$domain}->{users}->{attr_map}->{$_} }
( 'uid', keys %{$conf->{domains}->{$domain}->{users}->{attr_map}}
'zimbraAccountStatus', ),
'zimbraAuthLdapExternalDn', (
'zimbraMailAlias', 'uid',
'mail', 'zimbraAccountStatus',
'zimbraNotes' ) 'zimbraAuthLdapExternalDn',
'zimbraMailAlias',
'mail',
'zimbraNotes'
)
] ]
); );
if ( $zim_user_search->code ) { if ( $zim_user_search->code ) {
@ -320,8 +327,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN; next DOMAIN;
} }
log_verbose( "Found " . scalar $zim_user_search->entries . log_verbose(
" users in Zimbra" ); "Found " . scalar $zim_user_search->entries .
" users in Zimbra"
);
log_verbose( "Comparing the accounts" ); log_verbose( "Comparing the accounts" );
@ -359,7 +368,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Except for sn which is mandatory in Zimbra # Except for sn which is mandatory in Zimbra
log_verbose( "Attribute $attr for user $user removed from LDAP, removing it from Zimbra"); log_verbose( "Attribute $attr for user $user removed from LDAP, removing it from Zimbra");
$attrs .= '-' . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " . $attrs .= '-' . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " .
zim_attr_value( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} ); zim_attr_value( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} );
} elsif ( } elsif (
( $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} ne 'sn' and ( $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} ne 'sn' and
$ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' ) $ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' )
@ -369,11 +378,13 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' ) $ext_users->{$user}->{$attr} ne ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || '' )
) { ) {
$attrs .= " " . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " . $attrs .= " " . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " .
zim_attr_value( $ext_users->{$user}->{$attr} ); zim_attr_value( $ext_users->{$user}->{$attr} );
log_verbose( "Attribute $attr for user $user changed from " . log_verbose(
( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || 'an empty value' ). "Attribute $attr for user $user changed from " .
" to " . ( $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} || 'an empty value' ).
$ext_users->{$user}->{$attr} ); " to " .
$ext_users->{$user}->{$attr}
);
} }
} }
@ -412,7 +423,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
not defined $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} ); not defined $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} );
push @ext_aliases, ref $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} eq 'ARRAY' ? push @ext_aliases, ref $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} eq 'ARRAY' ?
@{ $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} } : @{ $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}} } :
$ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}}; $ext_users->{$user}->{$conf->{domains}->{$domain}->{users}->{$mail_attr}};
} }
@ext_aliases = uniq( sort @ext_aliases ); @ext_aliases = uniq( sort @ext_aliases );
@ -435,17 +446,23 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
foreach my $alias ( @{ $alias_diff->deleted } ) { foreach my $alias ( @{ $alias_diff->deleted } ) {
my ( $al, $dom ) = split /\@/, $alias; my ( $al, $dom ) = split /\@/, $alias;
next if ( not defined $zim_aliases->{$dom} or next if (
not defined $zim_aliases->{$dom}->{$al} ); not defined $zim_aliases->{$dom} or
log_verbose( "Removing LDAP alias $alias from user $user " . not defined $zim_aliases->{$dom}->{$al}
"as it doesn't exist in LDAP anymore" ); );
log_verbose(
"Removing LDAP alias $alias from user $user " .
"as it doesn't exist in LDAP anymore"
);
send_zmprov_cmd( "removeAccountAlias $user\@$domain $alias" ); send_zmprov_cmd( "removeAccountAlias $user\@$domain $alias" );
} }
my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases); my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases);
if ( $note ne ($zim_users->{$user}->{zimbraNotes} || '') ) { if ( $note ne ($zim_users->{$user}->{zimbraNotes} || '') ) {
send_zmprov_cmd( "modifyAccount $user\@$domain zimbraNotes " . send_zmprov_cmd(
zim_attr_value( $note ) ); "modifyAccount $user\@$domain zimbraNotes " .
zim_attr_value( $note )
);
} }
} }
@ -458,8 +475,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
$zim_users->{$user}->{zimbraNotes} =~ m/^$sync_from_ldap/ and $zim_users->{$user}->{zimbraNotes} =~ m/^$sync_from_ldap/ and
defined $zim_users->{$user}->{zimbraAccountStatus} and defined $zim_users->{$user}->{zimbraAccountStatus} and
$zim_users->{$user}->{zimbraAccountStatus} =~ m/^active|lockout$/ ) { $zim_users->{$user}->{zimbraAccountStatus} =~ m/^active|lockout$/ ) {
log_verbose( "User $user doesn't exist in external LDAP anymore, " . log_verbose(
"locking it in Zimbra" ); "User $user doesn't exist in external LDAP anymore, " .
"locking it in Zimbra"
);
send_zmprov_cmd( "modifyAccount $user\@$domain zimbraAccountStatus locked" ); send_zmprov_cmd( "modifyAccount $user\@$domain zimbraAccountStatus locked" );
} }
} }
@ -467,10 +486,11 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Now, we try to sync groups in external LDAP into distribution lists in Zimbra # Now, we try to sync groups in external LDAP into distribution lists in Zimbra
if ( defined $conf->{domains}->{$domain}->{groups} ) { if ( defined $conf->{domains}->{$domain}->{groups} ) {
log_verbose( "Searching for potential groups in " . log_verbose(
$conf->{domains}->{$domain}->{groups}->{base} . "Searching for potential groups in " .
" matching filter " . $conf->{domains}->{$domain}->{groups}->{base} .
$conf->{domains}->{$domain}->{groups}->{filter} " matching filter " .
$conf->{domains}->{$domain}->{groups}->{filter}
); );
$fetch_attrs = [ keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ]; $fetch_attrs = [ keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ];
@ -492,8 +512,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
next DOMAIN; next DOMAIN;
} }
log_verbose( "Found " . scalar $ext_group_search->entries . log_verbose(
" groups in external LDAP" ); "Found " . scalar $ext_group_search->entries .
" groups in external LDAP"
);
log_verbose( "Searching for distribution lists in Zimbra" ); log_verbose( "Searching for distribution lists in Zimbra" );
@ -506,26 +528,28 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ), keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ),
( (
'uid', 'uid',
'zimbraDistributionListSubscriptionPolicy', 'zimbraDistributionListSubscriptionPolicy',
'zimbraDistributionListUnsubscriptionPolicy', 'zimbraDistributionListUnsubscriptionPolicy',
'zimbraMailForwardingAddress', 'zimbraMailForwardingAddress',
'zimbraNotes', 'zimbraNotes',
'zimbraMailStatus', 'zimbraMailStatus',
'mail' 'mail'
) )
] ]
); );
if ( $zim_dl_search->code ) { if ( $zim_dl_search->code ) {
handle_error( handle_error(
$domain, $domain,
'Zimbra distribution lists lookup', 'Zimbra distribution lists lookup',
$zim_dl_search->error $zim_dl_search->error
); );
next DOMAIN; next DOMAIN;
} }
log_verbose( "Found " . scalar $zim_dl_search->entries . log_verbose(
" distribution list(s) in Zimbra" ); "Found " . scalar $zim_dl_search->entries .
" distribution list(s) in Zimbra"
);
log_verbose( "Comparing groups with distribution lists" ); log_verbose( "Comparing groups with distribution lists" );
my @single = keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}}; my @single = keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}};
@ -570,8 +594,10 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# Attr exists in both but doesn't match # Attr exists in both but doesn't match
$attrs .= " " . ( $conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr} || '' ) . " " . $attrs .= " " . ( $conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr} || '' ) . " " .
zim_attr_value( $ext_groups->{$group}->{$attr} ); zim_attr_value( $ext_groups->{$group}->{$attr} );
log_verbose( "Attribute $attr for group $group changed from " . ( $ext_groups->{$group}->{$attr} || 'an empty value' ) . " to " . log_verbose(
( $zim_dl->{$group}->{$conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr}} || 'an empty value' ) ); "Attribute $attr for group $group changed from " . ( $ext_groups->{$group}->{$attr} || 'an empty value' ) . " to " .
( $zim_dl->{$group}->{$conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr}} || 'an empty value' )
);
} }
} }
@ -587,7 +613,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
# If the group in LDAP has a mail defined, enable mail delivery in Zimbra. Else, disable it # If the group in LDAP has a mail defined, enable mail delivery in Zimbra. Else, disable it
my $mail_status = ( defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{mail_attr}} ) ? my $mail_status = ( defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{mail_attr}} ) ?
'enabled' : 'disabled'; 'enabled' : 'disabled';
if ( not defined $zim_dl->{$group}->{zimbraMailStatus} or if ( not defined $zim_dl->{$group}->{zimbraMailStatus} or
$zim_dl->{$group}->{zimbraMailStatus} ne $mail_status ) { $zim_dl->{$group}->{zimbraMailStatus} ne $mail_status ) {
$attrs .= " zimbraMailStatus $mail_status"; $attrs .= " zimbraMailStatus $mail_status";
@ -660,7 +686,7 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
not defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} ); not defined $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} );
push @ext_aliases, ref $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} eq 'ARRAY' ? push @ext_aliases, ref $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} eq 'ARRAY' ?
@{ $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} } : @{ $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}} } :
$ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}}; $ext_groups->{$group}->{$conf->{domains}->{$domain}->{groups}->{$mail_attr}};
} }
@ext_aliases = uniq( sort @ext_aliases ); @ext_aliases = uniq( sort @ext_aliases );
foreach my $alias ( @ext_aliases ) { foreach my $alias ( @ext_aliases ) {
@ -686,18 +712,24 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases); my $note = $sync_from_ldap . "|LDAP_Aliases=" . join(',', @ext_aliases);
if ( $note ne ($zim_dl->{$group}->{zimbraNotes} || '') ) { if ( $note ne ($zim_dl->{$group}->{zimbraNotes} || '') ) {
send_zmprov_cmd( "modifyDistributionList $group\@$domain zimbraNotes " . send_zmprov_cmd(
zim_attr_value( $note ) ); "modifyDistributionList $group\@$domain zimbraNotes " .
zim_attr_value( $note )
);
} }
} }
# Now, look at all the distribution list which were created from LDAP but doesn't exist anymore in LDAP # Now, look at all the distribution list which were created from LDAP but doesn't exist anymore in LDAP
foreach my $dl ( keys %{$zim_dl} ) { foreach my $dl ( keys %{$zim_dl} ) {
next if ( not defined $zim_dl->{$dl}->{zimbraNotes} or next if (
$zim_dl->{$dl}->{zimbraNotes} !~ m/^$sync_from_ldap/ ); not defined $zim_dl->{$dl}->{zimbraNotes} or
$zim_dl->{$dl}->{zimbraNotes} !~ m/^$sync_from_ldap/
);
next if ( defined $ext_groups->{$dl} ); next if ( defined $ext_groups->{$dl} );
log_verbose( "Group $dl doesn't exist in LDAP anymore, " . log_verbose(
"removing the corresponding distribution list" ); "Group $dl doesn't exist in LDAP anymore, " .
"removing the corresponding distribution list"
);
send_zmprov_cmd( "deleteDistributionList $dl\@$domain" ); send_zmprov_cmd( "deleteDistributionList $dl\@$domain" );
} }
} }