|
|
|
@ -77,7 +77,7 @@ if (not defined $conf->{domains} or ref $conf->{domains} ne 'HASH'){ |
|
|
|
|
exit (0); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) { |
|
|
|
|
log_verbose( "Start to process domain $domain" ); |
|
|
|
|
|
|
|
|
|
# Get default config for this domain and merge it with what we have in the config file |
|
|
|
@ -172,7 +172,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
# Domain configuration, as defined in the conf |
|
|
|
|
if (defined $conf->{domains}->{$domain}->{zimbra}->{additional_domain_attrs} ) { |
|
|
|
|
my $attr_mod = ''; |
|
|
|
|
foreach my $attr (keys $conf->{domains}->{$domain}->{zimbra}->{additional_domain_attrs} ) { |
|
|
|
|
foreach my $attr (keys %{$conf->{domains}->{$domain}->{zimbra}->{additional_domain_attrs}} ) { |
|
|
|
|
if ( ref $conf->{domains}->{$domain}->{zimbra}->{additional_domain_attrs}->{$attr} eq 'ARRAY' ) { |
|
|
|
|
my $attr_diff = Array::Diff->diff( |
|
|
|
|
$domain_entry->{$attr} || [], |
|
|
|
@ -264,15 +264,15 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
|
|
|
|
|
# List of attributes to fetch from LDAP |
|
|
|
|
# First, we want all the attributes which are mapped to Zimbra fields |
|
|
|
|
my $fetch_attrs = [ keys $conf->{domains}->{$domain}->{users}->{attr_map} ]; |
|
|
|
|
my $fetch_attrs = [ keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ]; |
|
|
|
|
|
|
|
|
|
# We also want the object key |
|
|
|
|
push $fetch_attrs, $conf->{domains}->{$domain}->{users}->{key}; |
|
|
|
|
push @{$fetch_attrs}, $conf->{domains}->{$domain}->{users}->{key}; |
|
|
|
|
|
|
|
|
|
# If defined in the config, we need to get attribute containing email and aliases |
|
|
|
|
foreach ( qw( alias_attr mail_attr ) ) { |
|
|
|
|
next if ( not $conf->{domains}->{$domain}->{users}->{$_} ); |
|
|
|
|
push $fetch_attrs, $conf->{domains}->{$domain}->{users}->{$_}; |
|
|
|
|
push @{$fetch_attrs}, $conf->{domains}->{$domain}->{users}->{$_}; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Now we can run the lookup |
|
|
|
@ -302,7 +302,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
filter => '(&(objectClass=zimbraAccount)(!(zimbraIsSystemAccount=TRUE))(!(zimbraIsSystemResource=TRUE)))', |
|
|
|
|
attrs => [ |
|
|
|
|
( map { $conf->{domains}->{$domain}->{users}->{attr_map}->{$_} } |
|
|
|
|
keys $conf->{domains}->{$domain}->{users}->{attr_map} ), |
|
|
|
|
keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ), |
|
|
|
|
( 'uid', |
|
|
|
|
'zimbraAccountStatus', |
|
|
|
|
'zimbraAuthLdapExternalDn', |
|
|
|
@ -325,7 +325,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
|
|
|
|
|
log_verbose( "Comparing the accounts" ); |
|
|
|
|
|
|
|
|
|
my @single = keys $conf->{domains}->{$domain}->{users}->{attr_map}; |
|
|
|
|
my @single = keys %{$conf->{domains}->{$domain}->{users}->{attr_map}}; |
|
|
|
|
push @single, $conf->{domains}->{$domain}->{users}->{mail_attr}; |
|
|
|
|
my $ext_users = ldap2hashref( |
|
|
|
|
$ext_user_search, |
|
|
|
@ -341,12 +341,12 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
|
|
|
|
|
# First loop : Check users which exist in external LDAP but not in Zimbra |
|
|
|
|
# or which exist in both but need to be updated |
|
|
|
|
foreach my $user ( keys $ext_users ) { |
|
|
|
|
foreach my $user ( keys %{$ext_users} ) { |
|
|
|
|
my $attrs = ''; |
|
|
|
|
if ( defined $zim_users->{$user} ) { |
|
|
|
|
|
|
|
|
|
# User exists in Zimbra, lets check its attribute are up to date |
|
|
|
|
foreach my $attr ( keys $conf->{domains}->{$domain}->{users}->{attr_map} ) { |
|
|
|
|
foreach my $attr ( keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ) { |
|
|
|
|
|
|
|
|
|
if ( not defined $ext_users->{$user}->{$attr} and |
|
|
|
|
not defined $zim_users->{$user}->{$conf->{domains}->{$domain}->{users}->{attr_map}->{$attr}} ) { |
|
|
|
@ -394,7 +394,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
# User exists in external LDAP but not in Zimbra. We must create it |
|
|
|
|
log_verbose( "User $user found in external LDAP but not in Zimbra. Will be created" ); |
|
|
|
|
|
|
|
|
|
foreach my $attr ( keys $conf->{domains}->{$domain}->{users}->{attr_map} ) { |
|
|
|
|
foreach my $attr ( keys %{$conf->{domains}->{$domain}->{users}->{attr_map}} ) { |
|
|
|
|
next if (not defined $ext_users->{$user}->{$attr} or $ext_users->{$user}->{$attr} eq ''); |
|
|
|
|
$attrs .= ' ' . $conf->{domains}->{$domain}->{users}->{attr_map}->{$attr} . " " . |
|
|
|
|
zim_attr_value( $ext_users->{$user}->{$attr} ); |
|
|
|
@ -450,7 +450,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Second loop : we loop through the Zimbra users to check if they should be locked (if they don't exist in external LDAP anymore) |
|
|
|
|
foreach my $user ( keys $zim_users ) { |
|
|
|
|
foreach my $user ( keys %{$zim_users} ) { |
|
|
|
|
# Make sure we only lock accounts if they don't exist anymore in external LDAP |
|
|
|
|
# has the zimbraNotes attribute set, with the expected value, and the account is active |
|
|
|
|
if ( not defined $ext_users->{$user} and |
|
|
|
@ -473,12 +473,12 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
$conf->{domains}->{$domain}->{groups}->{filter} |
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
$fetch_attrs = [ keys $conf->{domains}->{$domain}->{groups}->{attr_map} ]; |
|
|
|
|
push $fetch_attrs, $conf->{domains}->{$domain}->{groups}->{key}; |
|
|
|
|
push $fetch_attrs, $conf->{domains}->{$domain}->{groups}->{members_attr}; |
|
|
|
|
$fetch_attrs = [ keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ]; |
|
|
|
|
push @{$fetch_attrs}, $conf->{domains}->{$domain}->{groups}->{key}; |
|
|
|
|
push @{$fetch_attrs}, $conf->{domains}->{$domain}->{groups}->{members_attr}; |
|
|
|
|
foreach ( qw( mail_attr alias_attr ) ) { |
|
|
|
|
next if ( not defined $conf->{domains}->{$domain}->{groups}->{$_} ); |
|
|
|
|
push $fetch_attrs, $conf->{domains}->{$domain}->{groups}->{$_}; |
|
|
|
|
push @{$fetch_attrs}, $conf->{domains}->{$domain}->{groups}->{$_}; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
my $ext_group_search = $ext_ldap->search( |
|
|
|
@ -503,7 +503,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
filter => "(objectClass=zimbraDistributionList)", |
|
|
|
|
attrs => [ |
|
|
|
|
( map { $conf->{domains}->{$domain}->{groups}->{attr_map}->{$_} } |
|
|
|
|
keys $conf->{domains}->{$domain}->{groups}->{attr_map} ), |
|
|
|
|
keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ), |
|
|
|
|
( |
|
|
|
|
'uid', |
|
|
|
|
'zimbraDistributionListSubscriptionPolicy', |
|
|
|
@ -528,7 +528,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
" distribution list(s) in Zimbra" ); |
|
|
|
|
log_verbose( "Comparing groups with distribution lists" ); |
|
|
|
|
|
|
|
|
|
my @single = keys $conf->{domains}->{$domain}->{groups}->{attr_map}; |
|
|
|
|
my @single = keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}}; |
|
|
|
|
push @single, $conf->{domains}->{$domain}->{groups}->{mail_attr}; |
|
|
|
|
|
|
|
|
|
my $ext_groups = ldap2hashref( |
|
|
|
@ -548,16 +548,16 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
|
|
|
|
|
# Build a dn2id hashref to lookup users or groups by their DN |
|
|
|
|
my $dn2id = {}; |
|
|
|
|
$dn2id->{$ext_users->{$_}->{dn}} = $_ foreach ( keys $ext_users ); |
|
|
|
|
$dn2id->{$ext_groups->{$_}->{dn}} = $_ foreach ( keys $ext_groups ); |
|
|
|
|
$dn2id->{$ext_users->{$_}->{dn}} = $_ foreach ( keys %{$ext_users} ); |
|
|
|
|
$dn2id->{$ext_groups->{$_}->{dn}} = $_ foreach ( keys %{$ext_groups} ); |
|
|
|
|
|
|
|
|
|
# First loop, check if every group in LDAP exists as a DL in Zimbra |
|
|
|
|
foreach my $group ( keys $ext_groups ) { |
|
|
|
|
foreach my $group ( keys %{$ext_groups} ) { |
|
|
|
|
if ( defined $zim_dl->{$group} ) { |
|
|
|
|
# A group match an existing DL, we must check its attributes |
|
|
|
|
|
|
|
|
|
my $attrs = ''; |
|
|
|
|
foreach my $attr ( keys $conf->{domains}->{$domain}->{groups}->{attr_map} ) { |
|
|
|
|
foreach my $attr ( keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ) { |
|
|
|
|
if ( not defined $ext_groups->{$group}->{$attr} and |
|
|
|
|
not defined $zim_dl->{$group}->{$conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr}} ) { |
|
|
|
|
# Attr does not exist in external LDAP and in Zimbra, not need to continue |
|
|
|
@ -603,7 +603,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
# A new group with no corresponding DL in Zimbra |
|
|
|
|
log_verbose( "Found a new group : $group. Creating it in Zimbra" ); |
|
|
|
|
my $attrs = ''; |
|
|
|
|
foreach my $attr ( keys $conf->{domains}->{$domain}->{groups}->{attr_map} ) { |
|
|
|
|
foreach my $attr ( keys %{$conf->{domains}->{$domain}->{groups}->{attr_map}} ) { |
|
|
|
|
next if ( not defined $ext_groups->{$group}->{$attr} or |
|
|
|
|
$ext_groups->{$group}->{$attr} eq ''); |
|
|
|
|
$attrs .= ' ' . $conf->{domains}->{$domain}->{groups}->{attr_map}->{$attr} . " " . |
|
|
|
@ -692,7 +692,7 @@ DOMAIN: foreach my $domain ( keys $conf->{domains} ) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Now, look at all the distribution list which were created from LDAP but doesn't exist anymore in LDAP |
|
|
|
|
foreach my $dl ( keys $zim_dl ) { |
|
|
|
|
foreach my $dl ( keys %{$zim_dl} ) { |
|
|
|
|
next if ( not defined $zim_dl->{$dl}->{zimbraNotes} or |
|
|
|
|
$zim_dl->{$dl}->{zimbraNotes} !~ m/^$sync_from_ldap/ ); |
|
|
|
|
next if ( defined $ext_groups->{$dl} ); |
|
|
|
|