[Mimedefang] search perl code perl-ldap to see if a user exist + how use bogofilter + problem clamav failed with testvirus.org ?

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Apr 5 05:03:39 EDT 2004 

On Fri, 2 Apr 2004, jean-marc pouchoulon wrote:

> I 'd like also to ask our ldap server with perl-ldap , if a user exist
> before accepting mail. If someone did it....

That's actually quite simple, but depends on your local setup.

I guess, your users uses unique account names, usually storred in the
"uid" attribute, hence, you can do this:

use Net::LDAP;
use Net::LDAP::Entry;

# Setup some vars for easy adjusting
my $ldapBase = "dc=fh-bonn-rhein-sieg,dc=de";
my $ldapBaseGroups = "ou=groups,dc=fb02,$ldapBase";

my $ldap =  Net::LDAP->new('localhost') or die "$@";
$ldap->bind;	# anon bind


sub getAccount ($) {
        my $name = $_[0];

        my $req = $ldap->search (  # perform a search
                base   => $ldapBase
                , filter => "(&(objectClass=posixAccount)(uid=$name))"
        );

        $req->code && die $req->error;

        if($req->count > 1) {
                mylog( "$_[0] matches more than on account");
                return undef;
        }
        return undef if $req->count == 0;
        return $req->pop_entry;
}

Above function returns the Net::LDAP::Entry object for the user, or undef
on error (not found or found multiple entries). On big problems
(connection to server fails etc.) die function die's -> here you should
adjust to something more useful in the MIMEDefang filter.
Depending on your local setup you must adopt the "filter" in
ldap->search().

If all your users are located in the same scope, try openDN:

sub openDN ($;$) {
        my $myLdap = $_[1] || $ldap;

        my $mesg = $myLdap->search(base => $_[0]
                , scope => 'base'
                , filter => 'objectclass=*'
        );

        return undef if $mesg->code;

        die "Multiple search results fetching one item: " . $_[0] . "\n"
                if $mesg->count > 1;
        return $mesg->pop_entry;
}

The first parameter needs to be the fully qualified DN of the user. BTW:
The "die" in this function should never trigger, because unless your
server is broken, it can return one entry at maximum.

Bye,

-- 
Steffen Kaiser

More information about the MIMEDefang mailing list