2015-12-11 12:12 GMT+01:00 Natxo Asenjo <[email protected]>:
> hi,
>
> I need to get mail enabled groups info from Active Directory.
>
> AD mail enabled groups (be it distribution or security groups) keeps the
> member attributes as distinguishednames
>
> Example:
>
> CN=mailgroup,OU=Groep,DC=domain,DC=tld
> objectClass: top
> objectClass: group
> cn: mailgroup
> member: CN=user a,OU=staff,dc=domain,dc=tld
> member: CN=user b,OU=staff,dc=domain,dc=tld
> member: CN=user c,OU=staff,dc=domain,dc=tld
> member: CN=user d,OU=staff,dc=domain,dc=tld
>
> etc
>
> So in order to get the mail addresses of those users, I need to launch
> another query.
>
> So I first query the mail enabled groups, fast query:
>
> my $mail_enabled_grps_AD = "(&(objectCategory=group)(mail=*))";
>
> # first find enabled accounts to fill @ad_enabled
> while (1) {
> my $search_ad = $ad_ldap->search(
> base => "dc=domain,dc=tld",
> scope => "sub",
> filter => $mail_enabled_grps_AD,
> attr =>
> [ 'cn', 'member', 'mail', 'proxyaddresess', 'distinguishedname',
> ],
> control => [$page_ad],
> );
>
> $search_ad->code && die "error on search ad: $@: " . $search_ad->error;
> while ( my $entry = $search_ad->pop_entry() ) {
> my $displayname = $entry->get_value('cn');
> my $dn = $entry->get_value('distinguishedname');
> my $mail = $entry->get_value('mail');
> my @members = $entry->get_value('member');
> my @email_addrs = $entry->get_value('proxyaddresses');
>
> # fill @ad_enabled
> push @ad_mail_enbld_groups, lc $mail;
>
> my @ad_mails = _from_dn_to_mail(@members);
>
> # generate hash for hoh_AD
> my $rec = {
> MAIL => $mail,
> MEMBERS => [@members],
> MEMBERS_ADDRS => [@ad_mails],
> PROXYADDRS => [@email_addrs],
> };
>
> # assing $rec to %hoh_AD
> $hoh_AD{$mail} = $rec;
>
> }
>
> my ($resp) = $search_ad->control(LDAP_CONTROL_PAGED) or last;
> $cookie_ad = $resp->cookie or last;
> $page_ad->cookie($cookie_ad);
> }
>
> If I do not use my @ad_mails = _from_dn_to_mail(@members); then this
> snippet runs under 2 seconds.
>
> If I use it, it takes 2m30secs.
>
> This is the code in the sub(s):
>
> sub _get_ad_user_mail {
> my ($ad_user) = @_;
> my $search_ad = $ad_ldap->search(
> base => "dc=domain,dc=tld",
> scope => "sub",
> filter =>
> "(&(objectclass=user)(objectcategory=person)(distinguishedname=$ad_user))",
> attr => ['mail'],
> );
>
> $search_ad->code && die "error on search ad: $@: " . $search_ad->error;
> for my $entry ( $search_ad->entries ) {
> my $ad_user_mail = $entry->get_value('mail');
> return $ad_user_mail;
> }
> }
>
> sub _from_dn_to_mail {
> my (@members) = @_;
> my @ad_mail;
> for my $member (@members) {
> push @ad_mail, _get_ad_user_mail($member);
> }
> return @ad_mail;
>
> }
>
>
> I mean, it works, but is it normal that it's so slow or am I missing
> something very obvious?
>
> Thanks for you input.
>
You should do a search directly on the member DN (with scope base) instead
of requestind the suffix in sub _get_ad_user_mail :
sub _get_ad_user_mail {
my ($ad_user) = @_;
my $search_ad = $ad_ldap->search(
base => $ad_user,
scope => "base",
filter => "(objectclass=*)",
attr => ['mail'],
);
$search_ad->code && die "error on search ad: $@: " . $search_ad->error;
for my $entry ( $search_ad->entries ) {
my $ad_user_mail = $entry->get_value('mail');
return $ad_user_mail;
}
}
Clément.
