Archive

Archive for May, 2008

A Better Way to do LDAP sync with GNU Mailman

May 24th, 2008 No comments

The ldap list tool has a number of problems, the greatest of which is that you can’t seem to remove users on the newest version of mailman.

However, you can pipe directly into the sync_members script included with GNU Mailman. Therefore, we can write a BASH script that syncs the users for us. If you want to sync one list to one ldap, try the following:

MAILIMGLISTDN="cn=HardWorkers,ou=Groups,dc=scottgrizzard,dc=com"
MAILINGLIST="littlepeons"
MYDOMAIN="scottgrizzard.com"
ldapsearch -x -h 127.0.0.1 -b ${MAILINGLISTDN} memberUID | grep "^memberUid: " | awk -v domain=${MYDOMAIN} '{print $2 "@"domain}' | /usr/sbin/sync_members -f - ${MAILINGLIST}

This pulls the members of the posix group HardWorkers, drops all of the returns that do not begin with “memberUid: “, and then appends the “@” symbol and the domain name to them. It then pipes the mailing addresses to the sync_members command, syncing those mailing addresses to the mailing list “littlepeons”.

This tactic assumes the usernames in your directory are the same as their email addresses. A more sophisticated approach would be required if you need to lookup the email addresses of your users.

If all of the mailing lists on your servers are derived from posix groups of the same name as the mailing list (a feat that is easy to accomplish using the dynlist overlay), you can sync all of the mailing lists on your server with one line of bash:

for MAILINGLIST in $( ls /var/lib/mailman/lists ); do MAILINGLISTDN="cn=${MAILINGLIST},ou=MailingLists,dc=scottgrizzard,dc=com"; echo $MAILINGLISTDN; ldapsearch -x -h 127.0.0.1 -b ${MAILINGLISTDN} memberUID | grep "^memberUid: " | awk '{print $2 "@scottgrizzard.com"}' | /usr/sbin/sync_members -f - ${MAILINGLIST}; done;

Change the names, stick it into your cron tab, and take a long lunch. Your boss will expect that project to take all day.

Categories: Computer Stuff Tags: