Re: [CentOS] LDAP Mail Notice

Mon, 11 Oct 2010 23:39:01 -0700 






    Maybe what i said is not clear, because my English is too pool .
    Please forgive me if  my expression is not precise.


Doesn't matter what mail server you use, email is email.



     The following  is my environment :

    Workspace Environment : CentOS 5.5  64bits  , Using Openldap
    Server  or 389 LDAP Server

    Mail Server :  Windows  Mail Server

    For example :

    If I create the new account called Tim on LDAP Server  , and his
    password is 123456 , and his mail address is t...@test.com
    <mailto:t...@test.com>
    Then will send an E-mail to him to notice his information , like
    his name and his passowrd.


    So Would someone can give some suggestions ?


Before we go any further on this, I'd like to give a very serious 
warning.  It is NEVER a good idea to email a password.  Email is, by 
definition, insecure.



I'm not familiar with 389 LDAP Server, and after a quick look, it would 
make sense for me to read up on it.  Anyhow, my advice is going to come 
from the OpenLDAP side of things.


I would:

  1. Set up OpenLDAP (make sure to get a real certificate and require
     TLS/SSL)
  2. If using Samba, set up the smbldap tools
     (http://en.wikipedia.org/wiki/Smbldap-Tools), can be useful even
     if not using samba...
  3. Start script (I'd use perl, since it's what I'm most familiar with)
        1. Generate username (either collect from input or generate somehow
        2. Generate password (There's a sub for that on the page
           referenced earlier)
        3. Contemplate making sure that the username is unique, and
           group membership, etc.
        4. call smbldap-useradd to add the user (add stuff like -m for
           the mail address, check the smbldap-useradd documentation
           for handy switches
        5. Compose body of email to user (this is probably mostly
           static, but you will most likely want to substitute some
           variables like username, etc
        6. send the email (sub on the page earlier)
        7. I repeat, please don't email passwords...  have them call
           you for them or something...  email is the least secure
           thing on the damn planet
  4. Sit back and have a beer, cuz yer done

I'm happy to help if you need more.

Cheers,
Sean


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos






















					Reply via email to