Hello,
I've written a short script to prepend "ext-" to mail addresses
of all external colleagues in Microsoft Active Directory:
filter => '(&(objectCategory=Person)(objectClass=User))',
....
$mail = "ext-$mail"
if $entry->get_value('company') !~ /mycompany/i
&& $mail !~ /^ext-/;
For better performance I'd like to move
the company test to the search filter:
filter =>
'(&(objectCategory=Person)(objectClass=User)(!company=mycompany))',
Unfortunately it fails with: Bad filter at ....
If I remove "!" it works ok. If I try that filter with dsquery:
dsquery * domainroot -filter "(&(objectCategory=Person)
(objectClass=User)(!company=mycompany))
- then it works too. Has anybody seen the same problem?
Thank you
Alex
PS: Here is my entire script:
#!/usr/bin/perl -wT
use strict;
use Net::LDAPS;
$ENV{PATH} = '/bin:/usr/bin';
use constant ROOTDN => 'OU=Imported,OU=User
Accounts,DC=mycompany,DC=com';
use constant DOMAIN => 'mycompany.com';
use constant SERVER => ['wdc01.' . DOMAIN, 'wdc02.' . DOMAIN];
use constant ADMIN => 'Admin';
use constant ADMPW => 'XXXXX';
my ($rot13, $ldap, $search, $mod, $href);
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;
$ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);
$search = $ldap->search(
base => ROOTDN,
attrs => [qw(company mail givenName sn)],
filter => '(&(objectCategory=Person)(objectClass=User)(!
company=mycompany))',
);
$search->code() && die $search->error();
foreach my $entry ($search->entries()) {
my $mail = lc $entry->get_value('mail');
# prepend "ext-" if not "mycompany" and "ext-" isn't there yet
$mail = "ext-$mail"
if $entry->get_value('company') !~ /mycompany/i
&& $mail !~ /^ext-/;
$mod = $ldap->modify($entry, replace => { mail => $mail });
$mod->code() && die 'Failed to modify user: ' . $mod->error();
printf "%-15s %-15s %-15s %s\n",
$entry->get_value('company'),
$entry->get_value('givenName'),
$entry->get_value('sn'),
$mail;
}
$ldap->unbind();
