hi,
I need to get mail enabled groups info from Active Directory.
AD mail enabled groups (be it distribution or security groups) keeps the
member attributes as distinguishednames
Example:
CN=mailgroup,OU=Groep,DC=domain,DC=tld
objectClass: top
objectClass: group
cn: mailgroup
member: CN=user a,OU=staff,dc=domain,dc=tld
member: CN=user b,OU=staff,dc=domain,dc=tld
member: CN=user c,OU=staff,dc=domain,dc=tld
member: CN=user d,OU=staff,dc=domain,dc=tld
etc
So in order to get the mail addresses of those users, I need to launch
another query.
So I first query the mail enabled groups, fast query:
my $mail_enabled_grps_AD = "(&(objectCategory=group)(mail=*))";
# first find enabled accounts to fill @ad_enabled
while (1) {
my $search_ad = $ad_ldap->search(
base => "dc=domain,dc=tld",
scope => "sub",
filter => $mail_enabled_grps_AD,
attr =>
[ 'cn', 'member', 'mail', 'proxyaddresess', 'distinguishedname',
],
control => [$page_ad],
);
$search_ad->code && die "error on search ad: $@: " . $search_ad->error;
while ( my $entry = $search_ad->pop_entry() ) {
my $displayname = $entry->get_value('cn');
my $dn = $entry->get_value('distinguishedname');
my $mail = $entry->get_value('mail');
my @members = $entry->get_value('member');
my @email_addrs = $entry->get_value('proxyaddresses');
# fill @ad_enabled
push @ad_mail_enbld_groups, lc $mail;
my @ad_mails = _from_dn_to_mail(@members);
# generate hash for hoh_AD
my $rec = {
MAIL => $mail,
MEMBERS => [@members],
MEMBERS_ADDRS => [@ad_mails],
PROXYADDRS => [@email_addrs],
};
# assing $rec to %hoh_AD
$hoh_AD{$mail} = $rec;
}
my ($resp) = $search_ad->control(LDAP_CONTROL_PAGED) or last;
$cookie_ad = $resp->cookie or last;
$page_ad->cookie($cookie_ad);
}
If I do not use my @ad_mails = _from_dn_to_mail(@members); then this
snippet runs under 2 seconds.
If I use it, it takes 2m30secs.
This is the code in the sub(s):
sub _get_ad_user_mail {
my ($ad_user) = @_;
my $search_ad = $ad_ldap->search(
base => "dc=domain,dc=tld",
scope => "sub",
filter =>
"(&(objectclass=user)(objectcategory=person)(distinguishedname=$ad_user))",
attr => ['mail'],
);
$search_ad->code && die "error on search ad: $@: " . $search_ad->error;
for my $entry ( $search_ad->entries ) {
my $ad_user_mail = $entry->get_value('mail');
return $ad_user_mail;
}
}
sub _from_dn_to_mail {
my (@members) = @_;
my @ad_mail;
for my $member (@members) {
push @ad_mail, _get_ad_user_mail($member);
}
return @ad_mail;
}
I mean, it works, but is it normal that it's so slow or am I missing
something very obvious?
Thanks for you input.
--
--
Groeten,
natxo
