[CentOS] LDAP Mail Notice

Tue Oct 12 06:38:38 UTC 2010
Sean Hart <boardnutz at blacklight.net>

>     Maybe what i said is not clear, because my English is too pool .
>     Please forgive me if  my expression is not precise.
Doesn't matter what mail server you use, email is email.
>      The following  is my environment :
>     Workspace Environment : CentOS 5.5  64bits  , Using Openldap
>     Server  or 389 LDAP Server
>     Mail Server :  Windows  Mail Server
>     For example :
>     If I create the new account called Tim on LDAP Server  , and his
>     password is 123456 , and his mail address is tim at test.com
>     <mailto:tim at test.com>
>     Then will send an E-mail to him to notice his information , like
>     his name and his passowrd.
>     So Would someone can give some suggestions ?
Before we go any further on this, I'd like to give a very serious 
warning.  It is NEVER a good idea to email a password.  Email is, by 
definition, insecure.

I'm not familiar with 389 LDAP Server, and after a quick look, it would 
make sense for me to read up on it.  Anyhow, my advice is going to come 
from the OpenLDAP side of things.

I would:

   1. Set up OpenLDAP (make sure to get a real certificate and require
   2. If using Samba, set up the smbldap tools
      (http://en.wikipedia.org/wiki/Smbldap-Tools), can be useful even
      if not using samba...
   3. Start script (I'd use perl, since it's what I'm most familiar with)
         1. Generate username (either collect from input or generate somehow
         2. Generate password (There's a sub for that on the page
            referenced earlier)
         3. Contemplate making sure that the username is unique, and
            group membership, etc.
         4. call smbldap-useradd to add the user (add stuff like -m for
            the mail address, check the smbldap-useradd documentation
            for handy switches
         5. Compose body of email to user (this is probably mostly
            static, but you will most likely want to substitute some
            variables like username, etc
         6. send the email (sub on the page earlier)
         7. I repeat, please don't email passwords...  have them call
            you for them or something...  email is the least secure
            thing on the damn planet
   4. Sit back and have a beer, cuz yer done

I'm happy to help if you need more.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20101011/3434d808/attachment-0004.html>