Re: LDAP Mail Notice

Sean Hart <boardnutz@xxxxxxxxxxxxxx> · Mon, 11 Oct 2010 23:38:38 -0700



          Maybe what i said is not clear, because my English is too pool
          . Please forgive me if  my _expression_ is not precise.

          
    Doesn't matter what mail server you use, email is email.

    
           The following  is my environment :

          
          Workspace Environment : CentOS 5.5  64bits  , Using Openldap
          Server  or 389 LDAP Server 

          
          Mail Server :  Windows  Mail Server 

          
          For example :

           
          If I create the new account called Tim on LDAP Server  , and
          his password is 123456 , and his mail address is tim@xxxxxxxx

          Then will send an E-mail to him to notice his information ,
          like his name and his passowrd.

          
          So Would someone can give some suggestions ? 

        
    Before we go any further on this, I'd like to give a very serious
    warning.  It is NEVER a good idea to email a password.  Email is, by
    definition, insecure.  

    
    I'm not familiar with 389 LDAP Server, and after a quick look, it
    would make sense for me to read up on it.  Anyhow, my advice is
    going to come from the OpenLDAP side of things.

    
    I would:

    
      Set up OpenLDAP (make sure to get a real certificate and
        require TLS/SSL)
      If using Samba, set up the smbldap tools
        (http://en.wikipedia.org/wiki/Smbldap-Tools), can be useful even
        if not using samba...
      Start script (I'd use perl, since it's what I'm most familiar
        with)
      
        Generate username (either collect from input or generate
          somehow
        Generate password (There's a sub for that on the page
          referenced earlier)
        Contemplate making sure that the username is unique, and
          group membership, etc.

        
        call smbldap-useradd to add the user (add stuff like -m for
          the mail address, check the smbldap-useradd documentation for
          handy switches
        Compose body of email to user (this is probably mostly
          static, but you will most likely want to substitute some
          variables like username, etc
        send the email (sub on the page earlier)
        I repeat, please don't email passwords...  have them call
          you for them or something...  email is the least secure thing
          on the damn planet
      
      Sit back and have a beer, cuz yer done
    
    I'm happy to help if you need more.

    
    Cheers,

    Sean

    
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos