Initial situation:
The automatic creation of users is to be restricted to a specific circle of persons. The determination of the circle of persons is to be realised by querying an LDAP directory service, for instance.
Configuration suggestion
•Verification of the setting Mail Processing Ruleset generator User creation Create accounts for new users if user tries to sign/encrypt
•Navigate to Mail Processing Ruleset generator Custom commands Custom commands for User Creation:
•Activating the option and insertion of the following code into the input field below:
Line |
Code |
|---|---|
01 |
# Begin: Custom commands for User Creation |
02 |
log(1,'Begin: Custom commands for User Creation'); |
|
|
03 |
if (!authenticated()) { |
04 |
if (ldap_compare('192.168.10.10;CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local;mypassword;OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local;(mail=$from)','memberOF','SecureMail')) { |
05 |
log(1,'$header_from is member of SecureMail, creating user, generating keys'); |
06 |
createaccount(); |
07 |
createkeys('@CREATEGPGKEYS@'); |
08 |
} else { |
09 |
log(1,'$header_from is not member of SecureMail, bouncing e-mail'); |
10 |
bounce('bounce_noenc'); |
11 |
} |
12 |
} else { |
13 |
createkeys('@CREATEGPGKEYS@'); |
14 |
} |
|
|
15 |
log(1,'End: Custom commands for User Creation'); |
16 |
# End: Custom commands for User Creation |
Description
The section Custom commands for user creation: is only implemented with the activated option Create accounts for new users if user tries to sign/encrypt if the sender has requested a cryptographic action. If this requirement is met, the LDAP request (in this case AD) is used in this example to check whether the sender belongs to the authorized group (line 04). If the sender is authorised, this is entered in the log (line 05), the sender is created as a user in the SEPPmail Secure E-Mail Gateway (line 06) and provided with the key material set under Mail Processing Ruleset generator Key generation (line 07). Otherwise, this is entered in the log (line 09) , while the email is rejected, however (line 10). With the command in line 13, it is ensured that already existing users are provided with valid key material, unless it already exists.
Used
commands
|
A more elegant, but also somewhat more complex method for managing Users by means of an LDAP query can be found in the follow-up FAQ article Authorisation By Means Of LDAP Query. |
