IMAP Administration at CAL

Occasionally, you'll need to do something to a large number of user's imap accounts (such as the mass-subscription to the spam subfolders prompted by #361).

If you have an administrative krb5 principal loaded, you can do that with simple shell scripting:

[0 xx@bar ~]$ cat ./subscribing
A001 SUBSCRIBE "INBOX.missed-spam"
A002 SUBSCRIBE "INBOX.not-spam"
A003 SUBSCRIBE "INBOX.spam"
A004 LOGOUT
[0 xx@bar ~]$ for foo in $(ldapsearch -LLL -ZZ -x '(objectClass=posixAccount)' uid | grep '^uid: ' | sed 's/uid: //'); do
  echo "   $foo:"
  imtest -u "$foo" -a xx/admin -t '' -f ./subscribing mail | grep '^A00[1-4]'
done | less
[0 xx@bar ~]$ 

A few things to note about this construct:

  • i had already acquired the admin principal via kinit before this run.
  • the looping construct walks through a list of all current posixAccounts, as specified in LDAP:
    ldapsearch -LLL -ZZ -x '(objectClass=posixAccount)' uid | grep '^uid: ' | sed 's/uid: //'
    
  • imtest is used to authenticate (-a) as one user (the admin principal), while connecting as (-u) another one (the looped instance).
  • imtest uses TLS authentication (-t '')
  • imtest runs the commands listed in the subscribing file after connection and authentication.
  • i'm filtering the output of the imtest run here to only show the commands themselves and their responses, so that it makes for an easier scan/review to tell whether anything went wrong.