Example 31 with ServiceException
use of com.zimbra.common.service.ServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method modifyDataSource.
@Override
public void modifyDataSource(Account account, String dataSourceId, Map<String, Object> attrs) throws ServiceException {
removeAttrIgnoreCase("objectclass", attrs);
LdapEntry ldapEntry = (LdapEntry) (account instanceof LdapEntry ? account : getAccountById(account.getId()));
if (ldapEntry == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(account.getName());
LdapDataSource ds = (LdapDataSource) getDataSourceById(ldapEntry, dataSourceId, null);
if (ds == null)
throw AccountServiceException.NO_SUCH_DATA_SOURCE(dataSourceId);
account.setCachedData(DATA_SOURCE_LIST_CACHE_KEY, null);
attrs.remove(A_zimbraDataSourceId);
String name = (String) attrs.get(A_zimbraDataSourceName);
boolean newName = (name != null && !name.equals(ds.getName()));
if (newName)
attrs.remove(A_zimbraDataSourceName);
String password = (String) attrs.get(A_zimbraDataSourcePassword);
if (password != null) {
attrs.put(A_zimbraDataSourcePassword, DataSource.encryptData(ds.getId(), password));
}
String oauthToken = (String) attrs.get(A_zimbraDataSourceOAuthToken);
if (oauthToken != null) {
attrs.put(A_zimbraDataSourceOAuthToken, DataSource.encryptData(ds.getId(), oauthToken));
}
String clientSecret = (String) attrs.get(A_zimbraDataSourceOAuthClientSecret);
if (clientSecret != null) {
attrs.put(A_zimbraDataSourceOAuthClientSecret, DataSource.encryptData(ds.getId(), clientSecret));
}
String smtpPassword = (String) attrs.get(A_zimbraDataSourceSmtpAuthPassword);
if (smtpPassword != null) {
attrs.put(A_zimbraDataSourceSmtpAuthPassword, DataSource.encryptData(ds.getId(), smtpPassword));
}
modifyAttrs(ds, attrs, true);
if (newName) {
// the datasoruce cache could've been loaded again if getAllDataSources were called in pre/poseModify callback, so we clear it again
account.setCachedData(DATA_SOURCE_LIST_CACHE_KEY, null);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.RENAME_DATASOURCE);
String newDn = getDataSourceDn(ldapEntry, name);
zlc.renameEntry(ds.getDN(), newDn);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to rename datasource: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
}
Also used :
LdapDataSource(com.zimbra.cs.account.ldap.entry.LdapDataSource)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
Example 32 with ServiceException
use of com.zimbra.common.service.ServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteMemberOfOnAccounts.
// TODO: change to ldif and do in background
private void deleteMemberOfOnAccounts(ZLdapContext zlc, String dynGroupId) throws ServiceException {
final List<Account> accts = new ArrayList<Account>();
SearchLdapVisitor visitor = new SearchLdapVisitor(false) {
@Override
public void visit(String dn, IAttributes ldapAttrs) throws StopIteratingException {
Account acct;
try {
acct = makeAccountNoDefaults(dn, (ZAttributes) ldapAttrs);
accts.add(acct);
} catch (ServiceException e) {
ZimbraLog.account.warn("unable to make account " + dn, e);
}
}
};
searchDynamicGroupInternalMembers(zlc, dynGroupId, visitor);
// do in background?
for (Account acct : accts) {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put("-" + Provisioning.A_zimbraMemberOf, dynGroupId);
modifyLdapAttrs(acct, zlc, attrs);
// remove the account from cache
// note: cannnot just removeFromCache(acct) because acct only
// contains the name, so id/alias/foreignPrincipal cached in NamedCache
// won't be cleared.
Account cached = getFromCache(AccountBy.name, acct.getName());
if (cached != null) {
removeFromCache(cached);
}
}
}
Also used :
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount)
SearchLdapVisitor(com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
HashMap(java.util.HashMap)
IAttributes(com.zimbra.cs.ldap.IAttributes)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
ArrayList(java.util.ArrayList)
Example 33 with ServiceException
use of com.zimbra.common.service.ServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteDynamicGroup.
private void deleteDynamicGroup(LdapDynamicGroup group) throws ServiceException {
String zimbraId = group.getId();
// make a copy of all addrs of this DL, after the delete all aliases on this dl
// object will be gone, but we need to remove them from the allgroups cache after the DL is deleted
Set<String> addrs = new HashSet<String>(group.getMultiAttrSet(Provisioning.A_mail));
/* ============ handle me ??
// remove the DL from all DLs
removeAddressFromAllDistributionLists(dl.getName()); // this doesn't throw any exceptions
*/
// delete all aliases of the group
String[] aliases = group.getAliases();
if (aliases != null) {
String groupName = group.getName();
for (int i = 0; i < aliases.length; i++) {
// this "alias" if it is the primary name, the entire entry will be deleted anyway.
if (!groupName.equalsIgnoreCase(aliases[i])) {
// this also removes each alias from any DLs
removeGroupAlias(group, aliases[i]);
}
}
}
/*
// delete all grants granted to the DL
try {
RightCommand.revokeAllRights(this, GranteeType.GT_GROUP, zimbraId);
} catch (ServiceException e) {
// eat the exception and continue
ZimbraLog.account.warn("cannot revoke grants", e);
}
*/
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.DELETE_DYNAMICGROUP);
String dn = group.getDN();
zlc.deleteChildren(dn);
zlc.deleteEntry(dn);
// remove zimbraMemberOf if this group from all accounts
deleteMemberOfOnAccounts(zlc, zimbraId);
groupCache.remove(group);
allDLs.removeGroup(addrs);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to purge group: " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
PermissionCache.invalidateCache();
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
HashSet(java.util.HashSet)
Example 34 with ServiceException
use of com.zimbra.common.service.ServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createDomain.
@Override
public Domain createDomain(String name, Map<String, Object> domainAttrs) throws ServiceException {
name = name.toLowerCase().trim();
name = IDNUtil.toAsciiDomainName(name);
NameUtil.validNewDomainName(name);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_DOMAIN);
LdapDomain d = (LdapDomain) getDomainByAsciiName(name, zlc);
if (d != null) {
throw AccountServiceException.DOMAIN_EXISTS(name);
}
// Attribute checking can not express "allow setting on
// creation, but do not allow modifies afterwards"
String domainType = (String) domainAttrs.get(A_zimbraDomainType);
if (domainType == null) {
domainType = DomainType.local.name();
} else {
// add back later
domainAttrs.remove(A_zimbraDomainType);
}
String domainStatus = (String) domainAttrs.get(A_zimbraDomainStatus);
if (domainStatus == null) {
domainStatus = DOMAIN_STATUS_ACTIVE;
} else {
// add back later
domainAttrs.remove(A_zimbraDomainStatus);
}
String smimeLdapURL = (String) domainAttrs.get(A_zimbraSMIMELdapURL);
if (!StringUtil.isNullOrEmpty(smimeLdapURL)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapURL);
}
String smimeLdapStartTlsEnabled = (String) domainAttrs.get(A_zimbraSMIMELdapStartTlsEnabled);
if (!StringUtil.isNullOrEmpty(smimeLdapStartTlsEnabled)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapStartTlsEnabled);
}
String smimeLdapBindDn = (String) domainAttrs.get(A_zimbraSMIMELdapBindDn);
if (!StringUtil.isNullOrEmpty(smimeLdapBindDn)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapBindDn);
}
String smimeLdapBindPassword = (String) domainAttrs.get(A_zimbraSMIMELdapBindPassword);
if (!StringUtil.isNullOrEmpty(smimeLdapBindPassword)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapBindPassword);
}
String smimeLdapSearchBase = (String) domainAttrs.get(A_zimbraSMIMELdapSearchBase);
if (!StringUtil.isNullOrEmpty(smimeLdapSearchBase)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapSearchBase);
}
String smimeLdapFilter = (String) domainAttrs.get(A_zimbraSMIMELdapFilter);
if (!StringUtil.isNullOrEmpty(smimeLdapFilter)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapFilter);
}
String smimeLdapAttribute = (String) domainAttrs.get(A_zimbraSMIMELdapAttribute);
if (!StringUtil.isNullOrEmpty(smimeLdapAttribute)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapAttribute);
}
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(domainAttrs, null, callbackContext, true);
// Add back attrs we circumvented from attribute checking
domainAttrs.put(A_zimbraDomainType, domainType);
domainAttrs.put(A_zimbraDomainStatus, domainStatus);
domainAttrs.put(A_zimbraSMIMELdapURL, smimeLdapURL);
domainAttrs.put(A_zimbraSMIMELdapStartTlsEnabled, smimeLdapStartTlsEnabled);
domainAttrs.put(A_zimbraSMIMELdapBindDn, smimeLdapBindDn);
domainAttrs.put(A_zimbraSMIMELdapBindPassword, smimeLdapBindPassword);
domainAttrs.put(A_zimbraSMIMELdapSearchBase, smimeLdapSearchBase);
domainAttrs.put(A_zimbraSMIMELdapFilter, smimeLdapFilter);
domainAttrs.put(A_zimbraSMIMELdapAttribute, smimeLdapAttribute);
String[] parts = name.split("\\.");
String[] dns = mDIT.domainToDNs(parts);
createParentDomains(zlc, parts, dns);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(domainAttrs);
Set<String> ocs = LdapObjectClass.getDomainObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraIdStr = LdapUtil.generateUUID();
entry.setAttr(A_zimbraId, zimbraIdStr);
entry.setAttr(A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
entry.setAttr(A_zimbraDomainName, name);
String mailStatus = (String) domainAttrs.get(A_zimbraMailStatus);
if (mailStatus == null)
entry.setAttr(A_zimbraMailStatus, MAIL_STATUS_ENABLED);
if (domainType.equalsIgnoreCase(DomainType.alias.name())) {
entry.setAttr(A_zimbraMailCatchAllAddress, "@" + name);
}
entry.setAttr(A_o, name + " domain");
entry.setAttr(A_dc, parts[0]);
String dn = dns[0];
entry.setDN(dn);
//NOTE: all four of these should be in a transaction...
try {
zlc.createEntry(entry);
} catch (LdapEntryAlreadyExistException e) {
zlc.replaceAttributes(dn, entry.getAttributes());
}
String acctBaseDn = mDIT.domainDNToAccountBaseDN(dn);
if (!acctBaseDn.equals(dn)) {
/*
* create the account base dn entry only if if is not the same as the domain dn
*
* TODO, the objectclass(organizationalRole) and attrs(ou and cn) for the account
* base dn entry is still hardcoded, it should be parameterized in LdapDIT
* according the BASE_RDN_ACCOUNT. This is actually a design decision depending
* on how far we want to allow the DIT to be customized.
*/
zlc.createEntry(mDIT.domainDNToAccountBaseDN(dn), "organizationalRole", new String[] { A_ou, "people", A_cn, "people" });
// create the base DN for dynamic groups
zlc.createEntry(mDIT.domainDNToDynamicGroupsBaseDN(dn), "organizationalRole", new String[] { A_cn, "groups", A_description, "dynamic groups base" });
}
Domain domain = getDomainById(zimbraIdStr, zlc);
AttributeManager.getInstance().postModify(domainAttrs, domain, callbackContext);
return domain;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.DOMAIN_EXISTS(name);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create domain: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 35 with ServiceException
use of com.zimbra.common.service.ServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method setPassword.
void setPassword(Account acct, String newPassword, boolean enforcePolicy, boolean dryRun) throws ServiceException {
boolean mustChange = acct.getBooleanAttr(Provisioning.A_zimbraPasswordMustChange, false);
if (enforcePolicy || dryRun) {
checkPasswordStrength(newPassword, acct, null, null);
// skip min age checking if mustChange is set
if (!mustChange) {
int minAge = acct.getIntAttr(Provisioning.A_zimbraPasswordMinAge, 0);
if (minAge > 0) {
Date lastChange = acct.getGeneralizedTimeAttr(Provisioning.A_zimbraPasswordModifiedTime, null);
if (lastChange != null) {
long last = lastChange.getTime();
long curr = System.currentTimeMillis();
if ((last + (Constants.MILLIS_PER_DAY * minAge)) > curr)
throw AccountServiceException.PASSWORD_CHANGE_TOO_SOON();
}
}
}
}
Map<String, Object> attrs = new HashMap<String, Object>();
int enforceHistory = acct.getIntAttr(Provisioning.A_zimbraPasswordEnforceHistory, 0);
if (enforceHistory > 0) {
String[] newHistory = updateHistory(acct.getMultiAttr(Provisioning.A_zimbraPasswordHistory), acct.getAttr(Provisioning.A_userPassword), enforceHistory);
attrs.put(Provisioning.A_zimbraPasswordHistory, newHistory);
if (enforcePolicy || dryRun)
checkHistory(newPassword, newHistory);
}
if (dryRun) {
return;
}
// unset it so it doesn't take up space...
if (mustChange)
attrs.put(Provisioning.A_zimbraPasswordMustChange, "");
attrs.put(Provisioning.A_zimbraPasswordModifiedTime, LdapDateUtil.toGeneralizedTime(new Date()));
// update the validity value to invalidate auto-standing auth tokens
int tokenValidityValue = acct.getAuthTokenValidityValue();
acct.setAuthTokenValidityValue(tokenValidityValue == Integer.MAX_VALUE ? 0 : tokenValidityValue + 1, attrs);
ChangePasswordListener.ChangePasswordListenerContext ctxts = new ChangePasswordListener.ChangePasswordListenerContext();
ChangePasswordListener.invokePreModify(acct, newPassword, ctxts, attrs);
try {
setLdapPassword(acct, null, newPassword);
// modify the password
modifyAttrs(acct, attrs);
} catch (ServiceException se) {
ChangePasswordListener.invokeOnException(acct, newPassword, ctxts, se);
throw se;
}
ChangePasswordListener.invokePostModify(acct, newPassword, ctxts);
}
Also used :
HashMap(java.util.HashMap)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
Aggregations
ServiceException (com.zimbra.common.service.ServiceException)772
AccountServiceException (com.zimbra.cs.account.AccountServiceException)220
Account (com.zimbra.cs.account.Account)193
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)149
IOException (java.io.IOException)127
Mailbox (com.zimbra.cs.mailbox.Mailbox)122
ArrayList (java.util.ArrayList)107
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)100
Element (com.zimbra.common.soap.Element)97
HashMap (java.util.HashMap)93
Test (org.junit.Test)89
Provisioning (com.zimbra.cs.account.Provisioning)86
Domain (com.zimbra.cs.account.Domain)60
Folder (com.zimbra.cs.mailbox.Folder)54
Server (com.zimbra.cs.account.Server)53
ItemId (com.zimbra.cs.service.util.ItemId)52
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)51
ZMailbox (com.zimbra.client.ZMailbox)50
Mountpoint (com.zimbra.cs.mailbox.Mountpoint)46
NoSuchItemException (com.zimbra.cs.mailbox.MailServiceException.NoSuchItemException)44
