Example 26 with AccountServiceException
use of com.zimbra.cs.account.AccountServiceException in project zm-mailbox by Zimbra.
the class TestLdapProvIdentity method createIdentityAlreadyExists.
@Test
public void createIdentityAlreadyExists() throws Exception {
String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
String IDENTITY_NAME = Names.makeIdentityName(genIdentityName());
Account acct = createAccount(ACCT_NAME_LOCALPART);
Identity identity = createIdentity(acct, IDENTITY_NAME);
boolean caughtException = false;
try {
createIdentityRaw(acct, IDENTITY_NAME);
} catch (AccountServiceException e) {
if (AccountServiceException.IDENTITY_EXISTS.equals(e.getCode())) {
caughtException = true;
}
}
assertTrue(caughtException);
deleteIdentity(acct, identity);
deleteAccount(acct);
}
Also used :
Account(com.zimbra.cs.account.Account)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
Identity(com.zimbra.cs.account.Identity)
Test(org.junit.Test)
Example 27 with AccountServiceException
use of com.zimbra.cs.account.AccountServiceException in project zm-mailbox by Zimbra.
the class RemoveAccountAlias method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
RemoveAccountAliasRequest req = JaxbUtil.elementToJaxb(request);
String id = req.getId();
String alias = req.getAlias();
Account account = null;
if (id != null) {
account = prov.get(AccountBy.id, id, zsc.getAuthToken());
}
try {
defendAgainstAccountOrCalendarResourceHarvesting(account, AccountBy.id, id, zsc, Admin.R_removeAccountAlias, Admin.R_removeCalendarResourceAlias);
} catch (AccountServiceException ase) {
// still may want to remove the alias, even if it doesn't point at anything
// note: if we got a permission denied instead of AccountServiceException,
// means we don't have the rights so shouldn't get any further
}
String acctName = "";
if (account != null) {
acctName = account.getName();
}
// if the admin can remove an alias in the domain
checkDomainRightByEmail(zsc, alias, Admin.R_deleteAlias);
// If account is null, still invoke removeAlias. Ensures dangling aliases are cleaned up as much as possible
prov.removeAlias(account, alias);
ZimbraLog.security.info(ZimbraLog.encodeAttrs(new String[] { "cmd", "RemoveAccountAlias", "name", acctName, "alias", alias }));
return zsc.jaxbToElement(new RemoveAccountAliasResponse());
}
Also used :
RemoveAccountAliasResponse(com.zimbra.soap.admin.message.RemoveAccountAliasResponse)
Account(com.zimbra.cs.account.Account)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
RemoveAccountAliasRequest(com.zimbra.soap.admin.message.RemoveAccountAliasRequest)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Provisioning(com.zimbra.cs.account.Provisioning)
Example 28 with AccountServiceException
use of com.zimbra.cs.account.AccountServiceException in project zm-mailbox by Zimbra.
the class TestAccountLockout method ssoWhenAccountIsLockedout.
@Test
public void ssoWhenAccountIsLockedout() throws Exception {
Account acct = createAccount(genAcctNameLocalPart());
lockout(acct);
boolean authFailed = false;
try {
prov.ssoAuthAccount(acct, AuthContext.Protocol.test, null);
} catch (AccountServiceException e) {
if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
authFailed = true;
}
}
Assert.assertTrue(authFailed);
deleteAccount(acct);
}
Also used :
Account(com.zimbra.cs.account.Account)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
Test(org.junit.Test)
Example 29 with AccountServiceException
use of com.zimbra.cs.account.AccountServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createIdentity.
private Identity createIdentity(Account account, String identityName, Map<String, Object> identityAttrs, boolean restoring) throws ServiceException {
removeAttrIgnoreCase("objectclass", identityAttrs);
validateIdentityAttrs(identityAttrs);
LdapEntry ldapEntry = (LdapEntry) (account instanceof LdapEntry ? account : getAccountById(account.getId()));
if (ldapEntry == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(account.getName());
if (identityName.equalsIgnoreCase(ProvisioningConstants.DEFAULT_IDENTITY_NAME))
throw AccountServiceException.IDENTITY_EXISTS(identityName);
List<Identity> existing = getAllIdentities(account);
if (existing.size() >= account.getLongAttr(A_zimbraIdentityMaxNumEntries, 20))
throw AccountServiceException.TOO_MANY_IDENTITIES();
account.setCachedData(IDENTITY_LIST_CACHE_KEY, null);
boolean checkImmutable = !restoring;
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(identityAttrs, null, callbackContext, checkImmutable);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_IDENTITY);
String dn = getIdentityDn(ldapEntry, identityName);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.setDN(dn);
entry.mapToAttrs(identityAttrs);
entry.setAttr(A_objectClass, "zimbraIdentity");
if (!entry.hasAttribute(A_zimbraPrefIdentityId)) {
String identityId = LdapUtil.generateUUID();
entry.setAttr(A_zimbraPrefIdentityId, identityId);
}
entry.setAttr(Provisioning.A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
zlc.createEntry(entry);
Identity identity = getIdentityByName(ldapEntry, identityName, zlc);
AttributeManager.getInstance().postModify(identityAttrs, identity, callbackContext);
return identity;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.IDENTITY_EXISTS(identityName);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create identity " + identityName, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapIdentity(com.zimbra.cs.account.ldap.entry.LdapIdentity)
Identity(com.zimbra.cs.account.Identity)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 30 with AccountServiceException
use of com.zimbra.cs.account.AccountServiceException in project zm-mailbox by Zimbra.
the class LdapProvisioning method renameAccount.
@Override
public void renameAccount(String zimbraId, String newName) throws ServiceException {
newName = IDNUtil.toAsciiEmail(newName);
validEmailAddress(newName);
ZLdapContext zlc = null;
Account acct = getAccountById(zimbraId, zlc, true);
// prune cache
accountCache.remove(acct);
LdapEntry entry = (LdapEntry) acct;
if (acct == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(zimbraId);
String oldEmail = acct.getName();
boolean domainChanged = false;
Account oldAccount = acct;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.RENAME_ACCOUNT);
String oldDn = entry.getDN();
String[] parts = EmailUtil.getLocalPartAndDomain(oldEmail);
String oldLocal = parts[0];
String oldDomain = parts[1];
newName = newName.toLowerCase().trim();
parts = EmailUtil.getLocalPartAndDomain(newName);
if (parts == null) {
throw ServiceException.INVALID_REQUEST("bad value for newName", null);
}
String newLocal = parts[0];
String newDomain = parts[1];
Domain domain = getDomainByAsciiName(newDomain, zlc);
if (domain == null) {
throw AccountServiceException.NO_SUCH_DOMAIN(newDomain);
}
domainChanged = !newDomain.equals(oldDomain);
if (domainChanged) {
validate(ProvisioningValidator.RENAME_ACCOUNT, newName, acct.getMultiAttr(Provisioning.A_objectClass, false), acct.getAttrs(false));
validate(ProvisioningValidator.RENAME_ACCOUNT_CHECK_DOMAIN_COS_AND_FEATURE, newName, acct.getAttrs(false));
// make sure the new domain is a local domain
if (!domain.isLocal()) {
throw ServiceException.INVALID_REQUEST("domain type must be local", null);
}
}
String newDn = mDIT.accountDNRename(oldDn, newLocal, domain.getName());
boolean dnChanged = (!newDn.equals(oldDn));
Map<String, Object> newAttrs = acct.getAttrs(false);
if (dnChanged) {
// uid will be changed during renameEntry, so no need to modify it
// OpenLDAP is OK modifying it, as long as it matches the new DN, but
// InMemoryDirectoryServer does not like it.
newAttrs.remove(Provisioning.A_uid);
} else {
newAttrs.put(Provisioning.A_uid, newLocal);
}
newAttrs.put(Provisioning.A_zimbraMailDeliveryAddress, newName);
if (oldEmail.equals(newAttrs.get(Provisioning.A_zimbraPrefFromAddress))) {
newAttrs.put(Provisioning.A_zimbraPrefFromAddress, newName);
}
ReplaceAddressResult replacedMails = replaceMailAddresses(acct, Provisioning.A_mail, oldEmail, newName);
if (replacedMails.newAddrs().length == 0) {
// Set mail to newName if the account currently does not have a mail
newAttrs.put(Provisioning.A_mail, newName);
} else {
newAttrs.put(Provisioning.A_mail, replacedMails.newAddrs());
}
ReplaceAddressResult replacedAliases = replaceMailAddresses(acct, Provisioning.A_zimbraMailAlias, oldEmail, newName);
if (replacedAliases.newAddrs().length > 0) {
newAttrs.put(Provisioning.A_zimbraMailAlias, replacedAliases.newAddrs());
String newDomainDN = mDIT.domainToAccountSearchDN(newDomain);
String[] aliasNewAddrs = replacedAliases.newAddrs();
// (if domain also got changed)
if (domainChanged && addressExistsUnderDN(zlc, newDomainDN, aliasNewAddrs)) {
throw AccountServiceException.ALIAS_EXISTS(Arrays.toString(aliasNewAddrs));
}
// it won't be caught by the above check, do a separate check.
for (int i = 0; i < aliasNewAddrs.length; i++) {
if (newName.equalsIgnoreCase(aliasNewAddrs[i])) {
throw AccountServiceException.ACCOUNT_EXISTS(newName);
}
}
}
ReplaceAddressResult replacedAllowAddrForDelegatedSender = replaceMailAddresses(acct, Provisioning.A_zimbraPrefAllowAddressForDelegatedSender, oldEmail, newName);
if (replacedAllowAddrForDelegatedSender.newAddrs().length > 0) {
newAttrs.put(Provisioning.A_zimbraPrefAllowAddressForDelegatedSender, replacedAllowAddrForDelegatedSender.newAddrs());
}
if (newAttrs.get(Provisioning.A_displayName) == null && oldLocal.equals(newAttrs.get(Provisioning.A_cn)))
newAttrs.put(Provisioning.A_cn, newLocal);
if (dnChanged) {
zlc.renameEntry(oldDn, newDn);
// re-get the acct object, make sure we don't get it from cache
// Note: this account object contains the old address, it should never
// be cached
acct = getAccountByQuery(mDIT.mailBranchBaseDN(), filterFactory.accountById(zimbraId), zlc, true);
if (acct == null) {
throw ServiceException.FAILURE("cannot find account by id after modrdn", null);
}
}
// rename the account and all it's renamed aliases to the new name in all
// distribution lists. Doesn't throw exceptions, just logs
renameAddressesInAllDistributionLists(oldEmail, newName, replacedAliases);
// doesn't throw exceptions, just logs
if (domainChanged) {
moveAliases(zlc, replacedAliases, newDomain, null, oldDn, newDn, oldDomain, newDomain);
}
modifyLdapAttrs(acct, zlc, newAttrs);
// re-get the account again, now attrs contains new addrs
acct = getAccountByQuery(mDIT.mailBranchBaseDN(), filterFactory.accountById(zimbraId), zlc, true);
if (acct == null) {
throw ServiceException.FAILURE("cannot find account by id after modrdn", null);
}
removeExternalAddrsFromAllDynamicGroups(acct.getAllAddrsSet(), zlc);
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.ACCOUNT_EXISTS(newName);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to rename account: " + newName, e);
} finally {
LdapClient.closeContext(zlc);
// prune cache
accountCache.remove(oldAccount);
}
// reload it to cache using the master, bug 45736
Account renamedAcct = getAccountById(zimbraId, null, true);
if (domainChanged) {
PermissionCache.invalidateCache(renamedAcct);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Aggregations
AccountServiceException (com.zimbra.cs.account.AccountServiceException)44
ServiceException (com.zimbra.common.service.ServiceException)22
LdapException (com.zimbra.cs.ldap.LdapException)20
LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)20
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)20
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)19
Account (com.zimbra.cs.account.Account)14
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)14
CallbackContext (com.zimbra.cs.account.callback.CallbackContext)13
Date (java.util.Date)13
Domain (com.zimbra.cs.account.Domain)10
HashMap (java.util.HashMap)10
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)8
LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)5
Cos (com.zimbra.cs.account.Cos)4
Test (org.junit.Test)4
DistributionList (com.zimbra.cs.account.DistributionList)3
GuestAccount (com.zimbra.cs.account.GuestAccount)3
Server (com.zimbra.cs.account.Server)3
Signature (com.zimbra.cs.account.Signature)3
