Example 1 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class LdapProvisioning method getAllGroups.
/**
* Get all static distribution lists and dynamic groups
*/
@SuppressWarnings("unchecked")
@Override
public List getAllGroups(Domain domain) throws ServiceException {
SearchDirectoryOptions searchOpts = new SearchDirectoryOptions(domain);
searchOpts.setFilter(mDIT.filterGroupsByDomain(domain));
searchOpts.setTypes(ObjectType.distributionlists, ObjectType.dynamicgroups);
searchOpts.setSortOpt(SortOpt.SORT_ASCENDING);
List<NamedEntry> groups = (List<NamedEntry>) searchDirectoryInternal(searchOpts);
return groups;
}
Also used :
SearchDirectoryOptions(com.zimbra.cs.account.SearchDirectoryOptions)
NamedEntry(com.zimbra.cs.account.NamedEntry)
LdapDistributionList(com.zimbra.cs.account.ldap.entry.LdapDistributionList)
ArrayList(java.util.ArrayList)
List(java.util.List)
AddressList(com.zimbra.cs.account.AddressList)
DistributionList(com.zimbra.cs.account.DistributionList)
Example 2 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class MailboxManager method getMailboxSizes.
/**
* Returns the zimbra IDs and approximate sizes for all mailboxes on
* the system. Note that mailboxes are created lazily, so there may be
* accounts homed on this system for whom there is is not yet a mailbox
* and hence are not included in the returned <code>Map</code>.
*
* @throws ServiceException The following error codes are possible:<ul>
* <li><code>service.FAILURE</code> - an error occurred while accessing
* the database; a SQLException is encapsulated</ul>
*/
public Map<String, Long> getMailboxSizes(List<NamedEntry> accounts) throws ServiceException {
List<Integer> requested;
synchronized (this) {
if (accounts == null) {
requested = new ArrayList<Integer>(mailboxIds.values());
} else {
requested = new ArrayList<Integer>(accounts.size());
for (NamedEntry account : accounts) {
Integer mailboxId = mailboxIds.get(account.getId());
if (mailboxId != null)
requested.add(mailboxId);
}
}
}
DbConnection conn = null;
try {
conn = DbPool.getConnection();
return DbMailbox.getMailboxSizes(conn, requested);
} finally {
if (conn != null)
DbPool.quietClose(conn);
}
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
DbConnection(com.zimbra.cs.db.DbPool.DbConnection)
Example 3 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class CollectAllEffectiveRights method collect.
private void collect() throws ServiceException {
if (mRightBearer instanceof GlobalAdmin) {
for (TargetType tt : TargetType.values()) {
EffectiveRights er = new EffectiveRights(tt.getCode(), null, null, mRightBearer.getId(), mRightBearer.getName());
Entry target;
if (TargetType.config == tt) {
target = mProv.getConfig();
} else if (TargetType.global == tt) {
target = mProv.getGlobalGrant();
} else {
target = PseudoTarget.createPseudoTarget(mProv, tt, null, null, true, null, null, null);
}
CollectEffectiveRights.getEffectiveRights(mRightBearer, target, tt, mExpandSetAttrs, mExpandGetAttrs, er);
mResult.setAll(tt, er);
}
return;
}
// we want all target types
Set<TargetType> targetTypesToSearch = new HashSet<TargetType>(Arrays.asList(TargetType.values()));
// get the set of zimbraId of the grantees to search for
Set<String> granteeIdsToSearch = mGrantee.getIdAndGroupIds();
// add external group grants that *may* apply
if (mGrantee.isAccount()) {
Domain domain = mProv.getDomain(mGrantee.getAccount());
granteeIdsToSearch.add(ZimbraACE.ExternalGroupInfo.encode(domain.getId(), ""));
}
SearchGrants searchGrants = new SearchGrants(mProv, targetTypesToSearch, granteeIdsToSearch);
Set<GrantsOnTarget> grantsOnTargets = searchGrants.doSearch().getResults(true);
// staging for group grants
Set<Group> groupsWithGrants = new HashSet<Group>();
//
for (GrantsOnTarget grantsOnTarget : grantsOnTargets) {
Entry grantedOnEntry = grantsOnTarget.getTargetEntry();
ZimbraACL acl = grantsOnTarget.getAcl();
TargetType targetType = TargetType.getTargetType(grantedOnEntry);
if (targetType == TargetType.global) {
computeRightsInheritedFromGlobalGrant();
} else if (targetType == TargetType.domain) {
computeRightsInheritedFromDomain((Domain) grantedOnEntry);
computeSubDomainRightsInheritedFromDomain(acl, (Domain) grantedOnEntry);
} else if (targetType == TargetType.dl) {
groupsWithGrants.add((DistributionList) grantedOnEntry);
} else if (targetType == TargetType.group) {
groupsWithGrants.add((DynamicGroup) grantedOnEntry);
}
}
//
// Stage 2
//
// process group grants
//
// first, shape all members in all groups with grants into "shapes"
//
// e.g. if the grant search returned three groups: A, B, C
// group A contains members m1, m2, m3
// group B contains members m2, m3, m4
// group C contains members m5
//
// (assuming all m{X} are accounts)
//
// After "shaping", the accountShapes Set will contain 4 shapes:
// shape A - m1
// shape AB - m2, m3
// shape B - m4
// shape C - m5
//
/*
* because of bug 68820, we have to also take into accounts all sub groups
* of groupsWithGrants when we build shapes - even if the sub groups don't
* have any grants.
*
* Prior to bug 68820, we didn't have to do this(i.e. add in sub groups
* that don't have any grants when shapes are computed), because sub groups
* dont't have grants would never affect how grants are inherited - all grants
* get inherited to sub groups and their member accounts/crs.
*
* But bug 68820 introduced a new right modifier - DISINHERIT_SUB_GROUPS,
* that controls whether a grant on a group can be inherited by sub groups and
* their account/cr members.
*
* Now the input groups for calculating shapes are:
* union of (groups have grants and all their sub groups)
*
* This will result in more shares than before if non ofthe sub groups has grants,
* but if spawned shapes actually have the same effective rights, they will be
* merged by RightsByTargetType.addAggregation(), in that it checks if ther are
* already an aggregation with the exact the same right. If there are, then just
* add the targets to the existing aggregation, instead of adding new ones.
*/
Set<String> processedGroups = new HashSet<String>();
Set<GroupShape> accountShapes = new HashSet<GroupShape>();
Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
for (Group group : groupsWithGrants) {
String groupName = group.getName().toLowerCase();
if (processedGroups.contains(groupName)) {
continue;
} else {
processedGroups.add(groupName);
}
AllGroupMembers allMembers = getAllGroupMembers(group);
GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
// no need to get TargetType.group members of the group, because
// dynamic group cannot be a member of a Distribution list or another
// dynamic group
processedGroups.add(group.getId());
/*
* handle sub groups. allMembers already contains a flat set of all members
* of group that is a DistributionList, just go through the flat set and compute
* shares for each. If group is a dynamic group, we should never get into
* the following loop, because there should be no nested groups member of
* dynamic group.
*/
for (String nestedGoupMember : allMembers.getMembers(TargetType.dl)) {
String nestedGoupMemberName = nestedGoupMember.toLowerCase();
if (processedGroups.contains(nestedGoupMemberName)) {
continue;
} else {
processedGroups.add(nestedGoupMemberName);
}
DistributionList subDl = mProv.get(DistributionListBy.name, nestedGoupMemberName);
// sanity check, shout not be null
if (subDl != null) {
AllGroupMembers allMembersOfSubDl = getAllGroupMembers(subDl);
GroupShape.shapeMembers(TargetType.account, accountShapes, allMembersOfSubDl);
GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembersOfSubDl);
GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembersOfSubDl);
}
}
}
if (ZimbraLog.acl.isDebugEnabled()) {
GroupShape.debug("accountShapes", accountShapes);
GroupShape.debug("calendarResourceShapes", calendarResourceShapes);
GroupShape.debug("distributionListShapes", distributionListShapes);
}
// then, for each group shape, generate a RightAggregation and record in the AllEffectiveRights.
// if any of the entries in a shape also have grants as an individual, the effective rigths for
// those entries will be replaced in stage 3.
Set<String> entryIdsHasGrants = new HashSet<String>();
for (GrantsOnTarget grantsOnTarget : grantsOnTargets) {
Entry grantedOnEntry = grantsOnTarget.getTargetEntry();
if (grantedOnEntry instanceof NamedEntry) {
entryIdsHasGrants.add(((NamedEntry) grantedOnEntry).getId());
}
}
computeRightsOnGroupShape(TargetType.account, accountShapes, entryIdsHasGrants);
computeRightsOnGroupShape(TargetType.calresource, calendarResourceShapes, entryIdsHasGrants);
computeRightsOnGroupShape(TargetType.dl, distributionListShapes, entryIdsHasGrants);
//
for (GrantsOnTarget grantsOnTarget : grantsOnTargets) {
Entry grantedOnEntry = grantsOnTarget.getTargetEntry();
ZimbraACL acl = grantsOnTarget.getAcl();
TargetType targetType = TargetType.getTargetType(grantedOnEntry);
if (targetType != TargetType.global) {
computeRightsOnEntry(targetType, grantedOnEntry);
}
}
}
Also used :
DynamicGroup(com.zimbra.cs.account.DynamicGroup)
Group(com.zimbra.cs.account.Group)
DynamicGroup(com.zimbra.cs.account.DynamicGroup)
EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)
AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)
GrantsOnTarget(com.zimbra.cs.account.accesscontrol.SearchGrants.GrantsOnTarget)
NamedEntry(com.zimbra.cs.account.NamedEntry)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Entry(com.zimbra.cs.account.Entry)
Domain(com.zimbra.cs.account.Domain)
GlobalAdmin(com.zimbra.cs.account.accesscontrol.RightBearer.GlobalAdmin)
HashSet(java.util.HashSet)
DistributionList(com.zimbra.cs.account.DistributionList)
Example 4 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class BUG_66387 method fixAccount.
private void fixAccount(String name, String[] allowFromAddresses) throws ServiceException {
++numInspected;
Account account = prov.get(AccountBy.name, name);
if (account == null) {
// this shouldn't happen
printer.println("Account " + name + " not found! Skipping.");
return;
}
boolean modified = false;
printer.println("# Account: " + account.getName());
String[] addrs = account.getAllowFromAddress();
printer.println(" Current value = " + StringUtil.join(", ", addrs));
Set<String> remainingAddrs = new HashSet<String>();
for (String addr : addrs) {
NamedEntry entry = lookupEntry(addr);
if (entry instanceof Account) {
if (!entry.getId().equalsIgnoreCase(account.getId())) {
doGrant(entry, account, addr);
modified = true;
} else {
printer.println(" - removing redundant address " + addr);
modified = true;
}
} else if (entry instanceof Group) {
doGrant(entry, account, addr);
modified = true;
} else {
remainingAddrs.add(addr);
}
}
if (modified) {
Map<String, Object> attrsMap = new HashMap<String, Object>();
if (!remainingAddrs.isEmpty()) {
String[] remaining = remainingAddrs.toArray(new String[0]);
attrsMap.put(Provisioning.A_zimbraAllowFromAddress, remaining);
printer.println(" New value = " + StringUtil.join(", ", remaining));
} else {
attrsMap.put(Provisioning.A_zimbraAllowFromAddress, "");
printer.println(" New value = <unset>");
}
prov.modifyAttrs(account, attrsMap, false, false);
++numFixed;
} else {
printer.println(" No change needed");
}
printer.println();
}
Also used :
Account(com.zimbra.cs.account.Account)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Group(com.zimbra.cs.account.Group)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 5 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class LdapProvisioning method getNamesForIds.
@Override
public Map<String, String> getNamesForIds(Set<String> ids, EntryType type) throws ServiceException {
final Map<String, String> result = new HashMap<String, String>();
Set<String> unresolvedIds;
NamedEntry entry;
final String nameAttr;
final EntryType entryType = type;
String base;
String objectClass;
switch(entryType) {
case account:
unresolvedIds = new HashSet<String>();
for (String id : ids) {
entry = accountCache.getById(id);
if (entry != null)
result.put(id, entry.getName());
else
unresolvedIds.add(id);
}
nameAttr = Provisioning.A_zimbraMailDeliveryAddress;
base = mDIT.mailBranchBaseDN();
objectClass = AttributeClass.OC_zimbraAccount;
break;
case group:
unresolvedIds = ids;
// see dnToEmail
nameAttr = Provisioning.A_uid;
base = mDIT.mailBranchBaseDN();
objectClass = AttributeClass.OC_zimbraDistributionList;
break;
case cos:
unresolvedIds = new HashSet<String>();
for (String id : ids) {
entry = cosCache.getById(id);
if (entry != null)
result.put(id, entry.getName());
else
unresolvedIds.add(id);
}
nameAttr = Provisioning.A_cn;
base = mDIT.cosBaseDN();
objectClass = AttributeClass.OC_zimbraCOS;
break;
case domain:
unresolvedIds = new HashSet<String>();
for (String id : ids) {
entry = getFromCache(Key.DomainBy.id, id, GetFromDomainCacheOption.POSITIVE);
if (entry != null)
result.put(id, entry.getName());
else
unresolvedIds.add(id);
}
nameAttr = Provisioning.A_zimbraDomainName;
base = mDIT.domainBaseDN();
objectClass = AttributeClass.OC_zimbraDomain;
break;
default:
throw ServiceException.FAILURE("unsupported entry type for getNamesForIds" + type.name(), null);
}
// we are done if all ids can be resolved in our cache
if (unresolvedIds.size() == 0)
return result;
SearchLdapVisitor visitor = new SearchLdapVisitor() {
@Override
public void visit(String dn, Map<String, Object> attrs, IAttributes ldapAttrs) {
String id = (String) attrs.get(Provisioning.A_zimbraId);
String name = null;
try {
switch(entryType) {
case account:
name = ldapAttrs.getAttrString(Provisioning.A_zimbraMailDeliveryAddress);
if (name == null)
name = mDIT.dnToEmail(dn, ldapAttrs);
break;
case group:
name = mDIT.dnToEmail(dn, ldapAttrs);
break;
case cos:
name = ldapAttrs.getAttrString(Provisioning.A_cn);
break;
case domain:
name = ldapAttrs.getAttrString(Provisioning.A_zimbraDomainName);
break;
}
} catch (ServiceException e) {
name = null;
}
if (name != null)
result.put(id, name);
}
};
String[] returnAttrs = new String[] { Provisioning.A_zimbraId, nameAttr };
searchNamesForIds(unresolvedIds, base, objectClass, returnAttrs, visitor);
return result;
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
SearchLdapVisitor(com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor)
CacheEntryType(com.zimbra.soap.admin.type.CacheEntryType)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
HashMap(java.util.HashMap)
IAttributes(com.zimbra.cs.ldap.IAttributes)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
HashMap(java.util.HashMap)
Aggregations
NamedEntry (com.zimbra.cs.account.NamedEntry)109
Account (com.zimbra.cs.account.Account)51
ServiceException (com.zimbra.common.service.ServiceException)24
Domain (com.zimbra.cs.account.Domain)24
Provisioning (com.zimbra.cs.account.Provisioning)23
DistributionList (com.zimbra.cs.account.DistributionList)19
SearchDirectoryOptions (com.zimbra.cs.account.SearchDirectoryOptions)19
ProvTest (com.zimbra.qa.unittest.prov.ProvTest)19
AccountServiceException (com.zimbra.cs.account.AccountServiceException)18
HashSet (java.util.HashSet)17
Entry (com.zimbra.cs.account.Entry)15
HashMap (java.util.HashMap)15
Element (com.zimbra.common.soap.Element)14
Group (com.zimbra.cs.account.Group)14
SearchAccountsOptions (com.zimbra.cs.account.SearchAccountsOptions)12
GuestAccount (com.zimbra.cs.account.GuestAccount)9
MailTarget (com.zimbra.cs.account.MailTarget)8
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)8
ArrayList (java.util.ArrayList)8
AccessManager (com.zimbra.cs.account.AccessManager)7
