Example 1 with LdapProvisioning
use of com.zimbra.cs.account.ldap.LdapProvisioning in project zm-mailbox by Zimbra.
the class TestLdapProvRenameDomain method verifyHasMembers.
private void verifyHasMembers(int dlType, int memberTypes, int domainIdx) throws Exception {
for (int dlIdx = 0; dlIdx < NUM_OBJS(dlType); dlIdx++) {
String name = OBJ_NAME(dlType, dlIdx, domainIdx);
DistributionList dl = prov.get(Key.DistributionListBy.name, name);
assertNotNull(dl);
Set<String> expectedNames = new HashSet<String>();
for (int d = 0; d < NUM_DOMAINS; d++) {
int dIdx = DOMAIN_INDEX_AFTER_RENAME(d);
if ((memberTypes & OBJ_ACCT) != 0) {
for (int i = 0; i < NUM_ACCOUNTS; i++) {
Set<String> names = ACCOUNT_NAMES(i, dIdx, true);
for (String n : names) {
expectedNames.add(new Names.IDNName(n).uName());
}
}
}
if ((memberTypes & OBJ_DL_NESTED) != 0) {
for (int i = 0; i < NUM_DLS_NESTED; i++) {
Set<String> names = NESTED_DL_NAMES(i, dIdx, true);
for (String n : names) {
expectedNames.add(new Names.IDNName(n).uName());
}
}
}
if ((memberTypes & OBJ_DL_TOP) != 0) {
for (int i = 0; i < NUM_DLS_TOP; i++) {
Set<String> names = TOP_DL_NAMES(i, dIdx, true);
for (String n : names) {
expectedNames.add(new Names.IDNName(n).uName());
}
}
}
// TODO: DYNAMIC GROUP
}
// if we are verifying using SoapProvisioning, members contains unicode addrs,
// because they are converted in SOAP handlers.
// if we are verifying using LdapProvisioning, members contains ACE addrs, which
// are values stored in LDAP. convert them to unicode for verifying.
String[] members = dl.getAllMembers();
Set<String> actualNames = new HashSet<String>(Arrays.asList(members));
if (prov instanceof LdapProvisioning) {
Set<String> actualNamesUnicode = Sets.newHashSet();
for (String addr : actualNames) {
String addrUnicode = IDNUtil.toUnicode(addr);
actualNamesUnicode.add(addrUnicode);
}
actualNames = actualNamesUnicode;
}
// dumpStrings("expectedNames", expectedNames);
// dumpStrings("actualNames", actualNames);
Verify.verifyEquals(expectedNames, actualNames);
}
}
Also used :
LdapProvisioning(com.zimbra.cs.account.ldap.LdapProvisioning)
DistributionList(com.zimbra.cs.account.DistributionList)
HashSet(java.util.HashSet)
Example 2 with LdapProvisioning
use of com.zimbra.cs.account.ldap.LdapProvisioning in project zm-mailbox by Zimbra.
the class ProxyPurgeUtil method purgeAccounts.
/**
* Purges or, prints all the routes for the accounts supplied.
* @param servers list of memcached servers supplied, if null the function gets all the
* memcached servers from provisioning
* @param accounts list of accounts (qualified or, unqualified)
* @param purge true for the account routes purging, false for printing the routes
* @param outputformat format of the output in case of printing
* @throws ServiceException
*/
public static void purgeAccounts(List<String> servers, List<String> accounts, boolean purge, String outputformat) throws ServiceException {
Provisioning prov = Provisioning.getInstance();
// Some sanity checks.
if (accounts == null || accounts.isEmpty()) {
System.err.println("No account supplied");
System.exit(1);
}
if (!purge) {
// the outputformat must be supplied.
if (outputformat == null || outputformat.length() == 0) {
System.err.println("outputformat must be supplied for info");
System.exit(1);
}
}
if (servers == null) {
List<Server> memcachedServers = prov.getAllServers(Provisioning.SERVICE_MEMCACHED);
servers = new ArrayList<String>();
for (Iterator<Server> it = memcachedServers.iterator(); it.hasNext(); ) {
Server s = it.next();
String serverName = s.getAttr(Provisioning.A_zimbraServiceHostname, "localhost");
String servicePort = s.getAttr(Provisioning.A_zimbraMemcachedBindPort, memcachedPort);
servers.add(serverName + ":" + servicePort);
}
}
// Connect to all memcached servers.
int numServers = servers.size();
ArrayList<ZimbraMemcachedClient> zmcs = new ArrayList<ZimbraMemcachedClient>();
for (int i = 0; i < numServers; ++i) {
ZimbraMemcachedClient zmc = new ZimbraMemcachedClient();
zmc.connect(new String[] { servers.get(i) }, false, null, 0, 5000);
zmcs.add(zmc);
}
for (String a : accounts) {
// Bug 24463
// The route keying in memcached is governed by the following rules:
// 1. if login name is fully qualified, use that as the route key
// 2. otherwise, if memcache_entry_allow_unqualified is true, then use the bare login as the route key
// 3. else, append the IP address of the proxy interface to the login and use that as the route key
// 4. for the login store all the user's alias, append the ip address of the proxy interface.
//
// For accounts authenticating without domain, NGINX internally suffixes @domain
// to the login name, by first looking up an existing domain by the IP address of
// the proxy interface where the connection came in. If no such domain is found,
// then NGINX falls back to the default domain name specified by the config
// attribute zimbraDefaultDomainName.
// The IP to domain mapping is done based on the zimbraVirtualIPAddress attribute
// of the domain (The IP-to-domain mapping is a many-to-one relationship.)
//
// For the zmproxypurge utility if the account supplied (-a option) is:
// 1. For fully qualified account with @domain; it will find all the virtual IP
// addresses for that domain and will delete all the entries on all memcached servers:
// i) with the user@domain (case 1 as described above)
// ii) with just the user (case 2 as described above)
// iii) with all the virtual IP addresses configured for the domain
// iv) find all the alias for the account and repeat (i) to (iii)
// 2. For the account supplied with the IP address; the utility will only try to
// purge the entries with the user@IP.
// 3. If there is a single domain and the account supplied is not fully qualified;
// the utility will append the default domain to that entry and will execute step 1.
// (In this case the provisioning lookup will return the correct domain)
ArrayList<String> routes = new ArrayList<String>();
// Lookup the account; at this point we don't whether the user is fully qualified.
Account account = prov.get(Key.AccountBy.name, a);
if (account == null) {
// In this case just purge the entries with the given account name as supplied.
System.out.println("error looking up accout: " + a);
routes.add("route:proto=http;user=" + a);
routes.add("route:proto=imap;user=" + a);
routes.add("route:proto=pop3;user=" + a);
routes.add("route:proto=httpssl;user=" + a);
routes.add("route:proto=imapssl;user=" + a);
routes.add("route:proto=pop3ssl;user=" + a);
} else {
String uid = account.getUid();
routes.add("route:proto=http;id=" + account.getId());
routes.add("route:proto=http;user=" + uid);
routes.add("route:proto=imap;user=" + uid);
routes.add("route:proto=pop3;user=" + uid);
routes.add("route:proto=httpssl;id=" + account.getId());
routes.add("route:proto=httpssl;user=" + uid);
routes.add("route:proto=imapssl;user=" + uid);
routes.add("route:proto=pop3ssl;user=" + uid);
routes.add("route:proto=httpssl;admin=1;id=" + account.getId());
String domain = account.getDomainName();
routes.add("route:proto=http;user=" + uid + "@" + domain);
routes.add("route:proto=imap;user=" + uid + "@" + domain);
routes.add("route:proto=pop3;user=" + uid + "@" + domain);
routes.add("route:proto=httpssl;user=" + uid + "@" + domain);
routes.add("route:proto=imapssl;user=" + uid + "@" + domain);
routes.add("route:proto=pop3ssl;user=" + uid + "@" + domain);
routes.add("alias:user=" + uid + ";ip=" + domain);
Domain d = prov.get(Key.DomainBy.name, domain);
String[] vips = d.getVirtualIPAddress();
for (String vip : vips) {
// for each virtual ip add the routes to the list.
routes.add("route:proto=http;user=" + uid + "@" + vip);
routes.add("route:proto=imap;user=" + uid + "@" + vip);
routes.add("route:proto=pop3;user=" + uid + "@" + vip);
routes.add("route:proto=httpssl;user=" + uid + "@" + vip);
routes.add("route:proto=imapssl;user=" + uid + "@" + vip);
routes.add("route:proto=pop3ssl;user=" + uid + "@" + vip);
routes.add("alias:user=" + uid + ";ip=" + vip);
}
String[] vhostnames = d.getVirtualHostname();
for (String vhost : vhostnames) {
// for each virtual host name add the alias to the list
routes.add("alias:user=" + uid + ";vhost=" + vhost);
}
String[] aliases = account.getMailAlias();
List<String> uids = new ArrayList<String>();
uids.add(uid);
for (String alias : aliases) {
if (alias.indexOf('@') != -1 && alias.substring(alias.indexOf('@') + 1).equals(domain)) {
uids.add(alias.substring(0, alias.indexOf('@')));
}
}
// this logic works for for all cases account=addr@<alias domain> or alias-name@<alias domain>
if (prov instanceof LdapProvisioning) {
ZLdapContext ldpCtx = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.GET_DOMAIN);
try {
List<String> aliasDomainIds = ((LdapProvisioning) prov).getEmptyAliasDomainIds(ldpCtx, d, false);
if (aliasDomainIds != null) {
for (String aliasDomainId : aliasDomainIds) {
String aliasDomain = prov.getDomainById(aliasDomainId).getDomainName();
for (String userName : uids) {
routes.add("route:proto=http;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=imap;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=pop3;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=httpssl;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=imapssl;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=pop3ssl;user=" + userName + "@" + aliasDomain);
routes.add("alias:user=" + userName + ";ip=" + aliasDomain);
}
}
}
} finally {
LdapClient.closeContext(ldpCtx);
}
}
// bug:79940 says Active Sync routes are stored as http/https - alias@domain.com
for (String alias : aliases) {
routes.add("route:proto=http;user=" + alias);
routes.add("route:proto=imap;user=" + alias);
routes.add("route:proto=pop3;user=" + alias);
routes.add("route:proto=httpssl;user=" + alias);
routes.add("route:proto=imapssl;user=" + alias);
routes.add("route:proto=pop3ssl;user=" + alias);
if (alias.indexOf('@') != -1) {
alias = alias.substring(0, alias.indexOf('@'));
}
for (String vhost : vhostnames) {
// for each virtual host name add the alias to the alias user
routes.add("alias:user=" + alias + ";vhost=" + vhost);
}
for (String vip : vips) {
// for each virtual ip add the routes to the list.
routes.add("route:proto=http;user=" + alias + "@" + vip);
routes.add("route:proto=imap;user=" + alias + "@" + vip);
routes.add("route:proto=pop3;user=" + alias + "@" + vip);
routes.add("route:proto=httpssl;user=" + alias + "@" + vip);
routes.add("route:proto=imapssl;user=" + alias + "@" + vip);
routes.add("route:proto=pop3ssl;user=" + alias + "@" + vip);
routes.add("alias:user=" + alias + ";ip=" + vip);
}
}
}
for (int i = 0; i < numServers; ++i) {
ZimbraMemcachedClient zmc = zmcs.get(i);
for (String route : routes) {
if (purge) {
// Note: there is no guarantee that all the routes will be present.
// We just try to purge all of them without waiting on ack.
System.out.println("Purging " + route + " on server " + servers.get(i));
zmc.remove(route, false);
} else {
String output = String.format(outputformat, servers.get(i), route, zmc.get(route));
System.out.println(output);
}
}
}
}
for (ZimbraMemcachedClient zmc : zmcs) {
zmc.disconnect(ZimbraMemcachedClient.DEFAULT_TIMEOUT);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
Server(com.zimbra.cs.account.Server)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
ZimbraMemcachedClient(com.zimbra.common.util.memcached.ZimbraMemcachedClient)
Provisioning(com.zimbra.cs.account.Provisioning)
LdapProvisioning(com.zimbra.cs.account.ldap.LdapProvisioning)
LdapProvisioning(com.zimbra.cs.account.ldap.LdapProvisioning)
Domain(com.zimbra.cs.account.Domain)
Aggregations
LdapProvisioning (com.zimbra.cs.account.ldap.LdapProvisioning)2
ZimbraMemcachedClient (com.zimbra.common.util.memcached.ZimbraMemcachedClient)1
Account (com.zimbra.cs.account.Account)1
DistributionList (com.zimbra.cs.account.DistributionList)1
Domain (com.zimbra.cs.account.Domain)1
Provisioning (com.zimbra.cs.account.Provisioning)1
Server (com.zimbra.cs.account.Server)1
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)1
HashSet (java.util.HashSet)1
