Search in sources :

Example 6 with LdapDomain

use of com.zimbra.cs.account.ldap.entry.LdapDomain in project zm-mailbox by Zimbra.

the class LdapProvisioning method deleteDomainInternal.

public void deleteDomainInternal(ZLdapContext zlc, String zimbraId) throws ServiceException {
    // TODO: should only allow a domain delete to succeed if there are no people
    // if there aren't, we need to delete the people trees first, then delete the domain.
    LdapDomain domain = null;
    String acctBaseDn = null;
    String dynGroupsBaseDn = null;
    try {
        domain = (LdapDomain) getDomainById(zimbraId, zlc);
        if (domain == null) {
            throw AccountServiceException.NO_SUCH_DOMAIN(zimbraId);
        }
        String name = domain.getName();
        // delete account base DN
        acctBaseDn = mDIT.domainDNToAccountBaseDN(domain.getDN());
        if (!acctBaseDn.equals(domain.getDN())) {
            try {
                zlc.deleteEntry(acctBaseDn);
            } catch (LdapEntryNotFoundException e) {
                ZimbraLog.account.info("entry %s not found", acctBaseDn);
            }
        }
        // delete dynamic groups base DN
        dynGroupsBaseDn = mDIT.domainDNToDynamicGroupsBaseDN(domain.getDN());
        if (!dynGroupsBaseDn.equals(domain.getDN())) {
            try {
                zlc.deleteEntry(dynGroupsBaseDn);
            } catch (LdapEntryNotFoundException e) {
                ZimbraLog.account.info("entry %s not found", dynGroupsBaseDn);
            }
        }
        try {
            zlc.deleteEntry(domain.getDN());
            domainCache.remove(domain);
        } catch (LdapContextNotEmptyException e) {
            // remove from cache before nuking all attrs
            domainCache.remove(domain);
            // assume subdomains exist and turn into plain dc object
            Map<String, String> attrs = new HashMap<String, String>();
            attrs.put("-" + A_objectClass, "zimbraDomain");
            // remove all zimbra attrs
            for (String key : domain.getAttrs(false).keySet()) {
                if (key.startsWith("zimbra"))
                    attrs.put(key, "");
            }
            // cannot invoke callback here.  If another domain attr is added in a callback,
            // e.g. zimbraDomainStatus would add zimbraMailStatus, then we will get a LDAP
            // schema violation naming error(zimbraDomain is removed, thus there cannot be
            // any zimbraAttrs left) and the modify will fail.
            modifyAttrs(domain, attrs, false, false);
        }
        String defaultDomain = getConfig().getAttr(A_zimbraDefaultDomainName, null);
        if (name.equalsIgnoreCase(defaultDomain)) {
            try {
                Map<String, String> attrs = new HashMap<String, String>();
                attrs.put(A_zimbraDefaultDomainName, "");
                modifyAttrs(getConfig(), attrs);
            } catch (Exception e) {
                ZimbraLog.account.warn("unable to remove config attr:" + A_zimbraDefaultDomainName, e);
            }
        }
    } catch (LdapContextNotEmptyException e) {
        // get a few entries to include in the error message
        int maxEntriesToGet = 5;
        final String doNotReportThisDN = acctBaseDn;
        final StringBuilder sb = new StringBuilder();
        sb.append(" (remaining entries: ");
        SearchLdapOptions.SearchLdapVisitor visitor = new SearchLdapOptions.SearchLdapVisitor() {

            @Override
            public void visit(String dn, Map<String, Object> attrs, IAttributes ldapAttrs) {
                if (!dn.equals(doNotReportThisDN)) {
                    sb.append("[" + dn + "] ");
                }
            }
        };
        SearchLdapOptions searchOptions = new SearchLdapOptions(acctBaseDn, filterFactory.anyEntry(), new String[] { Provisioning.A_objectClass }, maxEntriesToGet, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
        try {
            zlc.searchPaged(searchOptions);
        } catch (LdapSizeLimitExceededException lslee) {
        // quietly ignore
        } catch (ServiceException se) {
            ZimbraLog.account.warn("unable to get sample entries in non-empty domain " + domain.getName() + " for reporting", se);
        }
        sb.append("...)");
        throw AccountServiceException.DOMAIN_NOT_EMPTY(domain.getName() + sb.toString(), e);
    } catch (ServiceException e) {
        throw ServiceException.FAILURE("unable to purge domain: " + zimbraId, e);
    }
}
Also used : HashMap(java.util.HashMap) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions) LdapContextNotEmptyException(com.zimbra.cs.ldap.LdapException.LdapContextNotEmptyException) AccountServiceException(com.zimbra.cs.account.AccountServiceException) ZimletException(com.zimbra.cs.zimlet.ZimletException) LdapEntryNotFoundException(com.zimbra.cs.ldap.LdapException.LdapEntryNotFoundException) IOException(java.io.IOException) LdapInvalidSearchFilterException(com.zimbra.cs.ldap.LdapException.LdapInvalidSearchFilterException) StopIteratingException(com.zimbra.cs.ldap.SearchLdapOptions.StopIteratingException) LdapInvalidAttrValueException(com.zimbra.cs.ldap.LdapException.LdapInvalidAttrValueException) LdapContextNotEmptyException(com.zimbra.cs.ldap.LdapException.LdapContextNotEmptyException) AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException) LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException) ServiceException(com.zimbra.common.service.ServiceException) LdapException(com.zimbra.cs.ldap.LdapException) LdapMultipleEntriesMatchedException(com.zimbra.cs.ldap.LdapException.LdapMultipleEntriesMatchedException) PatternSyntaxException(java.util.regex.PatternSyntaxException) LdapSizeLimitExceededException(com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException) LdapInvalidAttrNameException(com.zimbra.cs.ldap.LdapException.LdapInvalidAttrNameException) SearchLdapVisitor(com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor) SearchLdapVisitor(com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor) AccountServiceException(com.zimbra.cs.account.AccountServiceException) AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException) ServiceException(com.zimbra.common.service.ServiceException) LdapEntryNotFoundException(com.zimbra.cs.ldap.LdapException.LdapEntryNotFoundException) IAttributes(com.zimbra.cs.ldap.IAttributes) LdapSizeLimitExceededException(com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException) Map(java.util.Map) TreeMap(java.util.TreeMap) HashMap(java.util.HashMap)

Example 7 with LdapDomain

use of com.zimbra.cs.account.ldap.entry.LdapDomain in project zm-mailbox by Zimbra.

the class LdapProvisioning method getDomainByVirtualHostnameInternal.

private Domain getDomainByVirtualHostnameInternal(String virtualHostname, GetFromDomainCacheOption option) throws ServiceException {
    Domain d = domainCache.getByVirtualHostname(virtualHostname, option);
    if (d instanceof DomainCache.NonExistingDomain)
        return null;
    LdapDomain domain = (LdapDomain) d;
    if (domain == null) {
        domain = getDomainByQuery(filterFactory.domainByVirtualHostame(virtualHostname), null);
        domainCache.put(Key.DomainBy.virtualHostname, virtualHostname, domain);
    }
    return domain;
}
Also used : LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain)

Example 8 with LdapDomain

use of com.zimbra.cs.account.ldap.entry.LdapDomain in project zm-mailbox by Zimbra.

the class LdapProvisioning method countObjects.

@Override
public long countObjects(CountObjectsType type, Domain domain, UCService ucService) throws ServiceException {
    if (domain != null && !type.allowsDomain()) {
        throw ServiceException.INVALID_REQUEST("domain cannot be specified for counting type: " + type.toString(), null);
    }
    if (ucService != null && !type.allowsUCService()) {
        throw ServiceException.INVALID_REQUEST("UCService cannot be specified for counting type: " + type.toString(), null);
    }
    ZLdapFilter filter;
    // setup types for finding bases
    Set<ObjectType> types = Sets.newHashSet();
    switch(type) {
        case userAccount:
            types.add(ObjectType.accounts);
            filter = filterFactory.allNonSystemAccounts();
            break;
        case internalUserAccount:
            types.add(ObjectType.accounts);
            filter = filterFactory.allNonSystemInternalAccounts();
            break;
        case internalArchivingAccount:
            types.add(ObjectType.accounts);
            filter = filterFactory.allNonSystemArchivingAccounts();
            break;
        case account:
            types.add(ObjectType.accounts);
            types.add(ObjectType.resources);
            filter = filterFactory.allAccounts();
            break;
        case alias:
            types.add(ObjectType.aliases);
            filter = filterFactory.allAliases();
            break;
        case dl:
            types.add(ObjectType.distributionlists);
            types.add(ObjectType.dynamicgroups);
            filter = mDIT.filterGroupsByDomain(domain);
            if (domain != null && !InMemoryLdapServer.isOn()) {
                ZLdapFilter dnSubtreeMatchFilter = ((LdapDomain) domain).getDnSubtreeMatchFilter();
                filter = filterFactory.andWith(filter, dnSubtreeMatchFilter);
            }
            break;
        case calresource:
            types.add(ObjectType.resources);
            filter = filterFactory.allCalendarResources();
            break;
        case domain:
            types.add(ObjectType.domains);
            filter = filterFactory.allDomains();
            break;
        case cos:
            types.add(ObjectType.coses);
            filter = filterFactory.allCoses();
            break;
        case server:
            types.add(ObjectType.servers);
            filter = filterFactory.allServers();
            break;
        case accountOnUCService:
            if (ucService == null) {
                throw ServiceException.INVALID_REQUEST("UCService is required for counting type: " + type.toString(), null);
            }
            types.add(ObjectType.accounts);
            types.add(ObjectType.resources);
            filter = filterFactory.accountsOnUCService(ucService.getId());
            break;
        case cosOnUCService:
            if (ucService == null) {
                throw ServiceException.INVALID_REQUEST("UCService is required for counting type: " + type.toString(), null);
            }
            types.add(ObjectType.coses);
            filter = filterFactory.cosesOnUCService(ucService.getId());
            break;
        case domainOnUCService:
            if (ucService == null) {
                throw ServiceException.INVALID_REQUEST("UCService is required for counting type: " + type.toString(), null);
            }
            types.add(ObjectType.domains);
            filter = filterFactory.domainsOnUCService(ucService.getId());
            break;
        default:
            throw ServiceException.INVALID_REQUEST("unsupported counting type:" + type.toString(), null);
    }
    String[] bases = getSearchBases(domain, types);
    long num = 0;
    for (String base : bases) {
        num += countObjects(base, filter);
    }
    return num;
}
Also used : ZLdapFilter(com.zimbra.cs.ldap.ZLdapFilter) ObjectType(com.zimbra.cs.account.SearchDirectoryOptions.ObjectType) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)

Example 9 with LdapDomain

use of com.zimbra.cs.account.ldap.entry.LdapDomain in project zm-mailbox by Zimbra.

the class LdapProvisioning method getDomainByIdFromCache.

/**
     * @return The Domain from the cache, if present.
     * @throws ServiceException
     */
private Domain getDomainByIdFromCache(String zimbraId, ZLdapContext zlc, GetFromDomainCacheOption option) {
    if (zimbraId == null) {
        return null;
    }
    Domain d = domainCache.getById(zimbraId, option);
    if (d instanceof DomainCache.NonExistingDomain) {
        return null;
    }
    LdapDomain domain = (LdapDomain) d;
    return domain;
}
Also used : LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain)

Example 10 with LdapDomain

use of com.zimbra.cs.account.ldap.entry.LdapDomain in project zm-mailbox by Zimbra.

the class TestLdapProvSearchDirectory method dnSubtreeMatchFilter.

@Test
public void dnSubtreeMatchFilter() throws Exception {
    String SUB_DOMAIN_BASE = genDomainSegmentName() + "." + baseDomainName();
    String SUB_DOMAIN_NAME = "sub." + SUB_DOMAIN_BASE;
    Domain subDomain = provUtil.createDomain(SUB_DOMAIN_NAME);
    String SUB_SUB_DOMAIN_NAME = "sub." + SUB_DOMAIN_NAME;
    Domain subSubDomain = provUtil.createDomain(SUB_SUB_DOMAIN_NAME);
    // create objects in subDomain
    Account acct = provUtil.createAccount(genAcctNameLocalPart("acct"), subDomain);
    DistributionList dl = provUtil.createDistributionList(genGroupNameLocalPart("dl"), subDomain);
    DynamicGroup dg = provUtil.createDynamicGroup(genGroupNameLocalPart("dg"), subDomain);
    // create objects in subSubDomain
    Account acctSub = provUtil.createAccount(genAcctNameLocalPart("acct"), subSubDomain);
    DistributionList dlSub = provUtil.createDistributionList(genGroupNameLocalPart("dl"), subSubDomain);
    DynamicGroup dgSub = provUtil.createDynamicGroup(genGroupNameLocalPart("dg"), subSubDomain);
    SearchDirectoryOptions options;
    List<NamedEntry> entries;
    try {
        SKIP_FOR_INMEM_LDAP_SERVER(SkipTestReason.DN_SUBTREE_MATCH_FILTER);
        // do not specify a domain, so DnSubtreeMatchFilter won't be appened again in Ldapprovisioning
        options = new SearchDirectoryOptions();
        options.setTypes(ObjectType.accounts, ObjectType.distributionlists, ObjectType.dynamicgroups);
        options.setSortOpt(SortOpt.SORT_ASCENDING);
        options.setFilterString(FilterId.UNITTEST, ((LdapDomain) subDomain).getDnSubtreeMatchFilter().toFilterString());
        entries = prov.searchDirectory(options);
        Verify.verifyEquals(Lists.newArrayList(acct, dg, dl), entries, true);
    } catch (ProvTest.SkippedForInMemLdapServerException e) {
    }
    // specify a domain, search for accounts, distribution lists, and dynamic groups
    options = new SearchDirectoryOptions(subDomain);
    options.setTypes(ObjectType.accounts, ObjectType.distributionlists, ObjectType.dynamicgroups);
    options.setSortOpt(SortOpt.SORT_ASCENDING);
    options.setFilterString(FilterId.UNITTEST, null);
    entries = prov.searchDirectory(options);
    Verify.verifyEquals(Lists.newArrayList(acct, dg, dl), entries, true);
    // specify a domain, search for accounts, distribution lists
    options = new SearchDirectoryOptions(subDomain);
    options.setTypes(ObjectType.accounts, ObjectType.distributionlists);
    options.setSortOpt(SortOpt.SORT_ASCENDING);
    options.setFilterString(FilterId.UNITTEST, null);
    entries = prov.searchDirectory(options);
    Verify.verifyEquals(Lists.newArrayList(acct, dl), entries, true);
    // specify a domain, search for dynamic groups
    options = new SearchDirectoryOptions(subDomain);
    options.setTypes(ObjectType.dynamicgroups);
    options.setSortOpt(SortOpt.SORT_ASCENDING);
    options.setFilterString(FilterId.UNITTEST, null);
    entries = prov.searchDirectory(options);
    Verify.verifyEquals(Lists.newArrayList(dg), entries, true);
    // specify a domain, search for accounts and dynamic groups
    options = new SearchDirectoryOptions(subDomain);
    options.setTypes(ObjectType.accounts, ObjectType.dynamicgroups);
    options.setSortOpt(SortOpt.SORT_ASCENDING);
    options.setFilterString(FilterId.UNITTEST, null);
    entries = prov.searchDirectory(options);
    Verify.verifyEquals(Lists.newArrayList(acct, dg), entries, true);
    // cleanup
    deleteAccount(acct);
    deleteGroup(dl);
    deleteGroup(dg);
    deleteAccount(acctSub);
    deleteGroup(dlSub);
    deleteGroup(dgSub);
    deleteDomain(subSubDomain);
    deleteDomain(subDomain);
}
Also used : Account(com.zimbra.cs.account.Account) DynamicGroup(com.zimbra.cs.account.DynamicGroup) SearchDirectoryOptions(com.zimbra.cs.account.SearchDirectoryOptions) NamedEntry(com.zimbra.cs.account.NamedEntry) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) DistributionList(com.zimbra.cs.account.DistributionList) ProvTest(com.zimbra.qa.unittest.prov.ProvTest) ProvTest(com.zimbra.qa.unittest.prov.ProvTest)

Aggregations

LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)16 Domain (com.zimbra.cs.account.Domain)12 Account (com.zimbra.cs.account.Account)4 ServiceException (com.zimbra.common.service.ServiceException)3 AccountServiceException (com.zimbra.cs.account.AccountServiceException)3 DynamicGroup (com.zimbra.cs.account.DynamicGroup)3 NamedEntry (com.zimbra.cs.account.NamedEntry)3 LdapException (com.zimbra.cs.ldap.LdapException)3 LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)3 ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)3 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)2 DistributionList (com.zimbra.cs.account.DistributionList)2 Group (com.zimbra.cs.account.Group)2 SearchDirectoryOptions (com.zimbra.cs.account.SearchDirectoryOptions)2 ObjectType (com.zimbra.cs.account.SearchDirectoryOptions.ObjectType)2 CallbackContext (com.zimbra.cs.account.callback.CallbackContext)2 ZLdapFilter (com.zimbra.cs.ldap.ZLdapFilter)2 ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)2 ProvTest (com.zimbra.qa.unittest.prov.ProvTest)2 Date (java.util.Date)2