Example 6 with LdapException
use of com.zimbra.cs.ldap.LdapException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createShareLocator.
@Override
public ShareLocator createShareLocator(String id, Map<String, Object> attrs) throws ServiceException {
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(attrs, null, callbackContext, true);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_SHARELOCATOR);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(attrs);
Set<String> ocs = LdapObjectClass.getShareLocatorObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
entry.setAttr(A_cn, id);
String dn = mDIT.shareLocatorIdToDN(id);
entry.setDN(dn);
zlc.createEntry(entry);
ShareLocator shloc = getShareLocatorById(id, zlc, true);
AttributeManager.getInstance().postModify(attrs, shloc, callbackContext);
return shloc;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.SHARE_LOCATOR_EXISTS(id);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create share locator: " + id, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapException(com.zimbra.cs.ldap.LdapException)
LdapShareLocator(com.zimbra.cs.account.ldap.entry.LdapShareLocator)
ShareLocator(com.zimbra.cs.account.ShareLocator)
Example 7 with LdapException
use of com.zimbra.cs.ldap.LdapException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createDataSource.
private DataSource createDataSource(Account account, DataSourceType dsType, String dsName, Map<String, Object> dataSourceAttrs, boolean passwdAlreadyEncrypted, boolean restoring) throws ServiceException {
removeAttrIgnoreCase("objectclass", dataSourceAttrs);
LdapEntry ldapEntry = (LdapEntry) (account instanceof LdapEntry ? account : getAccountById(account.getId()));
if (ldapEntry == null) {
throw AccountServiceException.NO_SUCH_ACCOUNT(account.getName());
}
List<DataSource> existing = getAllDataSources(account);
if (existing.size() >= account.getLongAttr(A_zimbraDataSourceMaxNumEntries, 20)) {
throw AccountServiceException.TOO_MANY_DATA_SOURCES();
}
String dsEmailAddr = (String) dataSourceAttrs.get(A_zimbraDataSourceEmailAddress);
if (!StringUtil.isNullOrEmpty(dsEmailAddr)) {
for (DataSource ds : existing) {
if (dsEmailAddr.equals(ds.getEmailAddress())) {
throw AccountServiceException.DATA_SOURCE_EXISTS(dsEmailAddr);
}
}
}
// must be the same
dataSourceAttrs.put(A_zimbraDataSourceName, dsName);
dataSourceAttrs.put(Provisioning.A_zimbraDataSourceType, dsType.toString());
account.setCachedData(DATA_SOURCE_LIST_CACHE_KEY, null);
boolean checkImmutable = !restoring;
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(dataSourceAttrs, null, callbackContext, checkImmutable);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_DATASOURCE);
String dn = getDataSourceDn(ldapEntry, dsName);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.setDN(dn);
entry.mapToAttrs(dataSourceAttrs);
entry.setAttr(A_objectClass, "zimbraDataSource");
String extraOc = LdapDataSource.getObjectClass(dsType);
if (extraOc != null) {
entry.addAttr(A_objectClass, Sets.newHashSet(extraOc));
}
String dsId = entry.getAttrString(A_zimbraDataSourceId);
if (dsId == null) {
dsId = LdapUtil.generateUUID();
entry.setAttr(A_zimbraDataSourceId, dsId);
}
String password = entry.getAttrString(A_zimbraDataSourcePassword);
if (password != null) {
String encrypted = passwdAlreadyEncrypted ? password : DataSource.encryptData(dsId, password);
entry.setAttr(A_zimbraDataSourcePassword, encrypted);
}
String oauthToken = entry.getAttrString(A_zimbraDataSourceOAuthToken);
if (oauthToken != null) {
String encrypted = passwdAlreadyEncrypted ? oauthToken : DataSource.encryptData(dsId, oauthToken);
entry.setAttr(A_zimbraDataSourceOAuthToken, encrypted);
}
String clientSecret = entry.getAttrString(A_zimbraDataSourceOAuthClientSecret);
if (clientSecret != null) {
String encrypted = passwdAlreadyEncrypted ? clientSecret : DataSource.encryptData(dsId, clientSecret);
entry.setAttr(A_zimbraDataSourceOAuthClientSecret, encrypted);
}
String smtpPassword = entry.getAttrString(A_zimbraDataSourceSmtpAuthPassword);
if (smtpPassword != null) {
String encrypted = passwdAlreadyEncrypted ? smtpPassword : DataSource.encryptData(dsId, smtpPassword);
entry.setAttr(A_zimbraDataSourceSmtpAuthPassword, encrypted);
}
entry.setAttr(Provisioning.A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
zlc.createEntry(entry);
DataSource ds = getDataSourceById(ldapEntry, dsId, zlc);
AttributeManager.getInstance().postModify(dataSourceAttrs, ds, callbackContext);
return ds;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.DATA_SOURCE_EXISTS(dsName);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create data source: " + dsName, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
Date(java.util.Date)
DataSource(com.zimbra.cs.account.DataSource)
LdapDataSource(com.zimbra.cs.account.ldap.entry.LdapDataSource)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 8 with LdapException
use of com.zimbra.cs.ldap.LdapException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createServer.
@Override
public Server createServer(String name, Map<String, Object> serverAttrs) throws ServiceException {
name = name.toLowerCase().trim();
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(serverAttrs, null, callbackContext, true);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_SERVER);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(serverAttrs);
Set<String> ocs = LdapObjectClass.getServerObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraIdStr = LdapUtil.generateUUID();
entry.setAttr(A_zimbraId, zimbraIdStr);
entry.setAttr(A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
entry.setAttr(A_cn, name);
String dn = mDIT.serverNameToDN(name);
if (!entry.hasAttribute(Provisioning.A_zimbraServiceHostname)) {
entry.setAttr(Provisioning.A_zimbraServiceHostname, name);
}
entry.setDN(dn);
zlc.createEntry(entry);
Server server = getServerById(zimbraIdStr, zlc, true);
AttributeManager.getInstance().postModify(serverAttrs, server, callbackContext);
return server;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.SERVER_EXISTS(name);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create server: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
InMemoryLdapServer(com.zimbra.cs.ldap.unboundid.InMemoryLdapServer)
LdapServer(com.zimbra.cs.account.ldap.entry.LdapServer)
Server(com.zimbra.cs.account.Server)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapException(com.zimbra.cs.ldap.LdapException)
Date(java.util.Date)
Example 9 with LdapException
use of com.zimbra.cs.ldap.LdapException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createDynamicGroup.
private DynamicGroup createDynamicGroup(String groupAddress, Map<String, Object> groupAttrs, Account creator) throws ServiceException {
SpecialAttrs specialAttrs = mDIT.handleSpecialAttrs(groupAttrs);
String baseDn = specialAttrs.getLdapBaseDn();
groupAddress = groupAddress.toLowerCase().trim();
EmailAddress addr = new EmailAddress(groupAddress);
String localPart = addr.getLocalPart();
String domainName = addr.getDomain();
domainName = IDNUtil.toAsciiDomainName(domainName);
groupAddress = EmailAddress.getAddress(localPart, domainName);
validEmailAddress(groupAddress);
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
callbackContext.setCreatingEntryName(groupAddress);
// remove zimbraIsACLGroup from attrs if provided, to avoid the immutable check
Object providedZimbraIsACLGroup = groupAttrs.get(A_zimbraIsACLGroup);
if (providedZimbraIsACLGroup != null) {
groupAttrs.remove(A_zimbraIsACLGroup);
}
AttributeManager.getInstance().preModify(groupAttrs, null, callbackContext, true);
// put zimbraIsACLGroup back
if (providedZimbraIsACLGroup != null) {
groupAttrs.put(A_zimbraIsACLGroup, providedZimbraIsACLGroup);
}
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_DYNAMICGROUP);
Domain domain = getDomainByAsciiName(domainName, zlc);
if (domain == null) {
throw AccountServiceException.NO_SUCH_DOMAIN(domainName);
}
if (!domain.isLocal()) {
throw ServiceException.INVALID_REQUEST("domain type must be local", null);
}
String domainDN = ((LdapDomain) domain).getDN();
/*
* ====================================
* create the main dynamic group entry
* ====================================
*/
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(groupAttrs);
Set<String> ocs = LdapObjectClass.getGroupObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraId = LdapUtil.generateUUID();
// create a UUID for the static unit entry
String staticUnitZimbraId = LdapUtil.generateUUID();
String createTimestamp = LdapDateUtil.toGeneralizedTime(new Date());
entry.setAttr(A_zimbraId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
entry.setAttr(A_mail, groupAddress);
entry.setAttr(A_dgIdentity, LC.zimbra_ldap_userdn.value());
// unlike accounts (which have a zimbraMailDeliveryAddress for the primary,
// and zimbraMailAliases only for aliases), DLs use zimbraMailAlias for both.
// Postfix uses these two attributes to route mail, and zimbraMailDeliveryAddress
// indicates that something has a physical mailbox, which DLs don't.
entry.setAttr(A_zimbraMailAlias, groupAddress);
/*
// allow only users in the same domain
String memberURL = String.format("ldap:///%s??one?(zimbraMemberOf=%s)",
mDIT.domainDNToAccountBaseDN(domainDN), groupAddress);
*/
String specifiedIsACLGroup = entry.getAttrString(A_zimbraIsACLGroup);
boolean isACLGroup;
if (!entry.hasAttribute(A_memberURL)) {
String memberURL = LdapDynamicGroup.getDefaultMemberURL(zimbraId, staticUnitZimbraId);
entry.setAttr(Provisioning.A_memberURL, memberURL);
// or specified to be TRUE;
if (specifiedIsACLGroup == null) {
entry.setAttr(A_zimbraIsACLGroup, ProvisioningConstants.TRUE);
} else if (ProvisioningConstants.FALSE.equals(specifiedIsACLGroup)) {
throw ServiceException.INVALID_REQUEST("No custom " + A_memberURL + " is provided, " + A_zimbraIsACLGroup + " cannot be set to FALSE", null);
}
isACLGroup = true;
} else {
// We want to be able to use dynamic groups as ACLs, for instance when sharing a folder with a group
// This used to be disallowed via a requirement that zimbraIsACLGroup be specified and set to FALSE.
// That requirement has been dropped.
isACLGroup = !ProvisioningConstants.FALSE.equals(specifiedIsACLGroup);
}
// by default a dynamic group is always created enabled
if (!entry.hasAttribute(Provisioning.A_zimbraMailStatus)) {
entry.setAttr(A_zimbraMailStatus, MAIL_STATUS_ENABLED);
}
String mailStatus = entry.getAttrString(A_zimbraMailStatus);
entry.setAttr(A_cn, localPart);
// entry.setAttr(A_uid, localPart); need to use uid if we move dynamic groups to the ou=people tree
setGroupHomeServer(entry, creator);
String dn = mDIT.dynamicGroupNameLocalPartToDN(localPart, domainDN);
entry.setDN(dn);
zlc.createEntry(entry);
if (isACLGroup) {
/*
* ===========================================================
* create the dynamic group unit entry, for internal addresses
* ===========================================================
*/
String dynamicUnitLocalpart = dynamicGroupDynamicUnitLocalpart(localPart);
String dynamicUnitAddr = EmailAddress.getAddress(dynamicUnitLocalpart, domainName);
entry = LdapClient.createMutableEntry();
ocs = LdapObjectClass.getGroupDynamicUnitObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String dynamicUnitZimbraId = LdapUtil.generateUUID();
entry.setAttr(A_cn, DYNAMIC_GROUP_DYNAMIC_UNIT_NAME);
entry.setAttr(A_zimbraId, dynamicUnitZimbraId);
// id of the main group
entry.setAttr(A_zimbraGroupId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
entry.setAttr(A_mail, dynamicUnitAddr);
entry.setAttr(A_zimbraMailAlias, dynamicUnitAddr);
entry.setAttr(A_zimbraMailStatus, mailStatus);
entry.setAttr(A_dgIdentity, LC.zimbra_ldap_userdn.value());
// id of the main group
String memberURL = LdapDynamicGroup.getDefaultDynamicUnitMemberURL(zimbraId);
entry.setAttr(Provisioning.A_memberURL, memberURL);
String dynamicUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_DYNAMIC_UNIT_NAME, dn);
entry.setDN(dynamicUnitDN);
zlc.createEntry(entry);
/*
* ==========================================================
* create the static group unit entry, for external addresses
* ==========================================================
*/
entry = LdapClient.createMutableEntry();
ocs = LdapObjectClass.getGroupStaticUnitObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
entry.setAttr(A_cn, DYNAMIC_GROUP_STATIC_UNIT_NAME);
entry.setAttr(A_zimbraId, staticUnitZimbraId);
// id of the main group
entry.setAttr(A_zimbraGroupId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
String staticUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_STATIC_UNIT_NAME, dn);
entry.setDN(staticUnitDN);
zlc.createEntry(entry);
}
/*
* all is well, get the group by id
*/
DynamicGroup group = getDynamicGroupBasic(DistributionListBy.id, zimbraId, zlc);
if (group != null) {
AttributeManager.getInstance().postModify(groupAttrs, group, callbackContext);
removeExternalAddrsFromAllDynamicGroups(group.getAllAddrsSet(), zlc);
allDLs.addGroup(group);
} else {
throw ServiceException.FAILURE("unable to get dynamic group after creating LDAP entry: " + groupAddress, null);
}
return group;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.DISTRIBUTION_LIST_EXISTS(groupAddress);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
DynamicGroup(com.zimbra.cs.account.DynamicGroup)
LdapDynamicGroup(com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
EmailAddress(com.zimbra.cs.account.names.NameUtil.EmailAddress)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 10 with LdapException
use of com.zimbra.cs.ldap.LdapException in project zm-mailbox by Zimbra.
the class LdapProvisioning method createAccount.
private Account createAccount(String emailAddress, String password, Map<String, Object> acctAttrs, SpecialAttrs specialAttrs, String[] additionalObjectClasses, boolean restoring, Map<String, Object> origAttrs) throws ServiceException {
String uuid = specialAttrs.getZimbraId();
String baseDn = specialAttrs.getLdapBaseDn();
emailAddress = emailAddress.toLowerCase().trim();
String[] parts = emailAddress.split("@");
if (parts.length != 2) {
throw ServiceException.INVALID_REQUEST("must be valid email address: " + emailAddress, null);
}
String localPart = parts[0];
String domain = parts[1];
domain = IDNUtil.toAsciiDomainName(domain);
emailAddress = localPart + "@" + domain;
validEmailAddress(emailAddress);
if (restoring) {
validate(ProvisioningValidator.CREATE_ACCOUNT, emailAddress, additionalObjectClasses, origAttrs);
validate(ProvisioningValidator.CREATE_ACCOUNT_CHECK_DOMAIN_COS_AND_FEATURE, emailAddress, origAttrs);
} else {
validate(ProvisioningValidator.CREATE_ACCOUNT, emailAddress, additionalObjectClasses, acctAttrs);
validate(ProvisioningValidator.CREATE_ACCOUNT_CHECK_DOMAIN_COS_AND_FEATURE, emailAddress, acctAttrs);
}
if (acctAttrs == null) {
acctAttrs = new HashMap<String, Object>();
}
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
callbackContext.setCreatingEntryName(emailAddress);
AttributeManager.getInstance().preModify(acctAttrs, null, callbackContext, true);
Account acct = null;
String dn = null;
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_ACCOUNT);
Domain d = getDomainByAsciiName(domain, zlc);
if (d == null) {
throw AccountServiceException.NO_SUCH_DOMAIN(domain);
}
if (!d.isLocal()) {
throw ServiceException.INVALID_REQUEST("domain type must be local", null);
}
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(acctAttrs);
for (int i = 0; i < sInvalidAccountCreateModifyAttrs.length; i++) {
String a = sInvalidAccountCreateModifyAttrs[i];
if (entry.hasAttribute(a))
throw ServiceException.INVALID_REQUEST("invalid attribute for CreateAccount: " + a, null);
}
Set<String> ocs;
if (additionalObjectClasses == null) {
// We are creating a pure account object, get all object classes for account.
//
// If restoring, only add zimbra default object classes, do not add extra
// ones configured. After createAccount, the restore code will issue a
// modifyAttrs call and all object classes in the backed up account will be
// in the attr map passed to modifyAttrs.
//
ocs = LdapObjectClass.getAccountObjectClasses(this, restoring);
} else {
// We are creating a "subclass" of account (e.g. calendar resource), get just the
// zimbra default object classes for account, then add extra object classes needed
// by the subclass. All object classes needed by the subclass (calendar resource)
// were figured out in the createCalendarResource method: including the zimbra
// default (zimbracalendarResource) and any extra ones configured via
// globalconfig.zimbraCalendarResourceExtraObjectClass.
//
// It doesn't matter if the additionalObjectClasses already contains object classes
// added by the getAccountObjectClasses(this, true). When additional object classes
// are added to the set, duplicated once will only appear once.
//
//
// The "restoring" flag is ignored in this path.
// When restoring a calendar a resource, the restoring code:
// - always calls createAccount, not createCalendarResource
// - always pass null for additionalObjectClasses
// - like restoring an account, it will call modifyAttrs after the
// entry is created, any object classes in the backed up data
// will be in the attr map passed to modifyAttrs.
ocs = LdapObjectClass.getAccountObjectClasses(this, true);
for (int i = 0; i < additionalObjectClasses.length; i++) ocs.add(additionalObjectClasses[i]);
}
boolean skipCountingLicenseQuota = false;
/* bug 48226
*
* Check if any of the OCs in the backup is a structural OC that subclasses
* our default OC (defined in ZIMBRA_DEFAULT_PERSON_OC).
* If so, add that OC now while creating the account, because it cannot be modified later.
*/
if (restoring && origAttrs != null) {
Object ocsInBackupObj = origAttrs.get(A_objectClass);
String[] ocsInBackup = StringUtil.toStringArray(ocsInBackupObj);
String mostSpecificOC = LdapObjectClassHierarchy.getMostSpecificOC(this, ocsInBackup, LdapObjectClass.ZIMBRA_DEFAULT_PERSON_OC);
if (!LdapObjectClass.ZIMBRA_DEFAULT_PERSON_OC.equalsIgnoreCase(mostSpecificOC)) {
ocs.add(mostSpecificOC);
}
//calendar resource doesn't count against license quota
if (origAttrs.get(A_zimbraCalResType) != null) {
skipCountingLicenseQuota = true;
}
if (origAttrs.get(A_zimbraIsSystemResource) != null) {
entry.setAttr(A_zimbraIsSystemResource, "TRUE");
skipCountingLicenseQuota = true;
}
if (origAttrs.get(A_zimbraIsExternalVirtualAccount) != null) {
entry.setAttr(A_zimbraIsExternalVirtualAccount, "TRUE");
skipCountingLicenseQuota = true;
}
}
entry.addAttr(A_objectClass, ocs);
String zimbraIdStr;
if (uuid == null) {
zimbraIdStr = LdapUtil.generateUUID();
} else {
zimbraIdStr = uuid;
}
entry.setAttr(A_zimbraId, zimbraIdStr);
entry.setAttr(A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
// default account status is active
if (!entry.hasAttribute(Provisioning.A_zimbraAccountStatus)) {
entry.setAttr(A_zimbraAccountStatus, Provisioning.ACCOUNT_STATUS_ACTIVE);
}
Cos cos = null;
String cosId = entry.getAttrString(Provisioning.A_zimbraCOSId);
if (cosId != null) {
cos = lookupCos(cosId, zlc);
if (!cos.getId().equals(cosId)) {
cosId = cos.getId();
}
entry.setAttr(Provisioning.A_zimbraCOSId, cosId);
} else {
String domainCosId = domain != null ? isExternalVirtualAccount(entry) ? d.getDomainDefaultExternalUserCOSId() : d.getDomainDefaultCOSId() : null;
if (domainCosId != null) {
cos = get(Key.CosBy.id, domainCosId);
}
if (cos == null) {
cos = getCosByName(isExternalVirtualAccount(entry) ? Provisioning.DEFAULT_EXTERNAL_COS_NAME : Provisioning.DEFAULT_COS_NAME, zlc);
}
}
boolean hasMailTransport = entry.hasAttribute(Provisioning.A_zimbraMailTransport);
// zimbraMailHost(and zimbraMailTransport) if it is not specified
if (!hasMailTransport) {
addMailHost(entry, cos, true);
}
// set all the mail-related attrs if zimbraMailHost or zimbraMailTransport was specified
if (entry.hasAttribute(Provisioning.A_zimbraMailHost) || entry.hasAttribute(Provisioning.A_zimbraMailTransport)) {
// default mail status is enabled
if (!entry.hasAttribute(Provisioning.A_zimbraMailStatus)) {
entry.setAttr(A_zimbraMailStatus, MAIL_STATUS_ENABLED);
}
// default account mail delivery address is email address
if (!entry.hasAttribute(Provisioning.A_zimbraMailDeliveryAddress)) {
entry.setAttr(A_zimbraMailDeliveryAddress, emailAddress);
}
} else {
throw ServiceException.INVALID_REQUEST("missing " + Provisioning.A_zimbraMailHost + " or " + Provisioning.A_zimbraMailTransport + " for CreateAccount: " + emailAddress, null);
}
// amivisAccount requires the mail attr, so we always add it
entry.setAttr(A_mail, emailAddress);
// required for ZIMBRA_DEFAULT_PERSON_OC class
if (!entry.hasAttribute(Provisioning.A_cn)) {
String displayName = entry.getAttrString(Provisioning.A_displayName);
if (displayName != null) {
entry.setAttr(A_cn, displayName);
} else {
entry.setAttr(A_cn, localPart);
}
}
// required for ZIMBRA_DEFAULT_PERSON_OC class
if (!entry.hasAttribute(Provisioning.A_sn)) {
entry.setAttr(A_sn, localPart);
}
entry.setAttr(A_uid, localPart);
String entryPassword = entry.getAttrString(Provisioning.A_userPassword);
if (entryPassword != null) {
//password is a hash i.e. from autoprov; do not set with modify password
password = null;
} else if (password != null) {
//user entered
checkPasswordStrength(password, null, cos, entry);
}
entry.setAttr(Provisioning.A_zimbraPasswordModifiedTime, LdapDateUtil.toGeneralizedTime(new Date()));
String ucPassword = entry.getAttrString(Provisioning.A_zimbraUCPassword);
if (ucPassword != null) {
String encryptedPassword = Account.encrypytUCPassword(entry.getAttrString(Provisioning.A_zimbraId), ucPassword);
entry.setAttr(Provisioning.A_zimbraUCPassword, encryptedPassword);
}
dn = mDIT.accountDNCreate(baseDn, entry.getAttributes(), localPart, domain);
entry.setDN(dn);
zlc.createEntry(entry);
acct = getAccountById(zimbraIdStr, zlc, true);
if (acct == null) {
throw ServiceException.FAILURE("unable to get account after creating LDAP account entry: " + emailAddress + ", check ldap log for possible error", null);
}
AttributeManager.getInstance().postModify(acctAttrs, acct, callbackContext);
removeExternalAddrsFromAllDynamicGroups(acct.getAllAddrsSet(), zlc);
validate(ProvisioningValidator.CREATE_ACCOUNT_SUCCEEDED, emailAddress, acct, skipCountingLicenseQuota);
if (password != null) {
setLdapPassword(acct, zlc, password);
}
return acct;
} catch (LdapEntryAlreadyExistException e) {
throw AccountServiceException.ACCOUNT_EXISTS(emailAddress, dn, e);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create account: " + emailAddress, e);
} finally {
LdapClient.closeContext(zlc);
if (!restoring && acct != null) {
for (PostCreateAccountListener listener : ProvisioningExt.getPostCreateAccountListeners()) {
if (listener.enabled()) {
listener.handle(acct);
}
}
}
}
}
Also used :
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount)
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapCos(com.zimbra.cs.account.ldap.entry.LdapCos)
Cos(com.zimbra.cs.account.Cos)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
PostCreateAccountListener(com.zimbra.cs.account.ProvisioningExt.PostCreateAccountListener)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Aggregations
LdapException (com.zimbra.cs.ldap.LdapException)23
AccountServiceException (com.zimbra.cs.account.AccountServiceException)20
LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)20
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)20
ServiceException (com.zimbra.common.service.ServiceException)19
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)19
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)14
CallbackContext (com.zimbra.cs.account.callback.CallbackContext)13
Date (java.util.Date)13
Domain (com.zimbra.cs.account.Domain)8
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)8
LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)5
HashMap (java.util.HashMap)4
Account (com.zimbra.cs.account.Account)3
GuestAccount (com.zimbra.cs.account.GuestAccount)3
LdapAccount (com.zimbra.cs.account.ldap.entry.LdapAccount)3
LdapCos (com.zimbra.cs.account.ldap.entry.LdapCos)3
LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)3
Cos (com.zimbra.cs.account.Cos)2
DynamicGroup (com.zimbra.cs.account.DynamicGroup)2
