Search in sources :

Example 6 with SearchLdapOptions

use of com.zimbra.cs.ldap.SearchLdapOptions in project zm-mailbox by Zimbra.

the class LdapProvisioning method searchZimbraLdap.

private void searchZimbraLdap(String base, String query, String[] returnAttrs, boolean useMaster, SearchLdapVisitor visitor) throws ServiceException {
    SearchLdapOptions searchOptions = new SearchLdapOptions(base, query, returnAttrs, SearchLdapOptions.SIZE_UNLIMITED, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
    ZLdapContext zlc = null;
    try {
        zlc = LdapClient.getContext(LdapServerType.get(useMaster), LdapUsage.SEARCH);
        zlc.searchPaged(searchOptions);
    } finally {
        LdapClient.closeContext(zlc);
    }
}
Also used : ZLdapContext(com.zimbra.cs.ldap.ZLdapContext) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions)

Example 7 with SearchLdapOptions

use of com.zimbra.cs.ldap.SearchLdapOptions in project zm-mailbox by Zimbra.

the class LdapProvisioning method searchDynamicGroupInternalMembers.

private void searchDynamicGroupInternalMembers(ZLdapContext zlc, String dynGroupId, SearchLdapVisitor visitor) throws ServiceException {
    String base = mDIT.mailBranchBaseDN();
    ZLdapFilter filter = filterFactory.accountByMemberOf(dynGroupId);
    SearchLdapOptions searchOptions = new SearchLdapOptions(base, filter, new String[] { A_zimbraMailDeliveryAddress, Provisioning.A_zimbraMemberOf }, SearchLdapOptions.SIZE_UNLIMITED, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
    zlc.searchPaged(searchOptions);
}
Also used : ZLdapFilter(com.zimbra.cs.ldap.ZLdapFilter) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions)

Example 8 with SearchLdapOptions

use of com.zimbra.cs.ldap.SearchLdapOptions in project zm-mailbox by Zimbra.

the class AutoProvision method searchAutoProvDirectory.

/**
 * Search the external auto provision LDAP source
 *
 * Only one of filter or name can be provided.
 * - if name is provided, the search filter will be zimbraAutoProvLdapSearchFilter
 *   with place holders filled with the name.
 *
 * - if filter is provided, the provided filter will be the search filter.
 *
 * - if neither is provided, the search filter will be zimbraAutoProvLdapSearchFilter
 *   with place holders filled with "*".   If createTimestampLaterThan
 *   is provided, the search filter will be ANDed with (createTimestamp >= {timestamp})
 *
 * @param prov
 * @param domain
 * @param filter
 * @param name
 * @param createTimestampLaterThan
 * @param returnAttrs
 * @param maxResults
 * @param ldapVisitor
 * @param wantPartialResult whether TOO_MANY_SEARCH_RESULTS should be thrown if the
 *                          ldap search encountered LdapSizeLimitExceededException
 *                          Note: regardless of this parameter, the ldapVisitor.visit
 *                          is called for each entry returned from LDAP.
 *                          This behavior is currently hardcoded in
 *                          UBIDLdapContext.searchPaged and has been the legacy behavior.
 *                          We can probably change it into a parameter in SearchLdapOptions.
 * @throws ServiceException
 * @return whether LdapSizeLimitExceededException was hit
 */
static boolean searchAutoProvDirectory(LdapProv prov, Domain domain, String filter, String name, String createTimestampLaterThan, String[] returnAttrs, int maxResults, SearchLdapVisitor ldapVisitor, boolean wantPartialResult) throws ServiceException {
    // use either filter or name, make sure only one is provided
    if ((filter != null) && (name != null)) {
        throw ServiceException.INVALID_REQUEST("only one of filter or name can be provided", null);
    }
    String url = domain.getAutoProvLdapURL();
    boolean wantStartTLS = domain.isAutoProvLdapStartTlsEnabled();
    String adminDN = domain.getAutoProvLdapAdminBindDn();
    String adminPassword = domain.getAutoProvLdapAdminBindPassword();
    String searchBase = domain.getAutoProvLdapSearchBase();
    String searchFilterTemplate = domain.getAutoProvLdapSearchFilter();
    FilterId filterId = FilterId.AUTO_PROVISION_SEARCH;
    if (url == null) {
        throw ServiceException.FAILURE(String.format("missing %s on domain %s", Provisioning.A_zimbraAutoProvLdapURL, domain.getName()), null);
    }
    if (searchBase == null) {
        searchBase = LdapConstants.DN_ROOT_DSE;
    }
    ExternalLdapConfig config = new ExternalLdapConfig(url, wantStartTLS, null, adminDN, adminPassword, null, "search auto provision directory");
    boolean hitSizeLimitExceededException = false;
    ZLdapContext zlc = null;
    ZLdapFilter zFilter = null;
    try {
        zlc = LdapClient.getExternalContext(config, LdapUsage.AUTO_PROVISION_ADMIN_SEARCH);
        String searchFilter = null;
        String searchFilterWithoutLastPolling = null;
        if (name != null) {
            if (searchFilterTemplate == null) {
                throw ServiceException.INVALID_REQUEST("search filter template is not set on domain " + domain.getName(), null);
            }
            searchFilter = LdapUtil.computeDn(name, searchFilterTemplate);
        } else if (filter != null) {
            searchFilter = filter;
            filterId = FilterId.AUTO_PROVISION_ADMIN_SEARCH;
        } else {
            if (searchFilterTemplate == null) {
                throw ServiceException.INVALID_REQUEST("search filter template is not set on domain " + domain.getName(), null);
            }
            searchFilter = LdapUtil.computeDn("*", searchFilterTemplate);
            if (createTimestampLaterThan != null) {
                searchFilterWithoutLastPolling = searchFilter;
                // searchFilter = "(&" + searchFilter + "(createTimestamp>=" + createTimestampLaterThan + "))";
                searchFilter = "(&" + searchFilter + ZLdapFilterFactory.getInstance().createdLaterOrEqual(createTimestampLaterThan).toFilterString() + ")";
                filterId = FilterId.AUTO_PROVISION_SEARCH_CREATED_LATERTHAN;
            }
        }
        zFilter = ZLdapFilterFactory.getInstance().fromFilterString(filterId, searchFilter);
        SearchLdapOptions searchOptions;
        try {
            searchOptions = new SearchLdapOptions(searchBase, zFilter, returnAttrs, maxResults, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, ldapVisitor);
            zlc.searchPaged(searchOptions);
        } catch (LdapInvalidAttrValueException eav) {
            ZimbraLog.autoprov.info("Retrying ldap search query with createTimestamp in seconds.");
            if (searchFilterWithoutLastPolling != null && createTimestampLaterThan != null) {
                createTimestampLaterThan = createTimestampLaterThan.replaceAll("\\..*Z$", "Z");
                // searchFilter = "(&" + searchFilter + "(createTimestamp>=" + createTimestampLaterThan + "))";
                searchFilter = "(&" + searchFilterWithoutLastPolling + ZLdapFilterFactory.getInstance().createdLaterOrEqual(createTimestampLaterThan).toFilterString() + ")";
                ZimbraLog.autoprov.info("new searchFilter = %s", searchFilter);
                filterId = FilterId.AUTO_PROVISION_SEARCH_CREATED_LATERTHAN;
            }
            zFilter = ZLdapFilterFactory.getInstance().fromFilterString(filterId, searchFilter);
            searchOptions = new SearchLdapOptions(searchBase, zFilter, returnAttrs, maxResults, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, ldapVisitor);
            zlc.searchPaged(searchOptions);
        }
    } catch (LdapSizeLimitExceededException e) {
        hitSizeLimitExceededException = true;
        if (wantPartialResult) {
            // log at debug level
            ZimbraLog.autoprov.debug(String.format("searchAutoProvDirectory encountered LdapSizeLimitExceededException: " + "base=%s, filter=%s", searchBase, zFilter == null ? "" : zFilter.toFilterString()), e);
        } else {
            throw AccountServiceException.TOO_MANY_SEARCH_RESULTS("too many search results returned", e);
        }
    } finally {
        LdapClient.closeContext(zlc);
    }
    return hitSizeLimitExceededException;
}
Also used : ZLdapFilter(com.zimbra.cs.ldap.ZLdapFilter) ExternalLdapConfig(com.zimbra.cs.ldap.LdapServerConfig.ExternalLdapConfig) ZLdapContext(com.zimbra.cs.ldap.ZLdapContext) LdapInvalidAttrValueException(com.zimbra.cs.ldap.LdapException.LdapInvalidAttrValueException) LdapSizeLimitExceededException(com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions) FilterId(com.zimbra.cs.ldap.ZLdapFilterFactory.FilterId)

Example 9 with SearchLdapOptions

use of com.zimbra.cs.ldap.SearchLdapOptions in project zm-mailbox by Zimbra.

the class LdapGalSearch method searchGal.

public static void searchGal(ZLdapContext zlc, GalSearchConfig.GalType galType, int pageSize, String base, String query, int maxResults, LdapGalMapRules rules, String token, SearchGalResult result, GalOp op) throws ServiceException {
    String tk = token != null && !token.equals("") ? token : LdapConstants.EARLIEST_SYNC_TOKEN;
    result.setToken(tk);
    if (GalOp.sync == op) {
        String maxLdapTs = result.getMaxLdapTimeStamp();
        if (!StringUtils.isEmpty(maxLdapTs)) {
            result.setToken(maxLdapTs);
        }
    }
    String[] reqAttrs = rules.getLdapAttrs();
    if (ZimbraLog.gal.isDebugEnabled()) {
        StringBuffer returnAttrs = new StringBuffer();
        for (String a : reqAttrs) {
            returnAttrs.append(a + ",");
        }
        zlc.debug();
        ZimbraLog.gal.debug("searchGal: " + ", page size=" + pageSize + ", max results=" + maxResults + ", base=" + base + ", query=" + query + ", attrs=" + returnAttrs);
    }
    if (GalOp.sync == op) {
        result.setLimit(maxResults);
        maxResults = SearchLdapOptions.SIZE_UNLIMITED;
    }
    SearhcGalVisitor visitor = new SearhcGalVisitor(zlc, galType, base, rules, result);
    SearchLdapOptions searchOpts = new SearchLdapOptions(base, ZLdapFilterFactory.getInstance().fromFilterString(FilterId.GAL_SEARCH, query), reqAttrs, maxResults, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
    searchOpts.setResultPageSize(pageSize);
    searchOpts.setGalOp(op);
    if (GalOp.sync == op) {
        searchOpts.setSearchGalResult(result);
    }
    try {
        zlc.searchPaged(searchOpts);
    } catch (LdapSizeLimitExceededException sle) {
        result.setHadMore(true);
    } catch (ServiceException e) {
        throw ServiceException.FAILURE("unable to search gal", e);
    } finally {
        if (GalOp.sync != op || ((GalOp.sync == op) && !result.getHadMore())) {
            boolean gotNewToken = true;
            String newToken = result.getToken();
            if (newToken == null || (token != null && token.equals(newToken)) || newToken.equals(LdapConstants.EARLIEST_SYNC_TOKEN))
                gotNewToken = false;
            if (gotNewToken) {
                Date parsedToken = LdapDateUtil.parseGeneralizedTime(newToken);
                if (parsedToken != null) {
                    long ts = parsedToken.getTime();
                    ts += 1000;
                    // Note, this will "normalize" the token to our standard format
                    // DateUtil.ZIMBRA_LDAP_GENERALIZED_TIME_FORMAT
                    // Whenever we've got a new token, it will be returned in the
                    // normalized format.
                    String deltaToken = LdapDateUtil.toGeneralizedTime(new Date(ts));
                    result.setToken(deltaToken);
                    if (GalOp.sync == op) {
                        result.setLdapTimeStamp(deltaToken);
                    }
                }
            /*
                     * in the rare case when an LDAP implementation does not conform to generalized time and
                     * we cannot parser the token, just leave it alone.
                     */
            } else {
                // no records found
                if ((GalOp.sync == op) && !result.getHadMore()) {
                    result.setToken(newToken);
                    result.setLdapTimeStamp(newToken);
                }
            }
        }
    }
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) LdapSizeLimitExceededException(com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions) Date(java.util.Date)

Example 10 with SearchLdapOptions

use of com.zimbra.cs.ldap.SearchLdapOptions in project zm-mailbox by Zimbra.

the class LdapHelper method countEntries.

public long countEntries(String baseDN, ZLdapFilter filter, ZSearchControls searchControls, ZLdapContext initZlc, LdapServerType ldapServerType) throws ServiceException {
    boolean noopSearchSupported = !InMemoryLdapServer.isOn() && DebugConfig.ldapNoopSearchSupported;
    if (noopSearchSupported) {
        return countEntriesByNoopSearch(baseDN, filter, searchControls, initZlc, ldapServerType);
    } else {
        CountObjectsVisitor visitor = new CountObjectsVisitor();
        SearchLdapOptions searchOptions = new SearchLdapOptions(baseDN, filter, null, SearchLdapOptions.SIZE_UNLIMITED, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
        ZLdapContext zlc = initZlc;
        try {
            if (zlc == null) {
                zlc = LdapClient.getContext(ldapServerType, LdapUsage.SEARCH);
            }
            zlc.searchPaged(searchOptions);
        } finally {
            if (initZlc == null) {
                LdapClient.closeContext(zlc);
            }
        }
        return visitor.getCount();
    }
}
Also used : ZLdapContext(com.zimbra.cs.ldap.ZLdapContext) SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions)

Aggregations

SearchLdapOptions (com.zimbra.cs.ldap.SearchLdapOptions)17 ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)11 ServiceException (com.zimbra.common.service.ServiceException)9 IAttributes (com.zimbra.cs.ldap.IAttributes)6 LdapSizeLimitExceededException (com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException)5 ZLdapFilter (com.zimbra.cs.ldap.ZLdapFilter)5 AccountServiceException (com.zimbra.cs.account.AccountServiceException)4 LdapDIT (com.zimbra.cs.account.ldap.LdapDIT)4 SearchLdapVisitor (com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor)4 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)3 ArrayList (java.util.ArrayList)3 HashSet (java.util.HashSet)3 Map (java.util.Map)3 Account (com.zimbra.cs.account.Account)2 LdapInvalidAttrValueException (com.zimbra.cs.ldap.LdapException.LdapInvalidAttrValueException)2 HashMap (java.util.HashMap)2 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1 Control (com.unboundid.ldap.sdk.Control)1 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 LDAPResult (com.unboundid.ldap.sdk.LDAPResult)1