Example 1 with ZAttributes
use of com.zimbra.cs.ldap.ZAttributes in project zm-mailbox by Zimbra.
the class AutoProvision method createAccount.
protected Account createAccount(String acctZimbraName, ExternalEntry externalEntry, String password, AutoProvMode mode) throws ServiceException {
ZAttributes externalAttrs = externalEntry.getAttrs();
Map<String, Object> zimbraAttrs = mapAttrs(externalAttrs);
/*
// TODO: should we do this?
String zimbraPassword = RandomPassword.generate();
zimbraAttrs.put(Provisioning.A_zimbraPasswordMustChange, Provisioning.TRUE);
*/
// if password is provided, use it
String zimbraPassword = null;
if (password != null) {
zimbraPassword = password;
zimbraAttrs.remove(Provisioning.A_userPassword);
}
Account acct = null;
try {
acct = prov.createAccount(acctZimbraName, zimbraPassword, zimbraAttrs);
} catch (ServiceException e) {
if (AccountServiceException.ACCOUNT_EXISTS.equals(e.getCode())) {
ZimbraLog.autoprov.debug("account %s already exists", acctZimbraName);
// the account already exists, that's fine, just return null
switch(mode) {
case EAGER:
// that's fine, just return null
return null;
case LAZY:
case MANUAL:
default:
throw e;
}
} else {
throw e;
}
}
ZimbraLog.autoprov.info("auto provisioned account: " + acctZimbraName);
ZimbraLog.security.info(ZimbraLog.encodeAttrs(new String[] { "cmd", "auto provision Account", "name", acct.getName(), "id", acct.getId() }, zimbraAttrs));
// send notification email
try {
sendNotifMessage(acct, zimbraPassword);
} catch (ServiceException e) {
// exception during sending notif email should not fail this method
ZimbraLog.autoprov.warn("unable to send auto provision notification email", e);
}
// invoke post create listener if configured
try {
AutoProvisionListener listener = AutoProvisionCachedInfo.getInfo(domain).getListener();
if (listener != null) {
listener.postCreate(domain, acct, externalEntry.getDN());
} else {
//eager mode should configure Listener
if (mode == AutoProvMode.EAGER) {
ZimbraLog.autoprov.warn("EAGER mode should configure " + Provisioning.A_zimbraAutoProvListenerClass);
}
}
} catch (ServiceException e) {
// exception during the post create listener should not fail this method
ZimbraLog.autoprov.warn("encountered error in post auto provision listener", e);
}
return acct;
}
Also used :
Account(com.zimbra.cs.account.Account)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
Example 2 with ZAttributes
use of com.zimbra.cs.ldap.ZAttributes in project zm-mailbox by Zimbra.
the class LdapProvisioning method makeDynamicGroup.
/**
* Note - can be a bit expensive (because of loading the units) if called for a lot of groups. Some
* LDAP search code uses this to return NamedEntry hits which happen to be Dynamic groups.
*/
private DynamicGroup makeDynamicGroup(ZLdapContext initZlc, String dn, ZAttributes attrs) throws ServiceException {
String emailAddress = mDIT.dnToEmail(dn, mDIT.dynamicGroupNamingRdnAttr(), attrs);
LdapDynamicGroup group = new LdapDynamicGroup(dn, emailAddress, attrs, this);
if (!group.isMembershipDefinedByCustomURL()) {
// load dynamic unit
String dynamicUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_DYNAMIC_UNIT_NAME, dn);
ZAttributes dynamicUnitAttrs = helper.getAttributes(initZlc, LdapServerType.REPLICA, LdapUsage.GET_GROUP_UNIT, dynamicUnitDN, null);
LdapDynamicGroup.DynamicUnit dynamicUnit = new LdapDynamicGroup.DynamicUnit(dynamicUnitDN, DYNAMIC_GROUP_DYNAMIC_UNIT_NAME, dynamicUnitAttrs, this);
// load static unit
String staticUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_STATIC_UNIT_NAME, dn);
ZAttributes staticUnitAttrs = helper.getAttributes(initZlc, LdapServerType.REPLICA, LdapUsage.GET_GROUP_UNIT, staticUnitDN, null);
LdapDynamicGroup.StaticUnit staticUnit = new LdapDynamicGroup.StaticUnit(staticUnitDN, DYNAMIC_GROUP_STATIC_UNIT_NAME, staticUnitAttrs, this);
group.setSubUnits(dynamicUnit, staticUnit);
}
return group;
}
Also used :
LdapDynamicGroup(com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
Example 3 with ZAttributes
use of com.zimbra.cs.ldap.ZAttributes in project zm-mailbox by Zimbra.
the class ADGroupHandler method getDelegatedAdminGroups.
private List<String> getDelegatedAdminGroups(Account acct, boolean asAdmin) throws ServiceException {
LdapProv prov = LdapProv.getInst();
Domain domain = prov.getDomain(acct);
if (domain == null) {
throw ServiceException.FAILURE("unable to get domain for account " + acct.getName(), null);
}
// try explicit external DN on account first
String extDN = acct.getAuthLdapExternalDn();
if (extDN == null) {
// then try bind DN template on domain
// note: for AD auth, zimbraAuthLdapSearchFilter is not used, so we
// skip that. See LdapProvisioning.externalLdapAuth
String dnTemplate = domain.getAuthLdapBindDn();
if (dnTemplate != null) {
extDN = LdapUtil.computeDn(acct.getName(), dnTemplate);
}
}
if (extDN == null) {
throw ServiceException.FAILURE("unable to get external DN for account " + acct.getName(), null);
}
ZLdapContext zlc = null;
try {
zlc = getExternalDelegatedAdminGroupsLdapContext(domain, asAdmin);
ZAttributes attrs = prov.getHelper().getAttributes(zlc, extDN, new String[] { MEMBER_OF_ATTR });
return attrs.getMultiAttrStringAsList(MEMBER_OF_ATTR, CheckBinary.NOCHECK);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
Domain(com.zimbra.cs.account.Domain)
LdapProv(com.zimbra.cs.account.ldap.LdapProv)
Example 4 with ZAttributes
use of com.zimbra.cs.ldap.ZAttributes in project zm-mailbox by Zimbra.
the class AutoProvisionEager method createAccountBatch.
private void createAccountBatch() throws ServiceException {
long polledAt = System.currentTimeMillis();
List<ExternalEntry> entries = new ArrayList<ExternalEntry>();
boolean hitSizeLimitExceededException = searchAccounts(entries, domain.getAutoProvBatchSize());
ZimbraLog.autoprov.info("%d external LDAP entries returned as search result", entries.size());
int stuckAcctNum = 0;
for (ExternalEntry entry : entries) {
if (scheduler.isShutDownRequested()) {
ZimbraLog.autoprov.info("eager auto provision aborted");
return;
}
try {
ZAttributes externalAttrs = entry.getAttrs();
String acctZimbraName = mapName(externalAttrs, null);
ZimbraLog.autoprov.info("auto creating account in EAGER mode: " + acctZimbraName + ", dn=\"" + entry.getDN() + "\"");
Account acct = createAccount(acctZimbraName, entry, null, AutoProvMode.EAGER);
if (acct == null) {
stuckAcctNum++;
}
} catch (ServiceException e) {
// log and continue with next entry
ZimbraLog.autoprov.warn("unable to auto create account, dn=\"" + entry.getDN() + "\"", e);
stuckAcctNum++;
}
}
//in the last batch we won't hit size limit, then the last polled timstamp will be set, we can forget about the stuck ones
if (hitSizeLimitExceededException && entries.size() == stuckAcctNum) {
ZimbraLog.autoprov.info("search result contains unsuccessful external entries, increasing batch size by %d", stuckAcctNum);
int currentBatchSize = domain.getAutoProvBatchSize();
domain.setAutoProvBatchSize(currentBatchSize + stuckAcctNum);
ZimbraLog.autoprov.info("batch size is %d now", domain.getAutoProvBatchSize());
}
//
if (!hitSizeLimitExceededException) {
String lastPolledAt = LdapDateUtil.toGeneralizedTimeWithMs(new Date(polledAt));
ZimbraLog.autoprov.info("Auto Provisioning has finished for now, setting last polled timestamp: " + lastPolledAt);
domain.setAutoProvLastPolledTimestampAsString(lastPolledAt);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
ServiceException(com.zimbra.common.service.ServiceException)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
Example 5 with ZAttributes
use of com.zimbra.cs.ldap.ZAttributes in project zm-mailbox by Zimbra.
the class AutoProvisionEager method searchAccounts.
private boolean searchAccounts(final List<ExternalEntry> entries, int batchSize) throws ServiceException {
String lastPolledAt = domain.getAutoProvLastPolledTimestampAsString();
String[] returnAttrs = getAttrsToFetch();
SearchLdapVisitor visitor = new SearchLdapVisitor(false) {
@Override
public void visit(String dn, IAttributes ldapAttrs) throws StopIteratingException {
entries.add(new ExternalEntry(dn, (ZAttributes) ldapAttrs));
}
};
boolean hitSizeLimitExceededException = AutoProvision.searchAutoProvDirectory(prov, domain, null, null, lastPolledAt, returnAttrs, batchSize, visitor, true);
ZimbraLog.autoprov.debug("searched external LDAP source, hit size limit ? %s", hitSizeLimitExceededException);
return hitSizeLimitExceededException;
}
Also used :
SearchLdapVisitor(com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor)
IAttributes(com.zimbra.cs.ldap.IAttributes)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
Aggregations
ZAttributes (com.zimbra.cs.ldap.ZAttributes)30
ServiceException (com.zimbra.common.service.ServiceException)18
AccountServiceException (com.zimbra.cs.account.AccountServiceException)16
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)15
LdapEntryNotFoundException (com.zimbra.cs.ldap.LdapException.LdapEntryNotFoundException)8
Account (com.zimbra.cs.account.Account)6
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)6
Domain (com.zimbra.cs.account.Domain)4
GuestAccount (com.zimbra.cs.account.GuestAccount)4
LdapAccount (com.zimbra.cs.account.ldap.entry.LdapAccount)4
HashMap (java.util.HashMap)4
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)3
LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)3
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)3
Alias (com.zimbra.cs.account.Alias)2
AlwaysOnCluster (com.zimbra.cs.account.AlwaysOnCluster)2
DynamicGroup (com.zimbra.cs.account.DynamicGroup)2
Group (com.zimbra.cs.account.Group)2
NamedEntry (com.zimbra.cs.account.NamedEntry)2
Server (com.zimbra.cs.account.Server)2
