Example 96 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class BUG_57875 method doUpgrade.
@Override
void doUpgrade() throws ServiceException {
ZLdapContext zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.UPGRADE);
try {
upgradeGlobalConfig(zlc);
upgradeDomains(zlc);
upgradeDataSources(zlc);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
Example 97 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class ProxyPurgeUtil method purgeAccounts.
/**
* Purges or, prints all the routes for the accounts supplied.
* @param servers list of memcached servers supplied, if null the function gets all the
* memcached servers from provisioning
* @param accounts list of accounts (qualified or, unqualified)
* @param purge true for the account routes purging, false for printing the routes
* @param outputformat format of the output in case of printing
* @throws ServiceException
*/
public static void purgeAccounts(List<String> servers, List<String> accounts, boolean purge, String outputformat) throws ServiceException {
Provisioning prov = Provisioning.getInstance();
// Some sanity checks.
if (accounts == null || accounts.isEmpty()) {
System.err.println("No account supplied");
System.exit(1);
}
if (!purge) {
// the outputformat must be supplied.
if (outputformat == null || outputformat.length() == 0) {
System.err.println("outputformat must be supplied for info");
System.exit(1);
}
}
if (servers == null) {
List<Server> memcachedServers = prov.getAllServers(Provisioning.SERVICE_MEMCACHED);
servers = new ArrayList<String>();
for (Iterator<Server> it = memcachedServers.iterator(); it.hasNext(); ) {
Server s = it.next();
String serverName = s.getAttr(Provisioning.A_zimbraServiceHostname, "localhost");
String servicePort = s.getAttr(Provisioning.A_zimbraMemcachedBindPort, memcachedPort);
servers.add(serverName + ":" + servicePort);
}
}
// Connect to all memcached servers.
int numServers = servers.size();
ArrayList<ZimbraMemcachedClient> zmcs = new ArrayList<ZimbraMemcachedClient>();
for (int i = 0; i < numServers; ++i) {
ZimbraMemcachedClient zmc = new ZimbraMemcachedClient();
zmc.connect(new String[] { servers.get(i) }, false, null, 0, 5000);
zmcs.add(zmc);
}
for (String a : accounts) {
// Bug 24463
// The route keying in memcached is governed by the following rules:
// 1. if login name is fully qualified, use that as the route key
// 2. otherwise, if memcache_entry_allow_unqualified is true, then use the bare login as the route key
// 3. else, append the IP address of the proxy interface to the login and use that as the route key
// 4. for the login store all the user's alias, append the ip address of the proxy interface.
//
// For accounts authenticating without domain, NGINX internally suffixes @domain
// to the login name, by first looking up an existing domain by the IP address of
// the proxy interface where the connection came in. If no such domain is found,
// then NGINX falls back to the default domain name specified by the config
// attribute zimbraDefaultDomainName.
// The IP to domain mapping is done based on the zimbraVirtualIPAddress attribute
// of the domain (The IP-to-domain mapping is a many-to-one relationship.)
//
// For the zmproxypurge utility if the account supplied (-a option) is:
// 1. For fully qualified account with @domain; it will find all the virtual IP
// addresses for that domain and will delete all the entries on all memcached servers:
// i) with the user@domain (case 1 as described above)
// ii) with just the user (case 2 as described above)
// iii) with all the virtual IP addresses configured for the domain
// iv) find all the alias for the account and repeat (i) to (iii)
// 2. For the account supplied with the IP address; the utility will only try to
// purge the entries with the user@IP.
// 3. If there is a single domain and the account supplied is not fully qualified;
// the utility will append the default domain to that entry and will execute step 1.
// (In this case the provisioning lookup will return the correct domain)
ArrayList<String> routes = new ArrayList<String>();
// Lookup the account; at this point we don't whether the user is fully qualified.
Account account = prov.get(Key.AccountBy.name, a);
if (account == null) {
// In this case just purge the entries with the given account name as supplied.
System.out.println("error looking up accout: " + a);
routes.add("route:proto=http;user=" + a);
routes.add("route:proto=imap;user=" + a);
routes.add("route:proto=pop3;user=" + a);
routes.add("route:proto=httpssl;user=" + a);
routes.add("route:proto=imapssl;user=" + a);
routes.add("route:proto=pop3ssl;user=" + a);
} else {
String uid = account.getUid();
routes.add("route:proto=http;id=" + account.getId());
routes.add("route:proto=http;user=" + uid);
routes.add("route:proto=imap;user=" + uid);
routes.add("route:proto=pop3;user=" + uid);
routes.add("route:proto=httpssl;id=" + account.getId());
routes.add("route:proto=httpssl;user=" + uid);
routes.add("route:proto=imapssl;user=" + uid);
routes.add("route:proto=pop3ssl;user=" + uid);
routes.add("route:proto=httpssl;admin=1;id=" + account.getId());
String domain = account.getDomainName();
routes.add("route:proto=http;user=" + uid + "@" + domain);
routes.add("route:proto=imap;user=" + uid + "@" + domain);
routes.add("route:proto=pop3;user=" + uid + "@" + domain);
routes.add("route:proto=httpssl;user=" + uid + "@" + domain);
routes.add("route:proto=imapssl;user=" + uid + "@" + domain);
routes.add("route:proto=pop3ssl;user=" + uid + "@" + domain);
routes.add("alias:user=" + uid + ";ip=" + domain);
Domain d = prov.get(Key.DomainBy.name, domain);
String[] vips = d.getVirtualIPAddress();
for (String vip : vips) {
// for each virtual ip add the routes to the list.
routes.add("route:proto=http;user=" + uid + "@" + vip);
routes.add("route:proto=imap;user=" + uid + "@" + vip);
routes.add("route:proto=pop3;user=" + uid + "@" + vip);
routes.add("route:proto=httpssl;user=" + uid + "@" + vip);
routes.add("route:proto=imapssl;user=" + uid + "@" + vip);
routes.add("route:proto=pop3ssl;user=" + uid + "@" + vip);
routes.add("alias:user=" + uid + ";ip=" + vip);
}
String[] vhostnames = d.getVirtualHostname();
for (String vhost : vhostnames) {
// for each virtual host name add the alias to the list
routes.add("alias:user=" + uid + ";vhost=" + vhost);
}
String[] aliases = account.getMailAlias();
List<String> uids = new ArrayList<String>();
uids.add(uid);
for (String alias : aliases) {
if (alias.indexOf('@') != -1 && alias.substring(alias.indexOf('@') + 1).equals(domain)) {
uids.add(alias.substring(0, alias.indexOf('@')));
}
}
// this logic works for for all cases account=addr@<alias domain> or alias-name@<alias domain>
if (prov instanceof LdapProvisioning) {
ZLdapContext ldpCtx = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.GET_DOMAIN);
try {
List<String> aliasDomainIds = ((LdapProvisioning) prov).getEmptyAliasDomainIds(ldpCtx, d, false);
if (aliasDomainIds != null) {
for (String aliasDomainId : aliasDomainIds) {
String aliasDomain = prov.getDomainById(aliasDomainId).getDomainName();
for (String userName : uids) {
routes.add("route:proto=http;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=imap;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=pop3;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=httpssl;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=imapssl;user=" + userName + "@" + aliasDomain);
routes.add("route:proto=pop3ssl;user=" + userName + "@" + aliasDomain);
routes.add("alias:user=" + userName + ";ip=" + aliasDomain);
}
}
}
} finally {
LdapClient.closeContext(ldpCtx);
}
}
// bug:79940 says Active Sync routes are stored as http/https - alias@domain.com
for (String alias : aliases) {
routes.add("route:proto=http;user=" + alias);
routes.add("route:proto=imap;user=" + alias);
routes.add("route:proto=pop3;user=" + alias);
routes.add("route:proto=httpssl;user=" + alias);
routes.add("route:proto=imapssl;user=" + alias);
routes.add("route:proto=pop3ssl;user=" + alias);
if (alias.indexOf('@') != -1) {
alias = alias.substring(0, alias.indexOf('@'));
}
for (String vhost : vhostnames) {
// for each virtual host name add the alias to the alias user
routes.add("alias:user=" + alias + ";vhost=" + vhost);
}
for (String vip : vips) {
// for each virtual ip add the routes to the list.
routes.add("route:proto=http;user=" + alias + "@" + vip);
routes.add("route:proto=imap;user=" + alias + "@" + vip);
routes.add("route:proto=pop3;user=" + alias + "@" + vip);
routes.add("route:proto=httpssl;user=" + alias + "@" + vip);
routes.add("route:proto=imapssl;user=" + alias + "@" + vip);
routes.add("route:proto=pop3ssl;user=" + alias + "@" + vip);
routes.add("alias:user=" + alias + ";ip=" + vip);
}
}
}
for (int i = 0; i < numServers; ++i) {
ZimbraMemcachedClient zmc = zmcs.get(i);
for (String route : routes) {
if (purge) {
// Note: there is no guarantee that all the routes will be present.
// We just try to purge all of them without waiting on ack.
System.out.println("Purging " + route + " on server " + servers.get(i));
zmc.remove(route, false);
} else {
String output = String.format(outputformat, servers.get(i), route, zmc.get(route));
System.out.println(output);
}
}
}
}
for (ZimbraMemcachedClient zmc : zmcs) {
zmc.disconnect(ZimbraMemcachedClient.DEFAULT_TIMEOUT);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
Server(com.zimbra.cs.account.Server)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
ZimbraMemcachedClient(com.zimbra.common.util.memcached.ZimbraMemcachedClient)
Provisioning(com.zimbra.cs.account.Provisioning)
LdapProvisioning(com.zimbra.cs.account.ldap.LdapProvisioning)
LdapProvisioning(com.zimbra.cs.account.ldap.LdapProvisioning)
Domain(com.zimbra.cs.account.Domain)
Example 98 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method removeAliasInternal.
/*
* 1. remove alias from mail and zimbraMailAlias attributes of the entry
* 2. remove alias from all distribution lists
* 3. delete the alias entry
*
* A. entry exists, alias exists
* - if alias points to the entry: do 1, 2, 3
* - if alias points to other existing entry: do 1, and then throw NO_SUCH_ALIAS
* - if alias points to a non-existing entry: do 1, 2, 3, and then throw NO_SUCH_ALIAS
*
* B. entry exists, alias does not exist: do 1, 2, and then throw NO_SUCH_ALIAS
*
* C. entry does not exist, alias exists:
* - if alias points to other existing entry: do nothing (and then throw NO_SUCH_ACCOUNT/NO_SUCH_DISTRIBUTION_LIST in ProvUtil)
* - if alias points to a non-existing entry: do 2, 3 (and then throw NO_SUCH_ACCOUNT/NO_SUCH_DISTRIBUTION_LIST in ProvUtil)
*
* D. entry does not exist, alias does not exist: do 2 (and then throw NO_SUCH_ACCOUNT/NO_SUCH_DISTRIBUTION_LIST in ProvUtil)
*
*
*/
private void removeAliasInternal(NamedEntry entry, String alias) throws ServiceException {
LdapUsage ldapUsage = null;
if (entry instanceof Account) {
ldapUsage = LdapUsage.REMOVE_ALIAS_ACCOUNT;
} else if (entry instanceof Group) {
ldapUsage = LdapUsage.REMOVE_ALIAS_DL;
} else {
ldapUsage = LdapUsage.REMOVE_ALIAS;
}
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, ldapUsage);
alias = alias.toLowerCase();
alias = IDNUtil.toAsciiEmail(alias);
String[] parts = alias.split("@");
String aliasName = parts[0];
String aliasDomain = parts[1];
Domain domain = getDomainByAsciiName(aliasDomain, zlc);
if (domain == null)
throw AccountServiceException.NO_SUCH_DOMAIN(aliasDomain);
String targetDn = (entry == null) ? null : ((LdapEntry) entry).getDN();
String targetDomainName = null;
if (entry != null) {
if (entry instanceof Account) {
targetDomainName = ((Account) entry).getDomainName();
} else if (entry instanceof Group) {
targetDomainName = ((Group) entry).getDomainName();
} else {
throw ServiceException.INVALID_REQUEST("invalid entry type for alias", null);
}
}
String aliasDn = mDIT.aliasDN(targetDn, targetDomainName, aliasName, aliasDomain);
ZAttributes aliasAttrs = null;
Alias aliasEntry = null;
try {
aliasAttrs = helper.getAttributes(zlc, aliasDn);
// see if the entry is an alias
if (!isEntryAlias(aliasAttrs))
throw AccountServiceException.NO_SUCH_ALIAS(alias);
aliasEntry = makeAlias(aliasDn, aliasAttrs);
} catch (ServiceException e) {
ZimbraLog.account.warn("alias " + alias + " does not exist");
}
NamedEntry targetEntry = null;
if (aliasEntry != null)
targetEntry = searchAliasTarget(aliasEntry, false);
boolean aliasPointsToEntry = ((entry != null) && (aliasEntry != null) && entry.getId().equals(aliasEntry.getAttr(Provisioning.A_zimbraAliasTargetId)));
boolean aliasPointsToOtherExistingEntry = ((aliasEntry != null) && (targetEntry != null) && ((entry == null) || (!entry.getId().equals(targetEntry.getId()))));
boolean aliasPointsToNonExistingEntry = ((aliasEntry != null) && (targetEntry == null));
// 1. remove alias from mail/zimbraMailAlias attrs
if (entry != null) {
try {
HashMap<String, String> attrs = new HashMap<String, String>();
attrs.put("-" + Provisioning.A_mail, alias);
attrs.put("-" + Provisioning.A_zimbraMailAlias, alias);
modifyAttrsInternal(entry, zlc, attrs);
} catch (ServiceException e) {
ZimbraLog.account.warn("unable to remove zimbraMailAlias/mail attrs: " + alias);
}
}
// 2. remove address from all DLs
if (!aliasPointsToOtherExistingEntry) {
removeAddressFromAllDistributionLists(alias);
}
// 3. remove the alias entry
if (aliasPointsToEntry || aliasPointsToNonExistingEntry) {
try {
zlc.deleteEntry(aliasDn);
} catch (ServiceException e) {
// should not happen, log it
ZimbraLog.account.warn("unable to remove alias entry at : " + aliasDn);
}
}
// throw NO_SUCH_ALIAS if necessary
if (((entry != null) && (aliasEntry == null)) || ((entry != null) && (aliasEntry != null) && !aliasPointsToEntry))
throw AccountServiceException.NO_SUCH_ALIAS(alias);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount)
Group(com.zimbra.cs.account.Group)
DynamicGroup(com.zimbra.cs.account.DynamicGroup)
LdapDynamicGroup(com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
HashMap(java.util.HashMap)
NamedEntry(com.zimbra.cs.account.NamedEntry)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapAlias(com.zimbra.cs.account.ldap.entry.LdapAlias)
Alias(com.zimbra.cs.account.Alias)
ZAttributes(com.zimbra.cs.ldap.ZAttributes)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapUsage(com.zimbra.cs.ldap.LdapUsage)
Example 99 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method searchZimbraWithNamedFilter.
private SearchGalResult searchZimbraWithNamedFilter(Domain domain, GalOp galOp, String filterName, String n, int maxResults, String token, GalContact.Visitor visitor) throws ServiceException {
GalParams.ZimbraGalParams galParams = new GalParams.ZimbraGalParams(domain, galOp);
String queryExpr = getFilterDef(filterName);
String query = null;
String tokenize = GalUtil.tokenizeKey(galParams, galOp);
if (queryExpr != null) {
if (token != null)
n = "";
query = GalUtil.expandFilter(tokenize, queryExpr, n, token);
}
SearchGalResult result = SearchGalResult.newSearchGalResult(visitor);
result.setTokenizeKey(tokenize);
if (query == null) {
ZimbraLog.gal.warn("searchZimbraWithNamedFilter query is null");
return result;
}
// filter out hidden entries
if (!query.startsWith("(")) {
query = "(" + query + ")";
}
query = "(&" + query + "(!(zimbraHideInGal=TRUE)))";
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapUsage.fromGalOpLegacy(galOp));
LdapGalSearch.searchGal(zlc, GalSearchConfig.GalType.zimbra, galParams.pageSize(), galParams.searchBase(), query, maxResults, getGalRules(domain, true), token, result);
} finally {
LdapClient.closeContext(zlc);
}
// Collections.sort(result);
return result;
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
GalParams(com.zimbra.cs.account.gal.GalParams)
Example 100 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method renameCos.
@Override
public void renameCos(String zimbraId, String newName) throws ServiceException {
LdapCos cos = (LdapCos) get(Key.CosBy.id, zimbraId);
if (cos == null)
throw AccountServiceException.NO_SUCH_COS(zimbraId);
if (cos.isDefaultCos())
throw ServiceException.INVALID_REQUEST("unable to rename default cos", null);
newName = newName.toLowerCase().trim();
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.RENAME_COS);
String newDn = mDIT.cosNametoDN(newName);
zlc.renameEntry(cos.getDN(), newDn);
// remove old cos from cache
cosCache.remove(cos);
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.COS_EXISTS(newName);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to rename cos: " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapCos(com.zimbra.cs.account.ldap.entry.LdapCos)
LdapException(com.zimbra.cs.ldap.LdapException)
Aggregations
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)126
ServiceException (com.zimbra.common.service.ServiceException)65
AccountServiceException (com.zimbra.cs.account.AccountServiceException)62
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)60
LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)23
LdapException (com.zimbra.cs.ldap.LdapException)22
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)21
Domain (com.zimbra.cs.account.Domain)19
LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)18
CallbackContext (com.zimbra.cs.account.callback.CallbackContext)16
Date (java.util.Date)16
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)14
HashMap (java.util.HashMap)14
SearchLdapOptions (com.zimbra.cs.ldap.SearchLdapOptions)13
ZLdapFilter (com.zimbra.cs.ldap.ZLdapFilter)12
Account (com.zimbra.cs.account.Account)11
LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)11
ZAttributes (com.zimbra.cs.ldap.ZAttributes)10
HashSet (java.util.HashSet)10
GuestAccount (com.zimbra.cs.account.GuestAccount)9
