Example 11 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method modifyDataSource.
@Override
public void modifyDataSource(Account account, String dataSourceId, Map<String, Object> attrs) throws ServiceException {
removeAttrIgnoreCase("objectclass", attrs);
LdapEntry ldapEntry = (LdapEntry) (account instanceof LdapEntry ? account : getAccountById(account.getId()));
if (ldapEntry == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(account.getName());
LdapDataSource ds = (LdapDataSource) getDataSourceById(ldapEntry, dataSourceId, null);
if (ds == null)
throw AccountServiceException.NO_SUCH_DATA_SOURCE(dataSourceId);
account.setCachedData(DATA_SOURCE_LIST_CACHE_KEY, null);
attrs.remove(A_zimbraDataSourceId);
String name = (String) attrs.get(A_zimbraDataSourceName);
boolean newName = (name != null && !name.equals(ds.getName()));
if (newName)
attrs.remove(A_zimbraDataSourceName);
String password = (String) attrs.get(A_zimbraDataSourcePassword);
if (password != null) {
attrs.put(A_zimbraDataSourcePassword, DataSource.encryptData(ds.getId(), password));
}
String oauthToken = (String) attrs.get(A_zimbraDataSourceOAuthToken);
if (oauthToken != null) {
attrs.put(A_zimbraDataSourceOAuthToken, DataSource.encryptData(ds.getId(), oauthToken));
}
String clientSecret = (String) attrs.get(A_zimbraDataSourceOAuthClientSecret);
if (clientSecret != null) {
attrs.put(A_zimbraDataSourceOAuthClientSecret, DataSource.encryptData(ds.getId(), clientSecret));
}
String smtpPassword = (String) attrs.get(A_zimbraDataSourceSmtpAuthPassword);
if (smtpPassword != null) {
attrs.put(A_zimbraDataSourceSmtpAuthPassword, DataSource.encryptData(ds.getId(), smtpPassword));
}
modifyAttrs(ds, attrs, true);
if (newName) {
// the datasoruce cache could've been loaded again if getAllDataSources were called in pre/poseModify callback, so we clear it again
account.setCachedData(DATA_SOURCE_LIST_CACHE_KEY, null);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.RENAME_DATASOURCE);
String newDn = getDataSourceDn(ldapEntry, name);
zlc.renameEntry(ds.getDN(), newDn);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to rename datasource: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
}
Also used :
LdapDataSource(com.zimbra.cs.account.ldap.entry.LdapDataSource)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
Example 12 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteDynamicGroup.
private void deleteDynamicGroup(LdapDynamicGroup group) throws ServiceException {
String zimbraId = group.getId();
// make a copy of all addrs of this DL, after the delete all aliases on this dl
// object will be gone, but we need to remove them from the allgroups cache after the DL is deleted
Set<String> addrs = new HashSet<String>(group.getMultiAttrSet(Provisioning.A_mail));
/* ============ handle me ??
// remove the DL from all DLs
removeAddressFromAllDistributionLists(dl.getName()); // this doesn't throw any exceptions
*/
// delete all aliases of the group
String[] aliases = group.getAliases();
if (aliases != null) {
String groupName = group.getName();
for (int i = 0; i < aliases.length; i++) {
// this "alias" if it is the primary name, the entire entry will be deleted anyway.
if (!groupName.equalsIgnoreCase(aliases[i])) {
// this also removes each alias from any DLs
removeGroupAlias(group, aliases[i]);
}
}
}
/*
// delete all grants granted to the DL
try {
RightCommand.revokeAllRights(this, GranteeType.GT_GROUP, zimbraId);
} catch (ServiceException e) {
// eat the exception and continue
ZimbraLog.account.warn("cannot revoke grants", e);
}
*/
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.DELETE_DYNAMICGROUP);
String dn = group.getDN();
zlc.deleteChildren(dn);
zlc.deleteEntry(dn);
// remove zimbraMemberOf if this group from all accounts
deleteMemberOfOnAccounts(zlc, zimbraId);
groupCache.remove(group);
allDLs.removeGroup(addrs);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to purge group: " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
PermissionCache.invalidateCache();
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
HashSet(java.util.HashSet)
Example 13 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method createDomain.
@Override
public Domain createDomain(String name, Map<String, Object> domainAttrs) throws ServiceException {
name = name.toLowerCase().trim();
name = IDNUtil.toAsciiDomainName(name);
NameUtil.validNewDomainName(name);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_DOMAIN);
LdapDomain d = (LdapDomain) getDomainByAsciiName(name, zlc);
if (d != null) {
throw AccountServiceException.DOMAIN_EXISTS(name);
}
// Attribute checking can not express "allow setting on
// creation, but do not allow modifies afterwards"
String domainType = (String) domainAttrs.get(A_zimbraDomainType);
if (domainType == null) {
domainType = DomainType.local.name();
} else {
// add back later
domainAttrs.remove(A_zimbraDomainType);
}
String domainStatus = (String) domainAttrs.get(A_zimbraDomainStatus);
if (domainStatus == null) {
domainStatus = DOMAIN_STATUS_ACTIVE;
} else {
// add back later
domainAttrs.remove(A_zimbraDomainStatus);
}
String smimeLdapURL = (String) domainAttrs.get(A_zimbraSMIMELdapURL);
if (!StringUtil.isNullOrEmpty(smimeLdapURL)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapURL);
}
String smimeLdapStartTlsEnabled = (String) domainAttrs.get(A_zimbraSMIMELdapStartTlsEnabled);
if (!StringUtil.isNullOrEmpty(smimeLdapStartTlsEnabled)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapStartTlsEnabled);
}
String smimeLdapBindDn = (String) domainAttrs.get(A_zimbraSMIMELdapBindDn);
if (!StringUtil.isNullOrEmpty(smimeLdapBindDn)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapBindDn);
}
String smimeLdapBindPassword = (String) domainAttrs.get(A_zimbraSMIMELdapBindPassword);
if (!StringUtil.isNullOrEmpty(smimeLdapBindPassword)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapBindPassword);
}
String smimeLdapSearchBase = (String) domainAttrs.get(A_zimbraSMIMELdapSearchBase);
if (!StringUtil.isNullOrEmpty(smimeLdapSearchBase)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapSearchBase);
}
String smimeLdapFilter = (String) domainAttrs.get(A_zimbraSMIMELdapFilter);
if (!StringUtil.isNullOrEmpty(smimeLdapFilter)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapFilter);
}
String smimeLdapAttribute = (String) domainAttrs.get(A_zimbraSMIMELdapAttribute);
if (!StringUtil.isNullOrEmpty(smimeLdapAttribute)) {
// add back later
domainAttrs.remove(A_zimbraSMIMELdapAttribute);
}
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(domainAttrs, null, callbackContext, true);
// Add back attrs we circumvented from attribute checking
domainAttrs.put(A_zimbraDomainType, domainType);
domainAttrs.put(A_zimbraDomainStatus, domainStatus);
domainAttrs.put(A_zimbraSMIMELdapURL, smimeLdapURL);
domainAttrs.put(A_zimbraSMIMELdapStartTlsEnabled, smimeLdapStartTlsEnabled);
domainAttrs.put(A_zimbraSMIMELdapBindDn, smimeLdapBindDn);
domainAttrs.put(A_zimbraSMIMELdapBindPassword, smimeLdapBindPassword);
domainAttrs.put(A_zimbraSMIMELdapSearchBase, smimeLdapSearchBase);
domainAttrs.put(A_zimbraSMIMELdapFilter, smimeLdapFilter);
domainAttrs.put(A_zimbraSMIMELdapAttribute, smimeLdapAttribute);
String[] parts = name.split("\\.");
String[] dns = mDIT.domainToDNs(parts);
createParentDomains(zlc, parts, dns);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(domainAttrs);
Set<String> ocs = LdapObjectClass.getDomainObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraIdStr = LdapUtil.generateUUID();
entry.setAttr(A_zimbraId, zimbraIdStr);
entry.setAttr(A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
entry.setAttr(A_zimbraDomainName, name);
String mailStatus = (String) domainAttrs.get(A_zimbraMailStatus);
if (mailStatus == null)
entry.setAttr(A_zimbraMailStatus, MAIL_STATUS_ENABLED);
if (domainType.equalsIgnoreCase(DomainType.alias.name())) {
entry.setAttr(A_zimbraMailCatchAllAddress, "@" + name);
}
entry.setAttr(A_o, name + " domain");
entry.setAttr(A_dc, parts[0]);
String dn = dns[0];
entry.setDN(dn);
//NOTE: all four of these should be in a transaction...
try {
zlc.createEntry(entry);
} catch (LdapEntryAlreadyExistException e) {
zlc.replaceAttributes(dn, entry.getAttributes());
}
String acctBaseDn = mDIT.domainDNToAccountBaseDN(dn);
if (!acctBaseDn.equals(dn)) {
/*
* create the account base dn entry only if if is not the same as the domain dn
*
* TODO, the objectclass(organizationalRole) and attrs(ou and cn) for the account
* base dn entry is still hardcoded, it should be parameterized in LdapDIT
* according the BASE_RDN_ACCOUNT. This is actually a design decision depending
* on how far we want to allow the DIT to be customized.
*/
zlc.createEntry(mDIT.domainDNToAccountBaseDN(dn), "organizationalRole", new String[] { A_ou, "people", A_cn, "people" });
// create the base DN for dynamic groups
zlc.createEntry(mDIT.domainDNToDynamicGroupsBaseDN(dn), "organizationalRole", new String[] { A_cn, "groups", A_description, "dynamic groups base" });
}
Domain domain = getDomainById(zimbraIdStr, zlc);
AttributeManager.getInstance().postModify(domainAttrs, domain, callbackContext);
return domain;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.DOMAIN_EXISTS(name);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create domain: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 14 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method renameSignature.
private void renameSignature(LdapEntry entry, LdapSignature signature, String newSignatureName) throws ServiceException {
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.RENAME_SIGNATURE);
String newDn = getSignatureDn(entry, newSignatureName);
zlc.renameEntry(signature.getDN(), newDn);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to rename signature: " + newSignatureName, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
Example 15 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteAccount.
@Override
public void deleteAccount(String zimbraId) throws ServiceException {
Account acc = getAccountById(zimbraId);
LdapEntry entry = (LdapEntry) getAccountById(zimbraId);
if (acc == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(zimbraId);
// remove the account from all DLs
// this doesn't throw any exceptions
removeAddressFromAllDistributionLists(acc.getName());
// delete all aliases of the account
String[] aliases = acc.getMailAlias();
if (aliases != null) {
for (int i = 0; i < aliases.length; i++) {
try {
// this also removes each alias from any DLs
removeAlias(acc, aliases[i]);
} catch (ServiceException se) {
if (AccountServiceException.NO_SUCH_ALIAS.equals(se.getCode())) {
ZimbraLog.account.warn("got no such alias from removeAlias call when deleting account; likely alias was previously in a bad state");
} else {
throw se;
}
}
}
}
// delete all grants granted to the account
try {
RightCommand.revokeAllRights(this, GranteeType.GT_USER, zimbraId);
} catch (ServiceException e) {
// eat the exception and continue
ZimbraLog.account.warn("cannot revoke grants", e);
}
// if ephemeral backend is not LDAP, need to explicitly delete ephemeral data
EphemeralStore.Factory factory = EphemeralStore.getFactory();
if (!(factory instanceof LdapEphemeralStore.Factory)) {
factory.getStore().deleteData(new LdapEntryLocation(acc));
}
final Map<String, Object> attrs = new HashMap<String, Object>(acc.getAttrs());
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.DELETE_ACCOUNT);
zlc.deleteChildren(entry.getDN());
zlc.deleteEntry(entry.getDN());
validate(ProvisioningValidator.DELETE_ACCOUNT_SUCCEEDED, attrs);
accountCache.remove(acc);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to purge account: " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
LdapAccount(com.zimbra.cs.account.ldap.entry.LdapAccount)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
HashMap(java.util.HashMap)
LogFactory(com.zimbra.common.util.LogFactory)
ZLdapFilterFactory(com.zimbra.cs.ldap.ZLdapFilterFactory)
LdapEntry(com.zimbra.cs.account.ldap.entry.LdapEntry)
LdapEntryLocation(com.zimbra.cs.ephemeral.LdapEntryLocation)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
EphemeralStore(com.zimbra.cs.ephemeral.EphemeralStore)
LdapEphemeralStore(com.zimbra.cs.ephemeral.LdapEphemeralStore)
Aggregations
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)112
ServiceException (com.zimbra.common.service.ServiceException)51
AccountServiceException (com.zimbra.cs.account.AccountServiceException)48
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)46
LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)21
LdapException (com.zimbra.cs.ldap.LdapException)20
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)18
Domain (com.zimbra.cs.account.Domain)17
CallbackContext (com.zimbra.cs.account.callback.CallbackContext)14
Date (java.util.Date)14
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)12
HashMap (java.util.HashMap)12
LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)11
SearchLdapOptions (com.zimbra.cs.ldap.SearchLdapOptions)11
Account (com.zimbra.cs.account.Account)9
LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)8
ZLdapFilter (com.zimbra.cs.ldap.ZLdapFilter)8
GuestAccount (com.zimbra.cs.account.GuestAccount)7
LdapAccount (com.zimbra.cs.account.ldap.entry.LdapAccount)7
ZSearchResultEntry (com.zimbra.cs.ldap.ZSearchResultEntry)7
