Example 26 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method createServer.
@Override
public Server createServer(String name, Map<String, Object> serverAttrs) throws ServiceException {
name = name.toLowerCase().trim();
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
AttributeManager.getInstance().preModify(serverAttrs, null, callbackContext, true);
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_SERVER);
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(serverAttrs);
Set<String> ocs = LdapObjectClass.getServerObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraIdStr = LdapUtil.generateUUID();
entry.setAttr(A_zimbraId, zimbraIdStr);
entry.setAttr(A_zimbraCreateTimestamp, LdapDateUtil.toGeneralizedTime(new Date()));
entry.setAttr(A_cn, name);
String dn = mDIT.serverNameToDN(name);
if (!entry.hasAttribute(Provisioning.A_zimbraServiceHostname)) {
entry.setAttr(Provisioning.A_zimbraServiceHostname, name);
}
entry.setDN(dn);
zlc.createEntry(entry);
Server server = getServerById(zimbraIdStr, zlc, true);
AttributeManager.getInstance().postModify(serverAttrs, server, callbackContext);
return server;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.SERVER_EXISTS(name);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to create server: " + name, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
InMemoryLdapServer(com.zimbra.cs.ldap.unboundid.InMemoryLdapServer)
LdapServer(com.zimbra.cs.account.ldap.entry.LdapServer)
Server(com.zimbra.cs.account.Server)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapException(com.zimbra.cs.ldap.LdapException)
Date(java.util.Date)
Example 27 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method searchLdapObjects.
private void searchLdapObjects(String base, ZLdapFilter filter, String[] returnAttrs, SearchDirectoryOptions opts, NamedEntry.Visitor visitor) throws ServiceException {
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.get(opts.getOnMaster()), opts.getUseConnPool(), LdapUsage.SEARCH);
SearchObjectsVisitor searchObjectsVisitor = new SearchObjectsVisitor(this, zlc, visitor, opts.getMaxResults(), opts.getMakeObjectOpt(), returnAttrs);
SearchLdapOptions searchObjectsOptions = new SearchLdapOptions(base, filter, returnAttrs, opts.getMaxResults(), null, ZSearchScope.SEARCH_SCOPE_SUBTREE, searchObjectsVisitor);
searchObjectsOptions.setUseControl(opts.isUseControl());
searchObjectsOptions.setManageDSAit(opts.isManageDSAit());
zlc.searchPaged(searchObjectsOptions);
} catch (LdapSizeLimitExceededException e) {
throw AccountServiceException.TOO_MANY_SEARCH_RESULTS("too many search results returned", e);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to list all objects", e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapSizeLimitExceededException(com.zimbra.cs.ldap.LdapException.LdapSizeLimitExceededException)
SearchLdapOptions(com.zimbra.cs.ldap.SearchLdapOptions)
Example 28 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteServer.
@Override
public void deleteServer(String zimbraId) throws ServiceException {
LdapServer server = (LdapServer) getServerByIdInternal(zimbraId);
if (server == null)
throw AccountServiceException.NO_SUCH_SERVER(zimbraId);
// check that no account is still on this server
long numAcctsOnServer = getNumAccountsOnServer(server);
if (numAcctsOnServer != 0) {
throw ServiceException.INVALID_REQUEST("There are " + numAcctsOnServer + " account(s) on this server.", null);
}
String monitorHost = getConfig().getAttr(Provisioning.A_zimbraLogHostname);
String serverName = server.getName();
if (monitorHost != null && monitorHost.trim().equals(serverName)) {
throw ServiceException.INVALID_REQUEST("zimbraLogHostname is set to " + serverName, null);
}
String[] attributesToRemove = { Provisioning.A_zimbraReverseProxyAvailableLookupTargets, Provisioning.A_zimbraReverseProxyUpstreamEwsServers, Provisioning.A_zimbraReverseProxyUpstreamLoginServers };
removeAttrsForServer(attributesToRemove, server.getName());
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.DELETE_SERVER);
removeServerFromAllCOSes(zimbraId, server.getName(), zlc);
zlc.deleteEntry(server.getDN());
serverCache.remove(server);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to purge server: " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
InMemoryLdapServer(com.zimbra.cs.ldap.unboundid.InMemoryLdapServer)
LdapServer(com.zimbra.cs.account.ldap.entry.LdapServer)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
Example 29 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method createDynamicGroup.
private DynamicGroup createDynamicGroup(String groupAddress, Map<String, Object> groupAttrs, Account creator) throws ServiceException {
SpecialAttrs specialAttrs = mDIT.handleSpecialAttrs(groupAttrs);
String baseDn = specialAttrs.getLdapBaseDn();
groupAddress = groupAddress.toLowerCase().trim();
EmailAddress addr = new EmailAddress(groupAddress);
String localPart = addr.getLocalPart();
String domainName = addr.getDomain();
domainName = IDNUtil.toAsciiDomainName(domainName);
groupAddress = EmailAddress.getAddress(localPart, domainName);
validEmailAddress(groupAddress);
CallbackContext callbackContext = new CallbackContext(CallbackContext.Op.CREATE);
callbackContext.setCreatingEntryName(groupAddress);
// remove zimbraIsACLGroup from attrs if provided, to avoid the immutable check
Object providedZimbraIsACLGroup = groupAttrs.get(A_zimbraIsACLGroup);
if (providedZimbraIsACLGroup != null) {
groupAttrs.remove(A_zimbraIsACLGroup);
}
AttributeManager.getInstance().preModify(groupAttrs, null, callbackContext, true);
// put zimbraIsACLGroup back
if (providedZimbraIsACLGroup != null) {
groupAttrs.put(A_zimbraIsACLGroup, providedZimbraIsACLGroup);
}
ZLdapContext zlc = null;
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.CREATE_DYNAMICGROUP);
Domain domain = getDomainByAsciiName(domainName, zlc);
if (domain == null) {
throw AccountServiceException.NO_SUCH_DOMAIN(domainName);
}
if (!domain.isLocal()) {
throw ServiceException.INVALID_REQUEST("domain type must be local", null);
}
String domainDN = ((LdapDomain) domain).getDN();
/*
* ====================================
* create the main dynamic group entry
* ====================================
*/
ZMutableEntry entry = LdapClient.createMutableEntry();
entry.mapToAttrs(groupAttrs);
Set<String> ocs = LdapObjectClass.getGroupObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String zimbraId = LdapUtil.generateUUID();
// create a UUID for the static unit entry
String staticUnitZimbraId = LdapUtil.generateUUID();
String createTimestamp = LdapDateUtil.toGeneralizedTime(new Date());
entry.setAttr(A_zimbraId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
entry.setAttr(A_mail, groupAddress);
entry.setAttr(A_dgIdentity, LC.zimbra_ldap_userdn.value());
// unlike accounts (which have a zimbraMailDeliveryAddress for the primary,
// and zimbraMailAliases only for aliases), DLs use zimbraMailAlias for both.
// Postfix uses these two attributes to route mail, and zimbraMailDeliveryAddress
// indicates that something has a physical mailbox, which DLs don't.
entry.setAttr(A_zimbraMailAlias, groupAddress);
/*
// allow only users in the same domain
String memberURL = String.format("ldap:///%s??one?(zimbraMemberOf=%s)",
mDIT.domainDNToAccountBaseDN(domainDN), groupAddress);
*/
String specifiedIsACLGroup = entry.getAttrString(A_zimbraIsACLGroup);
boolean isACLGroup;
if (!entry.hasAttribute(A_memberURL)) {
String memberURL = LdapDynamicGroup.getDefaultMemberURL(zimbraId, staticUnitZimbraId);
entry.setAttr(Provisioning.A_memberURL, memberURL);
// or specified to be TRUE;
if (specifiedIsACLGroup == null) {
entry.setAttr(A_zimbraIsACLGroup, ProvisioningConstants.TRUE);
} else if (ProvisioningConstants.FALSE.equals(specifiedIsACLGroup)) {
throw ServiceException.INVALID_REQUEST("No custom " + A_memberURL + " is provided, " + A_zimbraIsACLGroup + " cannot be set to FALSE", null);
}
isACLGroup = true;
} else {
// We want to be able to use dynamic groups as ACLs, for instance when sharing a folder with a group
// This used to be disallowed via a requirement that zimbraIsACLGroup be specified and set to FALSE.
// That requirement has been dropped.
isACLGroup = !ProvisioningConstants.FALSE.equals(specifiedIsACLGroup);
}
// by default a dynamic group is always created enabled
if (!entry.hasAttribute(Provisioning.A_zimbraMailStatus)) {
entry.setAttr(A_zimbraMailStatus, MAIL_STATUS_ENABLED);
}
String mailStatus = entry.getAttrString(A_zimbraMailStatus);
entry.setAttr(A_cn, localPart);
// entry.setAttr(A_uid, localPart); need to use uid if we move dynamic groups to the ou=people tree
setGroupHomeServer(entry, creator);
String dn = mDIT.dynamicGroupNameLocalPartToDN(localPart, domainDN);
entry.setDN(dn);
zlc.createEntry(entry);
if (isACLGroup) {
/*
* ===========================================================
* create the dynamic group unit entry, for internal addresses
* ===========================================================
*/
String dynamicUnitLocalpart = dynamicGroupDynamicUnitLocalpart(localPart);
String dynamicUnitAddr = EmailAddress.getAddress(dynamicUnitLocalpart, domainName);
entry = LdapClient.createMutableEntry();
ocs = LdapObjectClass.getGroupDynamicUnitObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
String dynamicUnitZimbraId = LdapUtil.generateUUID();
entry.setAttr(A_cn, DYNAMIC_GROUP_DYNAMIC_UNIT_NAME);
entry.setAttr(A_zimbraId, dynamicUnitZimbraId);
// id of the main group
entry.setAttr(A_zimbraGroupId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
entry.setAttr(A_mail, dynamicUnitAddr);
entry.setAttr(A_zimbraMailAlias, dynamicUnitAddr);
entry.setAttr(A_zimbraMailStatus, mailStatus);
entry.setAttr(A_dgIdentity, LC.zimbra_ldap_userdn.value());
// id of the main group
String memberURL = LdapDynamicGroup.getDefaultDynamicUnitMemberURL(zimbraId);
entry.setAttr(Provisioning.A_memberURL, memberURL);
String dynamicUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_DYNAMIC_UNIT_NAME, dn);
entry.setDN(dynamicUnitDN);
zlc.createEntry(entry);
/*
* ==========================================================
* create the static group unit entry, for external addresses
* ==========================================================
*/
entry = LdapClient.createMutableEntry();
ocs = LdapObjectClass.getGroupStaticUnitObjectClasses(this);
entry.addAttr(A_objectClass, ocs);
entry.setAttr(A_cn, DYNAMIC_GROUP_STATIC_UNIT_NAME);
entry.setAttr(A_zimbraId, staticUnitZimbraId);
// id of the main group
entry.setAttr(A_zimbraGroupId, zimbraId);
entry.setAttr(A_zimbraCreateTimestamp, createTimestamp);
String staticUnitDN = mDIT.dynamicGroupUnitNameToDN(DYNAMIC_GROUP_STATIC_UNIT_NAME, dn);
entry.setDN(staticUnitDN);
zlc.createEntry(entry);
}
/*
* all is well, get the group by id
*/
DynamicGroup group = getDynamicGroupBasic(DistributionListBy.id, zimbraId, zlc);
if (group != null) {
AttributeManager.getInstance().postModify(groupAttrs, group, callbackContext);
removeExternalAddrsFromAllDynamicGroups(group.getAllAddrsSet(), zlc);
allDLs.addGroup(group);
} else {
throw ServiceException.FAILURE("unable to get dynamic group after creating LDAP entry: " + groupAddress, null);
}
return group;
} catch (LdapEntryAlreadyExistException nabe) {
throw AccountServiceException.DISTRIBUTION_LIST_EXISTS(groupAddress);
} catch (LdapException e) {
throw e;
} catch (AccountServiceException e) {
throw e;
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZMutableEntry(com.zimbra.cs.ldap.ZMutableEntry)
DynamicGroup(com.zimbra.cs.account.DynamicGroup)
LdapDynamicGroup(com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)
LdapEntryAlreadyExistException(com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
EmailAddress(com.zimbra.cs.account.names.NameUtil.EmailAddress)
Date(java.util.Date)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
CallbackContext(com.zimbra.cs.account.callback.CallbackContext)
LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain)
Domain(com.zimbra.cs.account.Domain)
LdapException(com.zimbra.cs.ldap.LdapException)
Example 30 with ZLdapContext
use of com.zimbra.cs.ldap.ZLdapContext in project zm-mailbox by Zimbra.
the class LdapProvisioning method deleteXMPPComponent.
@Override
public void deleteXMPPComponent(XMPPComponent comp) throws ServiceException {
String zimbraId = comp.getId();
ZLdapContext zlc = null;
LdapXMPPComponent l = (LdapXMPPComponent) get(Key.XMPPComponentBy.id, zimbraId);
try {
zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.DELETE_XMPPCOMPONENT);
zlc.deleteEntry(l.getDN());
xmppComponentCache.remove(l);
} catch (ServiceException e) {
throw ServiceException.FAILURE("unable to purge XMPPComponent : " + zimbraId, e);
} finally {
LdapClient.closeContext(zlc);
}
}
Also used :
ZLdapContext(com.zimbra.cs.ldap.ZLdapContext)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
LdapXMPPComponent(com.zimbra.cs.account.ldap.entry.LdapXMPPComponent)
Aggregations
ZLdapContext (com.zimbra.cs.ldap.ZLdapContext)112
ServiceException (com.zimbra.common.service.ServiceException)51
AccountServiceException (com.zimbra.cs.account.AccountServiceException)48
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)46
LdapEntryAlreadyExistException (com.zimbra.cs.ldap.LdapException.LdapEntryAlreadyExistException)21
LdapException (com.zimbra.cs.ldap.LdapException)20
ZMutableEntry (com.zimbra.cs.ldap.ZMutableEntry)18
Domain (com.zimbra.cs.account.Domain)17
CallbackContext (com.zimbra.cs.account.callback.CallbackContext)14
Date (java.util.Date)14
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)12
HashMap (java.util.HashMap)12
LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)11
SearchLdapOptions (com.zimbra.cs.ldap.SearchLdapOptions)11
Account (com.zimbra.cs.account.Account)9
LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)8
ZLdapFilter (com.zimbra.cs.ldap.ZLdapFilter)8
GuestAccount (com.zimbra.cs.account.GuestAccount)7
LdapAccount (com.zimbra.cs.account.ldap.entry.LdapAccount)7
ZSearchResultEntry (com.zimbra.cs.ldap.ZSearchResultEntry)7
