use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.
the class LdapProvisioning method searchContainingDynamicGroupIdsForExternalAddress.
/*
* returns zimbraId of dynamic groups containing addr as an external member.
*/
private Set<String> searchContainingDynamicGroupIdsForExternalAddress(String addr, ZLdapContext initZlc) {
final Set<String> groupIds = Sets.newHashSet();
SearchLdapVisitor visitor = new SearchLdapVisitor(false) {
@Override
public void visit(String dn, IAttributes ldapAttrs) throws StopIteratingException {
String groupId = null;
try {
groupId = ldapAttrs.getAttrString(A_zimbraGroupId);
} catch (ServiceException e) {
ZimbraLog.account.warn("unable to get attr", e);
}
if (groupId != null) {
groupIds.add(groupId);
}
}
};
ZLdapContext zlc = initZlc;
try {
if (zlc == null) {
zlc = LdapClient.getContext(LdapServerType.REPLICA, LdapUsage.SEARCH);
}
String base = mDIT.mailBranchBaseDN();
ZLdapFilter filter = filterFactory.dynamicGroupsStaticUnitByMemberAddr(addr);
SearchLdapOptions searchOptions = new SearchLdapOptions(base, filter, new String[] { A_zimbraGroupId }, SearchLdapOptions.SIZE_UNLIMITED, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
zlc.searchPaged(searchOptions);
} catch (ServiceException e) {
ZimbraLog.account.warn("unable to search dynamic groups for guest acct", e);
} finally {
if (initZlc == null) {
LdapClient.closeContext(zlc);
}
}
return groupIds;
}
use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.
the class LdapProvisioning method searchDirectoryInternal.
private List<NamedEntry> searchDirectoryInternal(SearchDirectoryOptions options, NamedEntry.Visitor visitor) throws ServiceException {
Set<ObjectType> types = options.getTypes();
if (types == null) {
throw ServiceException.INVALID_REQUEST("missing types", null);
}
/*
* base
*/
Domain domain = options.getDomain();
String[] bases = null;
if (options.getTypes().contains(ObjectType.habgroups)) {
bases = new String[1];
bases[0] = options.getHabRootGroupDn();
} else {
bases = getSearchBases(domain, types);
}
/*
* filter
*/
int flags = options.getTypesAsFlags();
ZLdapFilter filter = options.getFilter();
String filterStr = options.getFilterString();
// exact one of filter or filterString has to be set
if (filter != null && filterStr != null) {
throw ServiceException.INVALID_REQUEST("only one of filter or filterString can be set", null);
}
if (filter == null) {
if (options.getConvertIDNToAscii() && !Strings.isNullOrEmpty(filterStr)) {
filterStr = LdapEntrySearchFilter.toLdapIDNFilter(filterStr);
}
// prepend objectClass filters
String objectClass = getObjectClassQuery(flags);
if (filterStr == null || filterStr.equals("")) {
filterStr = objectClass;
} else {
if (filterStr.startsWith("(") && filterStr.endsWith(")")) {
filterStr = "(&" + objectClass + filterStr + ")";
} else {
filterStr = "(&" + objectClass + "(" + filterStr + ")" + ")";
}
}
FilterId filterId = options.getFilterId();
if (filterId == null) {
throw ServiceException.INVALID_REQUEST("missing filter id", null);
}
filter = filterFactory.fromFilterString(options.getFilterId(), filterStr);
}
if (domain != null && !InMemoryLdapServer.isOn()) {
boolean groupsTree = false;
boolean peopleTree = false;
if (types.contains(ObjectType.dynamicgroups)) {
groupsTree = true;
}
if (types.contains(ObjectType.accounts) || types.contains(ObjectType.aliases) || types.contains(ObjectType.distributionlists) || types.contains(ObjectType.resources)) {
peopleTree = true;
}
if (groupsTree && peopleTree) {
ZLdapFilter dnSubtreeMatchFilter = ((LdapDomain) domain).getDnSubtreeMatchFilter();
filter = filterFactory.andWith(filter, dnSubtreeMatchFilter);
}
}
/*
* return attrs
*/
String[] returnAttrs = fixReturnAttrs(options.getReturnAttrs(), flags);
return searchObjects(bases, filter, returnAttrs, options, visitor);
}
use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.
the class LdapProvisioning method addressExistsUnderDN.
/*
* returns if any one of addrs is an email address under the specified baseDN
*/
private boolean addressExistsUnderDN(ZLdapContext zlc, String baseDN, String[] addrs) throws ServiceException {
ZLdapFilter filter = filterFactory.addrsExist(addrs);
ZSearchControls searchControls = ZSearchControls.createSearchControls(ZSearchScope.SEARCH_SCOPE_SUBTREE, 1, null);
try {
long count = helper.countEntries(baseDN, filter, searchControls, zlc, LdapServerType.MASTER);
return count > 0;
} catch (LdapSizeLimitExceededException e) {
return true;
}
}
use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.
the class LdapProvisioning method searchAccountsOnServerInternal.
private List<NamedEntry> searchAccountsOnServerInternal(Server server, SearchAccountsOptions options, NamedEntry.Visitor visitor) throws ServiceException {
// filter cannot be set
if (options.getFilter() != null || options.getFilterString() != null) {
throw ServiceException.INVALID_REQUEST("cannot set filter for searchAccountsOnServer", null);
}
if (server == null) {
throw ServiceException.INVALID_REQUEST("missing server", null);
}
IncludeType includeType = options.getIncludeType();
/*
* This is the ONLY place where search filter can be affected by domain, because
* we have to support custom DIT where account/cr entries are NOT populated under
* the domain tree. In our default LdapDIT implementation, domain is always
* ignored in the filterXXX(domain, server) calls.
*
* Would be great if we don't have to support custom DIT someday.
*/
Domain domain = options.getDomain();
ZLdapFilter filter;
if (includeType == IncludeType.ACCOUNTS_AND_CALENDAR_RESOURCES) {
filter = mDIT.filterAccountsByDomainAndServer(domain, server);
} else if (includeType == IncludeType.ACCOUNTS_ONLY) {
filter = mDIT.filterAccountsOnlyByDomainAndServer(domain, server);
} else {
filter = mDIT.filterCalendarResourceByDomainAndServer(domain, server);
}
options.setFilter(filter);
return searchDirectoryInternal(options, visitor);
}
use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.
the class AutoProvisionEager method lockDomain.
private boolean lockDomain(ZLdapContext zlc) throws ServiceException {
Server localServer = prov.getLocalServer();
ZLdapFilter filter = ZLdapFilterFactory.getInstance().domainLockedForEagerAutoProvision();
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraAutoProvLock, localServer.getId());
boolean gotLock = prov.getHelper().testAndModifyEntry(zlc, ((LdapEntry) domain).getDN(), filter, attrs, domain);
// need to refresh the domain entry, because this modify is not done via the normal
// LdapProvisioning.modifyAttr path.
prov.reload(domain, true);
ZimbraLog.autoprov.debug("lock domain %s", gotLock ? "successful" : "failed");
return gotLock;
}
Aggregations