Examples with ZLdapFilter com.zimbra.cs.ldap.ZLdapFilter used on opensource projects

Example 66 with ZLdapFilter

use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.

the class LdapProvisioning method searchContainingDynamicGroupIdsForExternalAddress.

/*
     * returns zimbraId of dynamic groups containing addr as an external member.
     */
private Set<String> searchContainingDynamicGroupIdsForExternalAddress(String addr, ZLdapContext initZlc) {
    final Set<String> groupIds = Sets.newHashSet();
    SearchLdapVisitor visitor = new SearchLdapVisitor(false) {

        @Override
        public void visit(String dn, IAttributes ldapAttrs) throws StopIteratingException {
            String groupId = null;
            try {
                groupId = ldapAttrs.getAttrString(A_zimbraGroupId);
            } catch (ServiceException e) {
                ZimbraLog.account.warn("unable to get attr", e);
            }
            if (groupId != null) {
                groupIds.add(groupId);
            }
        }
    };
    ZLdapContext zlc = initZlc;
    try {
        if (zlc == null) {
            zlc = LdapClient.getContext(LdapServerType.REPLICA, LdapUsage.SEARCH);
        }
        String base = mDIT.mailBranchBaseDN();
        ZLdapFilter filter = filterFactory.dynamicGroupsStaticUnitByMemberAddr(addr);
        SearchLdapOptions searchOptions = new SearchLdapOptions(base, filter, new String[] { A_zimbraGroupId }, SearchLdapOptions.SIZE_UNLIMITED, null, ZSearchScope.SEARCH_SCOPE_SUBTREE, visitor);
        zlc.searchPaged(searchOptions);
    } catch (ServiceException e) {
        ZimbraLog.account.warn("unable to search dynamic groups for guest acct", e);
    } finally {
        if (initZlc == null) {
            LdapClient.closeContext(zlc);
        }
    }
    return groupIds;
}

Example 67 with ZLdapFilter

use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.

the class LdapProvisioning method searchDirectoryInternal.

private List<NamedEntry> searchDirectoryInternal(SearchDirectoryOptions options, NamedEntry.Visitor visitor) throws ServiceException {
    Set<ObjectType> types = options.getTypes();
    if (types == null) {
        throw ServiceException.INVALID_REQUEST("missing types", null);
    }
    /*
         * base
         */
    Domain domain = options.getDomain();
    String[] bases = null;
    if (options.getTypes().contains(ObjectType.habgroups)) {
        bases = new String[1];
        bases[0] = options.getHabRootGroupDn();
    } else {
        bases = getSearchBases(domain, types);
    }
    /*
         * filter
         */
    int flags = options.getTypesAsFlags();
    ZLdapFilter filter = options.getFilter();
    String filterStr = options.getFilterString();
    // exact one of filter or filterString has to be set
    if (filter != null && filterStr != null) {
        throw ServiceException.INVALID_REQUEST("only one of filter or filterString can be set", null);
    }
    if (filter == null) {
        if (options.getConvertIDNToAscii() && !Strings.isNullOrEmpty(filterStr)) {
            filterStr = LdapEntrySearchFilter.toLdapIDNFilter(filterStr);
        }
        // prepend objectClass filters
        String objectClass = getObjectClassQuery(flags);
        if (filterStr == null || filterStr.equals("")) {
            filterStr = objectClass;
        } else {
            if (filterStr.startsWith("(") && filterStr.endsWith(")")) {
                filterStr = "(&" + objectClass + filterStr + ")";
            } else {
                filterStr = "(&" + objectClass + "(" + filterStr + ")" + ")";
            }
        }
        FilterId filterId = options.getFilterId();
        if (filterId == null) {
            throw ServiceException.INVALID_REQUEST("missing filter id", null);
        }
        filter = filterFactory.fromFilterString(options.getFilterId(), filterStr);
    }
    if (domain != null && !InMemoryLdapServer.isOn()) {
        boolean groupsTree = false;
        boolean peopleTree = false;
        if (types.contains(ObjectType.dynamicgroups)) {
            groupsTree = true;
        }
        if (types.contains(ObjectType.accounts) || types.contains(ObjectType.aliases) || types.contains(ObjectType.distributionlists) || types.contains(ObjectType.resources)) {
            peopleTree = true;
        }
        if (groupsTree && peopleTree) {
            ZLdapFilter dnSubtreeMatchFilter = ((LdapDomain) domain).getDnSubtreeMatchFilter();
            filter = filterFactory.andWith(filter, dnSubtreeMatchFilter);
        }
    }
    /*
         * return attrs
         */
    String[] returnAttrs = fixReturnAttrs(options.getReturnAttrs(), flags);
    return searchObjects(bases, filter, returnAttrs, options, visitor);
}

Example 68 with ZLdapFilter

use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.

the class LdapProvisioning method addressExistsUnderDN.

/*
     * returns if any one of addrs is an email address under the specified baseDN
     */
private boolean addressExistsUnderDN(ZLdapContext zlc, String baseDN, String[] addrs) throws ServiceException {
    ZLdapFilter filter = filterFactory.addrsExist(addrs);
    ZSearchControls searchControls = ZSearchControls.createSearchControls(ZSearchScope.SEARCH_SCOPE_SUBTREE, 1, null);
    try {
        long count = helper.countEntries(baseDN, filter, searchControls, zlc, LdapServerType.MASTER);
        return count > 0;
    } catch (LdapSizeLimitExceededException e) {
        return true;
    }
}

Example 69 with ZLdapFilter

use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.

the class LdapProvisioning method searchAccountsOnServerInternal.

private List<NamedEntry> searchAccountsOnServerInternal(Server server, SearchAccountsOptions options, NamedEntry.Visitor visitor) throws ServiceException {
    // filter cannot be set
    if (options.getFilter() != null || options.getFilterString() != null) {
        throw ServiceException.INVALID_REQUEST("cannot set filter for searchAccountsOnServer", null);
    }
    if (server == null) {
        throw ServiceException.INVALID_REQUEST("missing server", null);
    }
    IncludeType includeType = options.getIncludeType();
    /*
         * This is the ONLY place where search filter can be affected by domain, because
         * we have to support custom DIT where account/cr entries are NOT populated under
         * the domain tree.  In our default LdapDIT implementation, domain is always
         * ignored in the filterXXX(domain, server) calls.
         *
         * Would be great if we don't have to support custom DIT someday.
         */
    Domain domain = options.getDomain();
    ZLdapFilter filter;
    if (includeType == IncludeType.ACCOUNTS_AND_CALENDAR_RESOURCES) {
        filter = mDIT.filterAccountsByDomainAndServer(domain, server);
    } else if (includeType == IncludeType.ACCOUNTS_ONLY) {
        filter = mDIT.filterAccountsOnlyByDomainAndServer(domain, server);
    } else {
        filter = mDIT.filterCalendarResourceByDomainAndServer(domain, server);
    }
    options.setFilter(filter);
    return searchDirectoryInternal(options, visitor);
}

Example 70 with ZLdapFilter

use of com.zimbra.cs.ldap.ZLdapFilter in project zm-mailbox by Zimbra.

the class AutoProvisionEager method lockDomain.

private boolean lockDomain(ZLdapContext zlc) throws ServiceException {
    Server localServer = prov.getLocalServer();
    ZLdapFilter filter = ZLdapFilterFactory.getInstance().domainLockedForEagerAutoProvision();
    Map<String, Object> attrs = new HashMap<String, Object>();
    attrs.put(Provisioning.A_zimbraAutoProvLock, localServer.getId());
    boolean gotLock = prov.getHelper().testAndModifyEntry(zlc, ((LdapEntry) domain).getDN(), filter, attrs, domain);
    // need to refresh the domain entry, because this modify is not done via the normal
    // LdapProvisioning.modifyAttr path.
    prov.reload(domain, true);
    ZimbraLog.autoprov.debug("lock domain %s", gotLock ? "successful" : "failed");
    return gotLock;
}