Added page "ConfiguringLDAP" by sagen@apple.com from 17.224.21.17* Page URL: <http://trac.calendarserver.org/wiki/ConfiguringLDAP> Content: -------8<------8<------8<------8<------8<------8<------8<------8<-------- By default, Calendar Server fetches users and groups from the configured directory service, and locations and resources from a local XML file. If you would like all four record types to come out of LDAP, modify the caldavd.plist as follows: 1) Disable the resource/location XML service by changing "ResourceService > Enabled" to false: {{{ <key>ResourceService</key> <dict> <key>Enabled</key> <false/> }}} 2) Add a "recordTypes" array to the "DirectoryService > params" dictionary, as well as configuring the DN's and attributes your LDAP server uses. Each record type has an RDN (the dn relative to your base dn), and a mapping of calendar server record field names to LDAP attributes: {{{ <key>DirectoryService</key> <dict> <key>type</key> <string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string> <key>params</key> <dict> <key>recordTypes</key> <array> <string>users</string> <string>groups</string> <string>locations</string> <string>resources</string> </array> <key>cacheTimeout</key> <integer>10</integer> <key>uri</key> <string>ldap://ldapserver.example.com/</string> <!-- your ldap server url --> <key>tls</key> <false/> <key>tlsCACertFile</key> <string></string> <key>tlsCACertDir</key> <string></string> <key>tlsRequireCert</key> <string>never</string> <key>credentials</key> <dict> <key>dn</key> <string>uid=admin,ou=people,o=example.com</string> <!-- dn to auth as --> <key>password</key> <string>PASSWORD</string> <!-- password to auth with --> </dict> <key>rdnSchema</key> <dict> <key>base</key> <string>o=example.com</string> <!-- your base dn --> <key>guidAttr</key> <string>GUID</string> <!-- LDAP attribute used for GUIDs --> <key>users</key> <dict> <key>rdn</key> <string>ou=people</string> <!-- dn for users (relative to base dn) --> <key>mapping</key> <dict> <key>recordName</key> <string>uid</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> <string>mail</string> <string>mailAlias</string> </array> <key>firstName</key> <string>givenName</string> <key>lastName</key> <string>sn</string> </dict> </dict> <key>groups</key> <dict> <key>rdn</key> <string>ou=groups</string> <!-- dn for groups (relative to base dn) --> <key>mapping</key> <dict> <key>recordName</key> <string>cn</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> <string>mail</string> <string>mailAlias</string> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> <key>locations</key> <dict> <key>rdn</key> <string>ou=locations</string> <!-- dn for locations (relative to base dn) --> <key>mapping</key> <dict> <key>recordName</key> <string>cn</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> <key>resources</key> <dict> <key>rdn</key> <string>ou=resources</string> <!-- dn for resources (relative to base dn) --> <key>mapping</key> <dict> <key>recordName</key> <string>cn</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> </dict> <key>groupSchema</key> <dict> <key>membersAttr</key> <string>uniqueMember</string> <!-- LDAP attribute which indicates members of a group --> <key>nestedGroupsAttr</key> <string></string> <key>memberIdAttr</key> <string></string> </dict> <key>resourceSchema</key> <dict> <key>resourceInfoAttr</key> <string></string> <key>autoScheduleAttr</key> <string></string> <key>autoScheduleEnabledValue</key> <string></string> <key>proxyAttr</key> <string></string> <key>readOnlyProxyAttr</key> <string></string> </dict> </dict> </dict> }}} -------8<------8<------8<------8<------8<------8<------8<------8<-------- * The IP shown here might not mean anything if the user or the server is behind a proxy. -- Calendar and Contacts Server </> HTTP/WebDAV/CalDAV Server This is an automated message. Someone at / added your email address to be notified of changes on ConfiguringLDAP. If it was not you, please report to .