Here is the DirectoryService config that worked for me. This works on CalendarServer trunk (checked out on 2012-12-22). Your mileage may vary. <key>DirectoryService</key> <dict> <key>type</key> <string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string> <key>params</key> <dict> <key>recordTypes</key> <array> <string>users</string> <string>groups</string> <!-- <string>locations</string> <string>resources</string> --> </array> <key>cacheTimeout</key> <integer>10</integer> <key>uri</key> <string>ldap://active.directory.server.com:389/</string> <key>tls</key> <false/> <key>tlsCACertFile</key> <string></string> <key>tlsCACertDir</key> <string></string> <key>tlsRequireCert</key> <string>never</string> <key>credentials</key> <dict> <key>dn</key> <string>cn=ad_lookup_user,cn=Users,dc=domain,dc=tld</string> <key>password</key> <string>ad_lookup_user_password</string> </dict> <key>rdnSchema</key> <dict> <key>base</key> <string>cn=Users,dc=domain,dc=tld</string> <key>guidAttr</key> <string>sAMAccountName</string> <key>users</key> <dict> <key>filter</key> <string>(objectClass=user)</string> <key>rdn</key> <string></string> <key>mapping</key> <dict> <key>recordName</key> <string>sAMAccountName</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> <string>mail</string> <string>mailAlias</string> </array> <key>firstName</key> <string>givenName</string> <key>lastName</key> <string>sn</string> </dict> </dict> <key>groups</key> <dict> <key>rdn</key> <string></string> <key>filter</key> <string>(objectClass=group)</string> <key>mapping</key> <dict> <key>recordName</key> <string>sAMAccountName</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> <string>mail</string> <string>mailAlias</string> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> <key>locations</key> <dict> <key>rdn</key> <string>ou=locations</string> <key>mapping</key> <dict> <key>recordName</key> <string>cn</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> <key>resources</key> <dict> <key>rdn</key> <string>ou=resources</string> <key>mapping</key> <dict> <key>recordName</key> <string>cn</string> <key>fullName</key> <string>cn</string> <key>emailAddresses</key> <array> </array> <key>firstName</key> <string></string> <key>lastName</key> <string></string> </dict> </dict> </dict> <key>groupSchema</key> <dict> <key>membersAttr</key> <string>uniqueMember</string> <key>nestedGroupsAttr</key> <string></string> <key>memberIdAttr</key> <string></string> </dict> <key>resourceSchema</key> <dict> <key>resourceInfoAttr</key> <string></string> <key>autoAcceptGroupAttr</key> <string></string> <key>autoScheduleAttr</key> <string></string> <key>autoScheduleEnabledValue</key> <string></string> <key>proxyAttr</key> <string></string> <key>readOnlyProxyAttr</key> <string></string> </dict> </dict> </dict> On 11/28/2012 11:17 PM, Dennison Williams wrote:
I am currently trying to configure calendarserver to pull users and groups from Microsoft Active Directory and I am having a hard time figuring out the schema that is required for the mapping to the calendar server filed names. The documentation (http://trac.calendarserver.org/wiki/ConfiguringLDAP) does not clarify it for me either. Are the definitions one for one in the RFC (I have not read through that yet)?
For example:
<key>users</key> <dict> <key>rdn</key> <string></string> <!-- this is included in my basdn specified elsewhere --> <key>attr</key> <!-- this is the calendarserver field name ? --> <string>uid</string><!-- and this is the related field in the LDAP qurey results? If so how do I find out what it is expecting here? Is this a mapping to a UNIX uid? Im confused --> <key>emailSuffix</key> <!-- how is this used ? --> <string></string> <key>filter</key> <string></string> <!-- This would be the filter for filtering out all of the results we are not interested in right? --> </dict>
Thanks for any help! Dennison Williams