Actually, the LDAP implementation for the restrictToGroup feature is pretty broken. I just checked in a fix: https://trac.calendarserver.org/changeset/9741/CalendarServer/trunk On Aug 23, 2012, at 8:43 AM, Morgen Sagen <morgen@apple.com> wrote:
This looks like a bug. The LDAP server we test against has an LDAP attribute specifically for nested groups, so we've not run into this problem. If you want to fix ldapdirectory.py by hand you could add "nestedGroups = []" just above the "if len(result) == 1" line in the restrictedGUIDs( ) method, and make sure the new line is at the same indention as the "if" statement. I'll fix this in svn.
On Aug 23, 2012, at 8:32 AM, tobiasbp <tobiasbp@gmail.com> wrote:
I'm running calendarserver 3.2 with the packages available in Debian Wheezy (Unstable). I have my users and groups in LDAP.
I can list my users and groups using the command "calendarserver_manage_principals".
I would like to restrict calendar users to members of group "calendar_admins"
I update my caldavd.plist liek this:
<key>restrictEnabledRecords</key> <true/> <key>restrictToGroup</key> <string>calendar_admins</string>
After the change, I can no longer list my users:
su caldavd -p -c "calendarserver_manage_principals --list-principals users"
Traceback (most recent call last): File "/usr/bin/calendarserver_manage_principals", line 32, in <module> main() File "/usr/lib/python2.7/dist-packages/calendarserver/tools/principals.py", line 303, in main records = list(config.directory.listRecords(listPrincipals)) File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py", line 115, in listRecords records = self._query("listRecords", recordType) File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py", line 192, in _query *[a[len(service.recordTypePrefix):] for a in args] File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py", line 320, in listRecords if self.restrictedGUIDs is not None: File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py", line 525, in restrictedGUIDs self._cachedRestrictedGUIDs = set(self._expandGroupMembership(members, nestedGroups, returnGroups=True)) UnboundLocalError: local variable 'nestedGroups' referenced before assignment
Turning off restrictEnabledRecords again like this lets me list my users again: <key>restrictEnabledRecords</key> <false/>
Any ideas? Looks like a bug to me. _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo/calendarserver-users