'DAV ACL's... li'l help?
I've been following this thread from before my time here: http://comments.gmane.org/gmane.comp.macosx.calendarserver.user/582 I've been trying the Mulberry bit with these instructions: http://trac.mulberrymail.com/mulberry/wiki/apple_calendar_server But they don't correspond with the options in my version of the program (4.0.8v). So: Is there another way to edit DAV ACL's that people have used or can somebody who's used Mulberry to do so point me in the right direction? Basically the issue I'm dealing with is I've got around 20 users who each need to be able to subscribe to each other's calendars in iCal. We're on a beater PC running BSD so we're pretty much stuck with the XML directory service. I understand the way to deal with this is either with delegation or editing the ACL's. If anyone has another way in mind I'll try that too. Cheers, tack
Tack- The problem I was having was that I was using the wrong path. My current settings which seem to work fine are: path = "/calendars/" login as admin... Then edit the calendar for which you want to grant permission on. For example, to steal Cyrus' wording: To give read read access on user02's calendar to user01: If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access. It worked for me... On Fri, Feb 15, 2008 at 5:03 PM, tack <tack@tractionco.com> wrote:
I've been following this thread from before my time here:
http://comments.gmane.org/gmane.comp.macosx.calendarserver.user/582
I've been trying the Mulberry bit with these instructions:
http://trac.mulberrymail.com/mulberry/wiki/apple_calendar_server
But they don't correspond with the options in my version of the program (4.0.8v).
So: Is there another way to edit DAV ACL's that people have used or can somebody who's used Mulberry to do so point me in the right direction?
Basically the issue I'm dealing with is I've got around 20 users who each need to be able to subscribe to each other's calendars in iCal. We're on a beater PC running BSD so we're pretty much stuck with the XML directory service. I understand the way to deal with this is either with delegation or editing the ACL's. If anyone has another way in mind I'll try that too.
Cheers, tack _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Thanks Stephen. I can't get to the point where I connect to DCS in Mulberry is the biggest obstacle. Which is why I'm looking for other DAV admin type apps or clearer documentation for Mulberry. Could be even that I'm using some ancient version. That might be a little off-topic for this list, though I thought many here would have looked this same stuff up too. Cheers, tack On Feb 15, 2008, at 3:27 PM, Stephen Bowman wrote:
Tack-
The problem I was having was that I was using the wrong path. My current settings which seem to work fine are:
path = "/calendars/" login as admin...
Then edit the calendar for which you want to grant permission on. For example, to steal Cyrus' wording:
To give read read access on user02's calendar to user01:
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access.
It worked for me...
On Fri, Feb 15, 2008 at 5:03 PM, tack <tack@tractionco.com> wrote: I've been following this thread from before my time here:
http://comments.gmane.org/gmane.comp.macosx.calendarserver.user/582
I've been trying the Mulberry bit with these instructions:
http://trac.mulberrymail.com/mulberry/wiki/apple_calendar_server
But they don't correspond with the options in my version of the program (4.0.8v).
So: Is there another way to edit DAV ACL's that people have used or can somebody who's used Mulberry to do so point me in the right direction?
Basically the issue I'm dealing with is I've got around 20 users who each need to be able to subscribe to each other's calendars in iCal. We're on a beater PC running BSD so we're pretty much stuck with the XML directory service. I understand the way to deal with this is either with delegation or editing the ACL's. If anyone has another way in mind I'll try that too.
Cheers, tack _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
New account of type CalDav, put in admin credentials, server hostname only, under the options section set the path as I described below. Then it should connect and you can browse the directory structure of DCS to get to the calendar you want to edit principals on. I'm using Mulberry v4.0.8. On Feb 15, 2008 8:10 PM, tack <tack@tractionco.com> wrote:
Thanks Stephen.
I can't get to the point where I connect to DCS in Mulberry is the biggest obstacle. Which is why I'm looking for other DAV admin type apps or clearer documentation for Mulberry. Could be even that I'm using some ancient version.
That might be a little off-topic for this list, though I thought many here would have looked this same stuff up too.
Cheers, tack
On Feb 15, 2008, at 3:27 PM, Stephen Bowman wrote:
Tack-
The problem I was having was that I was using the wrong path. My current settings which seem to work fine are:
path = "/calendars/" login as admin...
Then edit the calendar for which you want to grant permission on. For example, to steal Cyrus' wording:
To give read read access on user02's calendar to user01:
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access.
It worked for me...
On Fri, Feb 15, 2008 at 5:03 PM, tack <tack@tractionco.com> wrote:
I've been following this thread from before my time here:
http://comments.gmane.org/gmane.comp.macosx.calendarserver.user/582
I've been trying the Mulberry bit with these instructions:
http://trac.mulberrymail.com/mulberry/wiki/apple_calendar_server
But they don't correspond with the options in my version of the program (4.0.8v).
So: Is there another way to edit DAV ACL's that people have used or can somebody who's used Mulberry to do so point me in the right direction?
Basically the issue I'm dealing with is I've got around 20 users who each need to be able to subscribe to each other's calendars in iCal. We're on a beater PC running BSD so we're pretty much stuck with the XML directory service. I understand the way to deal with this is either with delegation or editing the ACL's. If anyone has another way in mind I'll try that too.
Cheers, tack _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Got it. Thanks. Now I can log in and browse to the users within / calendars, but not further down to the calendars I want to set the ACLs on. I'm thinking that my admin user isn't really an admin. I got the guid URL from the /principals/users/admin/ collection listing and pasted it in my caldavd.plist as follows: <key>AdminPrincipals</key> <array> <string>/principals/__uids__/XXX/</string> </array> restarted the server and I still can't drill down to calendars so I can set the ACLs on them. Something I'm missing on AdminPrincipals? Cheers, tack On Feb 16, 2008, at 5:12 AM, Stephen Bowman wrote:
New account of type CalDav, put in admin credentials, server hostname only, under the options section set the path as I described below. Then it should connect and you can browse the directory structure of DCS to get to the calendar you want to edit principals on.
The problem I was having was that I was using the wrong path. My current settings which seem to work fine are:
path = "/calendars/" login as admin...
Then edit the calendar for which you want to grant permission on. For example, to steal Cyrus' wording:
To give read read access on user02's calendar to user01:
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access.
It worked for me...
And this is console output from when I try to navigate to somebody's calendar: 2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] 'No principal found for UID: admin' 2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] "Attempt to create clone '/www/calendar/CalendarServer/twistedcaldav/test/data/principals/ __uids__/admin' of resource <DirectoryPrincipalUIDProvisioningResource: /www/calendar/ CalendarServer/twistedcaldav/test/data/principals/__uids__>" Cheers, tack On Feb 18, 2008, at 3:35 PM, tack wrote:
Got it. Thanks. Now I can log in and browse to the users within / calendars, but not further down to the calendars I want to set the ACLs on.
I'm thinking that my admin user isn't really an admin. I got the guid URL from the /principals/users/admin/ collection listing and pasted it in my caldavd.plist as follows:
<key>AdminPrincipals</key> <array> <string>/principals/__uids__/XXX/</string> </array>
restarted the server and I still can't drill down to calendars so I can set the ACLs on them. Something I'm missing on AdminPrincipals?
Cheers, tack
On Feb 16, 2008, at 5:12 AM, Stephen Bowman wrote:
New account of type CalDav, put in admin credentials, server hostname only, under the options section set the path as I described below. Then it should connect and you can browse the directory structure of DCS to get to the calendar you want to edit principals on.
The problem I was having was that I was using the wrong path. My current settings which seem to work fine are:
path = "/calendars/" login as admin...
Then edit the calendar for which you want to grant permission on. For example, to steal Cyrus' wording:
To give read read access on user02's calendar to user01:
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access.
It worked for me...
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Hi tack, --On February 18, 2008 4:32:54 PM -0800 tack <tack@tractionco.com> wrote:
And this is console output from when I try to navigate to somebody's calendar:
2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] 'No principal found for UID: admin' 2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] "Attempt to create clone '/www/calendar/CalendarServer/twistedcaldav/test/data/principals/ __uids__/admin' of resource <DirectoryPrincipalUIDProvisioningResource: /www/calendar/ CalendarServer/twistedcaldav/test/data/principals/__uids__>"
What exactly do you have in your accounts.xml? Perhaps you can attach that and caldavd.plist (though wipe out any passwords in the XML file first). -- Cyrus Daboo
Attached. I had to sanitize name and cuaddr values... but they were all unique and the cuaddrs were working email accts. Cheers, tack On Feb 18, 2008, at 4:57 PM, Cyrus Daboo wrote:
Hi tack,
--On February 18, 2008 4:32:54 PM -0800 tack <tack@tractionco.com> wrote:
And this is console output from when I try to navigate to somebody's calendar:
2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] 'No principal found for UID: admin' 2008-02-18 16:30:37-0800 [-] [caldav-8008] [-] "Attempt to create clone '/www/calendar/CalendarServer/twistedcaldav/test/data/ principals/ __uids__/admin' of resource <DirectoryPrincipalUIDProvisioningResource: /www/calendar/ CalendarServer/twistedcaldav/test/data/principals/__uids__>"
What exactly do you have in your accounts.xml? Perhaps you can attach that and caldavd.plist (though wipe out any passwords in the XML file first).
-- Cyrus Daboo
participants (3)
-
Cyrus Daboo
-
Stephen Bowman
-
tack