Hi I'm not a real expert, but I hope I can answer you a few questions Am 28.04.2009 um 16:10 schrieb Jochen Grotepass:

Hello List, please apologize for questions that might have been answered already. I read thru the list until August 2008 and did not find answers to my questions below.

Upfront some information on what I try to archive and what we have...

More than three years ago we went away from Exchange into a more multi-OS solution. We have different sort of OS - namely OSX (10.5.x), Debian (Sidux), Windows (XP). Our internal Calendarserver is right now a DavICal (formerly RSCDS) setup running on a Debian server. As one of the Mac users I was always looking into the progress of Calendarserver. We were now asked by some small companies and non-profit organization to provide Email and Calenderservice. Thats when I realized that meanwhile Debian has the Calendarserver Package. So I give it a try and installed it. Playing a bit arround I found it working. Right now, I use the XML-based accounts structure because the nss-ldap based implementation had too many issues related to our naming structure. Creating the accounts.xml automagically from the ldap directory for our users is a pretty easy task (except the Password ;) ) - so I gave that solution the first try.

Thats my way as well, I didn't manage to get the NSS-Thing working. So a wrote a shell script to create the account.xml from LDAP Database

Here now my questions:

1. Multidomain Calserver Based on the service we were asked for, we setup the Email service for an multi-domain scenario. Start to think how the Calendarserver might work with it, started the first questions. As far as I understand from the mailing list and some other internet sources, the caldavd.plist defines the location of the calendar files in the "DocumentRoot" Tag. Because I wanted to seperate the principals based on their domain to prevent security side effects I have had no idea at the first sight. So I thought about to setup different servers listening on different ports and use an apache reverse proxy to point to the propper service. Q: Is this a feasible plan or does anybody here has a better solution?

Security effects? What do you mean. My calendarserver is running on its own virtual server. I do not understand

2. Permissions I have read that giving read-permissions on user/group based calendars is a task that the client software should provide. We use currently Lightning (still 0.9 because of Thunderbird 2) and I have no chance to provide any permissions using this client. Q: Is there any command-line based tool that I can use? - If so, I would create an admin/user Interface to provide the permissions dialogue.

As I understand there is a way to set permissions with iCal e.g. but this is not implemented on server-side. There is a tool called ClientLibrary. Since a few days this tools allows kerberos-logins as well. But I haven't tried this out yet. If it works one can think of setting permission that are stored in LDAP

3. Authentication As of now, I used the Digest Authentication (not sure if Lightning provides Kerberos Authentication).

Digist is not good ;-) Lighning does Kerberos! You have to set network.negotiate...something to your caldav-URL

Every hour I got requested to provide a new Login via Lightning. As far as I have read thru the list, I knew that Lightning might not be the best solution because of still open bugs in the CalDav implementation. However the error I can see in the error log says that the "nonce value is invalid". Searching through google I have not found a solution yet. I use lighning on some machines with kerberos. And this is working very well

Q: Does anybody have a clue on these messages: 2009-04-28 13:44:11+0200 [-] [caldav-8008] [HTTPChannel, 240,127.0.0.1] 'Authentication failed: Digest credentials expired' 2009-04-28 13:44:11+0200 [-] [caldav-8008] [HTTPChannel, 241,127.0.0.1] PROPFIND /calendars/groups/Familie/calendar/ HTTP/1.1 2009-04-28 13:44:11+0200 [-] [caldav-8008] [HTTPChannel, 241,127.0.0.1] 'Authentication failed: Invalid nonce value: 19270429311356917781566817204'

4. iCal Client Error Because I wanted to play with the item 2 (Permissions) I tried to use the iCal client on my mac. Unfortunately I got an error that blocks me from creating that Calendar in iCal. The Error Message "Bei der Anfrage ist ein unerwarteter Fehler aufgetreten (Domain „CalDAV No Calendar Home Error“/Fehler 1)." (sorry for the German message) - keeps me away from testing with iCal. I checked in the access log and the error log and cannot see any difference in the path to the Lightnng URL. Q: Can somebody give me a hint what this error mean?

Maybe there is omething wrong in you accounts.xml or the path you have used is bad. The path you have to use in iCal differs from that in lightning. I'm using https://<hostname>:8443/principals/groups/e4/ in iCal but https://<hostname>:8443/calendars/groups/e4/<calendarname> in lightning

Sorry for the long list of questions. I would really like to use this package if I could see a clear path to solve my current issues/ challenges...

Thanks for any advice or hint that helps me to solve those questions...

I guess the docuentation is still bad. I have had lots of problems in the beginnin as well. I want to start using person-based calendars, not group based, but I'm still working on it. Do you have any expertise in this? Georg

Jochen

_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users