Calendar Sharing - ACLs?
pretty much default caldavd-dev.plist and accounts-test.xml (so there is users01-99, etc.). What I want is user01 to be able to subscribe (or have read only access at least) to user02's calendar, without knowing user02's login credentials.
From what I've read on the mailing list and other places, the only real way to do that right now is by setting webdav ACLs, and that the best client to do that in is mulberry.
So, I've installed mulberry, and attempt to edit access controls and I'm getting: 2008-01-10 09:02:01-0500 [-] [caldav-8181] [AMP,client] PROPFIND /principals/users/user01/calendar-proxy-read/ HTTP/1.1 2008-01-10 09:02:01-0500 [-] [caldav-8181] [-] "Error reading property ('DAV:', 'current-user-privilege-set') for resource /principals/users/user01/calendar-proxy-read/: <StatusResponse 401 Access denied while reading property {DAV:}current-user-privilege-set.>" 2008-01-10 09:02:01-0500 [-] [caldav-8181] [-] 401 response while getting property: ('DAV:', 'current-user-privilege-set') 2008-01-10 09:02:01-0500 [-] [caldav-8181] [AMP,client] PROPFIND /principals/users/user01/calendar-proxy-read/ HTTP/1.1 2008-01-10 09:02:01-0500 [-] [caldav-8181] [-] "Error reading property ('DAV:', 'acl') for resource /principals/users/user01/calendar-proxy-read/: <StatusResponse 401 Access denied while reading property {DAV:}acl.>" 2008-01-10 09:02:01-0500 [-] [caldav-8181] [-] 401 response while getting property: ('DAV:', 'acl') 1) Are ACLs the way to solve my problem? Or is there an easier way to support sharing? Would like to use delegation, but as I understand it, that can only be done by setting up an OD server, etc etc. 2) If ACLs are the way, what could be the problem above? File permissions don't seem to be the problem, as everything is caldavd:caldavd and the server is started up by user caldavd.
Hi Stephen, --On January 10, 2008 9:36:12 AM -0500 Stephen Bowman <sbbowman@gmail.com> wrote:
So, I've installed mulberry, and attempt to edit access controls and I'm getting:
2008-01-10 09:02:01-0500 [-] [caldav-8181] [AMP,client] PROPFIND /principals/users/user01
Not sure exactly what you were trying to edit there, but it looks like you were trying to edit ACLs on a principal resource, whereas what you really need to do is edit ACLs directly on the calendar you want to share. But note comments below...
1) Are ACLs the way to solve my problem? Or is there an easier way to support sharing? Would like to use delegation, but as I understand it, that can only be done by setting up an OD server, etc etc.
Delegation is the best way to do this. At present that is most easily setup using iCal and does require iCal bound to OD.
2) If ACLs are the way, what could be the problem above? File permissions don't seem to be the problem, as everything is caldavd:caldavd and the server is started up by user caldavd.
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access. (2) can be done using Mulberry but you do need to find the __uids__ URL for user01 - that can be done by using Safari to navigate to /principals/users/user01/ and looking at the resulting page. In my spare time I have been working on a little command line tool that will allow browsing of a WebDAV/CalDAV hierarchy, plus some direct manipulation of ACLs and delegates. This tool would allow you to easily set ACLs and delegates from the command line without the need to be bound to OD etc. I am hoping to push this tool out to the open source site soon. I'll post to this list once that happens. -- Cyrus Daboo
Hi Cyrus, Thanks for your response, you've helped tremendously. I figured out my problem with Mulberry as well thanks to your hint. The command line tool you are working on would be a huge help and greatly appreciated. Thanks, -Stephen On Jan 10, 2008 10:00 AM, Cyrus Daboo <cdaboo@apple.com> wrote:
Hi Stephen,
--On January 10, 2008 9:36:12 AM -0500 Stephen Bowman <sbbowman@gmail.com> wrote:
So, I've installed mulberry, and attempt to edit access controls and I'm getting:
2008-01-10 09:02:01-0500 [-] [caldav-8181] [AMP,client] PROPFIND /principals/users/user01
Not sure exactly what you were trying to edit there, but it looks like you were trying to edit ACLs on a principal resource, whereas what you really need to do is edit ACLs directly on the calendar you want to share. But note comments below...
1) Are ACLs the way to solve my problem? Or is there an easier way to support sharing? Would like to use delegation, but as I understand it, that can only be done by setting up an OD server, etc etc.
Delegation is the best way to do this. At present that is most easily setup using iCal and does require iCal bound to OD.
2) If ACLs are the way, what could be the problem above? File permissions don't seem to be the problem, as everything is caldavd:caldavd and the server is started up by user caldavd.
If you really want to use ACLs, then set the ACLs on /calendars/users/user02/calendar to give /principals/__uids__/XXX (whatever the principalURL is for user01) read access.
(2) can be done using Mulberry but you do need to find the __uids__ URL for user01 - that can be done by using Safari to navigate to /principals/users/user01/ and looking at the resulting page.
In my spare time I have been working on a little command line tool that will allow browsing of a WebDAV/CalDAV hierarchy, plus some direct manipulation of ACLs and delegates. This tool would allow you to easily set ACLs and delegates from the command line without the need to be bound to OD etc. I am hoping to push this tool out to the open source site soon. I'll post to this list once that happens.
-- Cyrus Daboo
participants (2)
-
Cyrus Daboo
-
Stephen Bowman