Hi, I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos. For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group What do I do wrong? Georg
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file. On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Hi, I have not done any changes in the sudoes file, so my name does not occur there. my account.xml looks similar to this: <accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts> I don't think that I have special privileges. Thanks Georg Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Everything looks OK I think. Did you check the proxy database for entires related to your user? On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
sorry for that: proxy database? Georg Am 17.02.2009 um 13:55 schrieb Sean McAvoy:
Everything looks OK I think. Did you check the proxy database for entires related to your user?
On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
hi, all users and groups seems to have the same guid. it should be unique like 39208c1b-e08a-49dc-97a4-c4b3866774cd. i'm using runadmin.py from CalDAVClientLibrary to add client, it will do it for you. cyrille. Le mardi 17 février 2009 à 13:55 +0100, Sean McAvoy a écrit :
Everything looks OK I think. Did you check the proxy database for entires related to your user?
On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Hi, I'm not sure what I do have to check now.... in /var/spoo/caldavd/calendars/__uids__/ are multiple user and group entries. All ics-file have unique names. Isn't this a kind of uuid? Georg Am 17.02.2009 um 14:30 schrieb Cyrille Colin:
hi, all users and groups seems to have the same guid. it should be unique like 39208c1b-e08a-49dc-97a4-c4b3866774cd. i'm using runadmin.py from CalDAVClientLibrary to add client, it will do it for you. cyrille.
Le mardi 17 février 2009 à 13:55 +0100, Sean McAvoy a écrit :
Everything looks OK I think. Did you check the proxy database for entires related to your user?
On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Connect with an admin privilege account and browse users data, you should see informations like that : *********** Principal Information --------------------- GUID: 39208c1b-e08a-49dc-97a4-c4b3866774cd Record type: users Short name: cyrille Full name: Cyrille Colin Principal UID: 39208c1b-e08a-49dc-97a4-c4b3866774cd Principal URL: /principals/__uids__/39208c1b-e08a-49dc-97a4-c4b3866774cd/ Alternate URIs: -> /principals/users/cyrille/ Group members: '() Group memberships: '() Calendar homes: -> /calendars/__uids__/39208c1b-e08a-49dc-97a4-c4b3866774cd ************* Check differences between your accounts. Cyrille. Le mardi 17 février 2009 à 15:06 +0100, Georg Troska a écrit :
Hi, I'm not sure what I do have to check now....
in /var/spoo/caldavd/calendars/__uids__/ are multiple user and group entries. All ics-file have unique names. Isn't this a kind of uuid?
Georg Am 17.02.2009 um 14:30 schrieb Cyrille Colin:
hi, all users and groups seems to have the same guid. it should be unique like 39208c1b-e08a-49dc-97a4-c4b3866774cd. i'm using runadmin.py from CalDAVClientLibrary to add client, it will do it for you. cyrille.
Le mardi 17 février 2009 à 13:55 +0100, Sean McAvoy a écrit :
Everything looks OK I think. Did you check the proxy database for entires related to your user?
On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
Hi,
I have a calendarserver running on Ubuntu Intrepid. For authentication I use kerberos.
For the moment I'm using the accout.xml to add my users. The final installation should use the NSS-dir-service. My Problem is, that I have access to all calendars I may write to personal user calendars and to group-calendars. I needn't belog to the group
What do I do wrong?
Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Thank you for you help, I guess I'm doing something very stupid wrong: I have to added two useraccounts in my ical: one with the acount-url host:8008/principal/users/userA an done with host:8008/principal/users/ userB. The thing I do not understand at the moment is, that adding events or new calendars to one of the account will effect in an synchronisation of both accounts. The error-log shows shomething like: PUT /calendars/__uids__/e4/calendar/EC99317C-D108-4F44- AEEB-9FC73D06E8B3.ics HTTP/1.1 but e4 ist the guid of the both users ????? I think my understanding of this service is wrong. I would like to have private calendars that are not readable or writeable by anyone but the user, then I would like to have readable private calendar and publich group calendar. How do I set this up Thanks Georg Am 17.02.2009 um 15:23 schrieb Cyrille Colin:
Connect with an admin privilege account and browse users data, you should see informations like that : *********** Principal Information --------------------- GUID: 39208c1b-e08a-49dc-97a4-c4b3866774cd Record type: users Short name: cyrille Full name: Cyrille Colin Principal UID: 39208c1b-e08a-49dc-97a4-c4b3866774cd Principal URL: /principals/__uids__/39208c1b-e08a-49dc-97a4- c4b3866774cd/
Alternate URIs: -> /principals/users/cyrille/
Group members: '()
Group memberships: '()
Calendar homes: -> /calendars/__uids__/39208c1b-e08a-49dc-97a4-c4b3866774cd *************
Check differences between your accounts. Cyrille.
Le mardi 17 février 2009 à 15:06 +0100, Georg Troska a écrit :
Hi, I'm not sure what I do have to check now....
in /var/spoo/caldavd/calendars/__uids__/ are multiple user and group entries. All ics-file have unique names. Isn't this a kind of uuid?
Georg Am 17.02.2009 um 14:30 schrieb Cyrille Colin:
hi, all users and groups seems to have the same guid. it should be unique like 39208c1b-e08a-49dc-97a4-c4b3866774cd. i'm using runadmin.py from CalDAVClientLibrary to add client, it will do it for you. cyrille.
Le mardi 17 février 2009 à 13:55 +0100, Sean McAvoy a écrit :
Everything looks OK I think. Did you check the proxy database for entires related to your user?
On Feb 17, 2009, at 13:50, Georg Troska wrote:
Hi, I have not done any changes in the sudoes file, so my name does not occur there.
my account.xml looks similar to this:
<accounts realm="Test Realm2"> <user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user> <group> <uid>e4</uid> <guid>e4</guid> <name>E4</name> <members> <member type="users">troska</member> </members> </group> <group> <uid>group2</uid> <guid>group2</guid> <name>Group Namel</name> <members> <member type="users">user2</member> </members> </group> <group> <uid>disabledgroup</uid> <guid>disabledgroup</guid> <password>disabledgroup</password> <name>Disabled Group</name> <members> <member type="users">user01</member> </members> <disable-calendar/> </group> </accounts>
I don't think that I have special privileges.
Thanks Georg
Am 17.02.2009 um 13:10 schrieb Sean McAvoy:
Hi Georg, perhaps you've setup yourself up in a group with special privileges or maybe you've enabled yourself as admin in the sudoers.plist file.
On Feb 17, 2009, at 13:05, Georg Troska wrote:
> Hi, > > I have a calendarserver running on Ubuntu Intrepid. For > authentication I use kerberos. > > For the moment I'm using the accout.xml to add my users. The > final > installation should use the NSS-dir-service. My Problem is, > that I > have access to all calendars > I may write to personal user calendars and to group-calendars. I > needn't belog to the group > > What do I do wrong? > > Georg > > > _______________________________________________ > calendarserver-users mailing list > calendarserver-users@lists.macosforge.org > http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- > users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
Hi Georg, --On February 17, 2009 1:50:59 PM +0100 Georg Troska <georg.troska@uni-dortmund.de> wrote:
<user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user>
The <guid> element for these two records (and others) is the same. You MUST have unique <guids> for each record. The server stores data for each user based on their <guid> - so these two users end up with the same data path on the server. So, generate proper GUIDs for each record. You can do that using the uuidgen command on the command line. As someone else noted there is a runadmin.py command in the CalDAVClientLibrary tool available on calendarserver.org. That provides a command line interface for manipulating the accounts.xml file. It will take care of creating accounts with proper GUIDs. NB it is important to use proper GUIDs in the accounts.xml file. The next version of the server will actually use a slightly different store layout that uses the first four characters of the GUID to create a "hashed" directory structure for better scalability. GUIDs that are not four characters long will not work with that. -- Cyrus Daboo
Hi, in deed. I mixed up groupid with guid .. sorry for that So I'm able now to use private calendars and group calendars. How do I get calendars running in which reading is allowed for everyone but writeing only for the user itself? I'm thinking of holiday-entries for example. Everyone wants to know someones holiday, but only the user itself or one priviliged person may add or delete entries. Thanks Georg Support is really great here Am 17.02.2009 um 16:45 schrieb Cyrus Daboo:
Hi Georg,
--On February 17, 2009 1:50:59 PM +0100 Georg Troska <georg.troska@uni-dortmund.de
wrote:
<user> <uid>troska</uid> <guid>e4</guid> <name>Georg Troska</name> </user> <user> <uid>user2</uid> <guid>e4</guid> <name>Username Two</name> </user>
The <guid> element for these two records (and others) is the same. You MUST have unique <guids> for each record. The server stores data for each user based on their <guid> - so these two users end up with the same data path on the server.
So, generate proper GUIDs for each record. You can do that using the uuidgen command on the command line. As someone else noted there is a runadmin.py command in the CalDAVClientLibrary tool available on calendarserver.org. That provides a command line interface for manipulating the accounts.xml file. It will take care of creating accounts with proper GUIDs.
NB it is important to use proper GUIDs in the accounts.xml file. The next version of the server will actually use a slightly different store layout that uses the first four characters of the GUID to create a "hashed" directory structure for better scalability. GUIDs that are not four characters long will not work with that.
-- Cyrus Daboo
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501
participants (4)
-
Cyrille Colin
-
Cyrus Daboo
-
Georg Troska
-
Sean McAvoy