[CalendarServer-changes] [15665] CalendarServer/trunk/doc/Admin/DirectoryService-LDAP.rst

source_changes at macosforge.org source_changes at macosforge.org
Thu Jun 9 16:37:00 PDT 2016 

Revision: 15665
          http://trac.calendarserver.org//changeset/15665
Author:   dre at apple.com
Date:     2016-06-09 16:36:59 -0700 (Thu, 09 Jun 2016)
Log Message:
-----------
Added info about ldap attribute indexing

Modified Paths:
--------------
    CalendarServer/trunk/doc/Admin/DirectoryService-LDAP.rst

Modified: CalendarServer/trunk/doc/Admin/DirectoryService-LDAP.rst
===================================================================
--- CalendarServer/trunk/doc/Admin/DirectoryService-LDAP.rst	2016-06-09 22:16:11 UTC (rev 15664)
+++ CalendarServer/trunk/doc/Admin/DirectoryService-LDAP.rst	2016-06-09 23:36:59 UTC (rev 15665)
@@ -1,3 +1,4 @@
+=======================
 LDAP Directory Service
 =======================
 
@@ -8,15 +9,17 @@
 
   .. _twext.who.ldap: http://trac.calendarserver.org/browser/twext/trunk/twext/who/ldap
 
-When using this service, a separate process called the Directory Proxy Service
+When using this service, a separate process called the Directory Proxy Service (DPS)
 is instantiated to handle interactions with the LDAP server. This process
 maintains an in-memory cache of directory services data. Worker processes
 communicate with the DPS over an AMP socket. Each worker process also maintains
 an in-memory cache of directory services data. Each cache TTL can be configured
 separately.
 
-**Configuring the Calendar Server**
 
+Configuring the Calendar Server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 A sample caldavd.plist configuration is shown below. To use LDAP with CalendarServer,
 you will almost certainly have to customize at least some of the config
 options, due to the nature of LDAP's arbitrary and often site-specific
@@ -133,8 +136,10 @@
      </dict>
    </dict>
 
-**Configuring Principals**
 
+Configuring Principals
+~~~~~~~~~~~~~~~~~~~~~~~
+
 The "mapping" section of the above configuration defines the mapping
 between record attributes used by CalendarServer and the LDAP
 attribute used to store this information in the configured LDAP
@@ -189,10 +194,9 @@
   scheduling message arrives, if it does not conflict with an existing
   meeting it can be automatically accepted into the principal's main
   calendar; if it does conflict it can be automatically declined. The
-  available modes are:
+  available modes can be seen here:
+  http://trac.calendarserver.org/browser/CalendarServer/trunk/calendarserver/tools/principals.py#L47
 
-http://trac.calendarserver.org/browser/CalendarServer/trunk/calendarserver/tools/principals.py#L47
-
 ``autoAcceptGroup``
 
   Specifies the uid of a group whose members will be excempt from any
@@ -214,8 +218,10 @@
   whose members are granted read-only proxy (delegate) access to the
   corresponding principal.
 
-**Other LDAP params**
 
+Other LDAP params
+~~~~~~~~~~~~~~~~~~
+
 The following settings are available in the 'params' dictionary of the LDAP configuration.
 
 ``threadPoolmax``
@@ -240,8 +246,10 @@
 
   A boolean that instructs the DPS to connect to the LDAP service using TLS.
 
-**Related settings**
 
+Related settings
+~~~~~~~~~~~~~~~~~
+
 The following settings are available *outside* the LDAP directory service configuration (i.e.
 the DirectoryProxy dict is a top-level dict in caldavd.plist):
 
@@ -267,3 +275,21 @@
 ``InSidecarCachingSeconds``
 
   The TTL of directory services data in worker processes and the DPS, respectively.
+
+
+LDAP attribute indexing
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use the following guidance to properly configure attribute indexing on the LDAP server.
+
++------------+-----------------------+
+| Attribute  | Search type           | 
++============+=======================+ 
+| fullName   | substring (subany)    |
++------------+-----------------------+
+| guid       | exact                 |
++------------+-----------------------+
+| shortName  | exact                 |
++------------+-----------------------+
+| mail       | substring (subfinal)  |
++------------+-----------------------+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160609/e929b155/attachment-0001.html>

More information about the calendarserver-changes mailing list