[CalendarServer-dev] [CalendarServer] #260: OpenLDAP directory service

CalendarServer trac at macosforge.org
Mon Aug 3 02:05:46 PDT 2009 

#260: OpenLDAP directory service
---------------------------------------+------------------------------------
 Reporter:  jusiskin@…                 |       Owner:  sagen@…           
     Type:  Feature                    |      Status:  new               
 Priority:  2: Expected                |   Milestone:  CalendarServer-2.x
Component:  Calendar Server            |    Severity:  Other             
 Keywords:                             |  
---------------------------------------+------------------------------------

Comment(by rahul@…):

 I have modified the patch given to me by Oxullo to include LDAP TLS
 support as well as filters. Also authentication is done using PAM rather
 than LDAP. I have only commented out the LDAP authentication code just in
 case you intend to revert to using LDAP server for authentication. The
 configuration options are as below now (I have included a sample filter
 option as well). Also the tlsCACertDir option does not seem to be working
 (no idea as to why this option is not working).

 {{{
   <key>DirectoryService</key>
   <dict>
     <key>type</key>
 <string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>

     <key>params</key>
     <dict>
       <key>realmName</key>
       <string>EXAMPLE.COM</string>
       <key>uri</key>
       <string>ldap://dbs.example.com:389/</string>
       <key>tls</key>
       <true/>
       <key>tlsCACertFile</key>
       <string>/etc/ssl/certs/dbs.example.com.pem</string>
       <key>tlsCACertDir</key>
       <string></string>
       <key>tlsRequireCert</key>
       <string>demand</string>
       <key>credentials</key>
       <dict>
         <key>dn</key>
         <string>cn=admin,dc=example,dc=com</string>
         <key>password</key>
         <string>admin123</string>
       </dict>
       <key>rdnSchema</key>
       <dict>
         <key>base</key>
         <string>dc=example,dc=com</string>
         <key>users</key>
         <dict>
           <key>rdn</key>
           <string>ou=People</string>
           <key>attr</key>
           <string>uid</string>
           <key>emailSuffix</key>
           <string></string>
           <key>filter</key>
           <string>(&amp;(objectClass=x-scs-Person)(x-scs-
 PrivilegeName=caldav)(!(x-scs-AccountInactive=TRUE)))</string>
         </dict>
         <key>groups</key>
         <dict>
           <key>rdn</key>
           <string>ou=Group</string>
           <key>attr</key>
           <string>cn</string>
           <key>emailSuffix</key>
           <string></string>
           <key>filter</key>
           <string></string>
         </dict>
         <key>locations</key>
         <dict>
           <key>rdn</key>
           <string>ou=Locations</string>
           <key>attr</key>
           <string>cn</string>
           <key>emailSuffix</key>
           <string></string>
           <key>filter</key>
           <string></string>
         </dict>
         <key>resources</key>
         <dict>
           <key>rdn</key>
           <string>ou=Resources</string>
           <key>attr</key>
           <string>cn</string>
           <key>emailSuffix</key>
           <string></string>
           <key>filter</key>
           <string></string>
         </dict>
       </dict>
       <key>groupSchema</key>
       <dict>
         <key>membersAttr</key>
         <string>uniqueMember</string>
         <key>memberIdAttr</key>
         <string></string>
       </dict>
     </dict>
   </dict>
 }}}

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/260#comment:29>
CalendarServer </>
HTTP/WebDAV/CalDAV Server

More information about the calendarserver-dev mailing list