[CalendarServer-dev] [CalendarServer] #260: OpenLDAP directory service

Thu Aug 6 09:56:51 PDT 2009

#260: OpenLDAP directory service
---------------------------------------+------------------------------------
 Reporter:  jusiskin@…                 |       Owner:  sagen@…           
     Type:  Feature                    |      Status:  new               
 Priority:  2: Expected                |   Milestone:  CalendarServer-2.x
Component:  Calendar Server            |    Severity:  Other             
 Keywords:                             |  
---------------------------------------+------------------------------------

Comment(by rlalkaka@…):

 Replying to [comment:29 rahul@…]:
 > I have modified the patch given to me by Oxullo to include LDAP TLS
 support as well as filters. Also authentication is done using PAM rather
 than LDAP. I have only commented out the LDAP authentication code just in
 case you intend to revert to using LDAP server for authentication. The
 configuration options are as below now (I have included a sample filter
 option as well). Also the tlsCACertDir option does not seem to be working
 (no idea as to why this option is not working).

 I'm having some trouble getting this working. Leaving the credentials
 field blank (which the comments in
 twistedcaldav/directory/ldapdirectory.py imply will anonymously bind)
 prompts ./run to spew errors about the blank credentials DN (log and trace
 below). Is there an easy way to change the patched LDAP to bind to
 uid=<username>,ou=people,dc=example,dc=com and then proceed with PAM auth
 if the record exists, instead of searching as in the current
 implementation? Apologies if this is a trivial change -- I can't make head
 or tail of LDAP right now.

 {{{
 [startup] Configuring directory service of type:
 twistedcaldav.directory.ldapdirectory.LdapDirectoryService
 [LdapDirectoryService] Calling ldap.initialize('ldap://ldap.server-
 removed.com:389/').
 [-] Traceback (most recent call last):
 [-]   File "../Twisted/bin/twistd", line 21, in ?
 [-]     run()
 [-]   File "/tmp/src/Twisted/twisted/scripts/twistd.py", line 27, in run
 [-]     app.run(runApp, ServerOptions)
 [-]   File "/tmp/src/Twisted/twisted/application/app.py", line 379, in run
 [-]     runApp(config)
 [-]   File "/tmp/src/Twisted/twisted/scripts/twistd.py", line 23, in
 runApp
 [-]     _SomeApplicationRunner(config).run()
 [-]   File "/tmp/src/Twisted/twisted/application/app.py", line 157, in run
 [-]     self.application = self.createOrGetApplication()
 [-]   File "/tmp/src/Twisted/twisted/application/app.py", line 202, in
 createOrGetApplication
 [-]     ser = plg.makeService(self.config.subOptions)
 [-]   File "/tmp/src/CalendarServer-1.2/twistedcaldav/tap.py", line 749,
 in makeService
 [-]     service = serviceMethod(options)
 [-]   File "/tmp/src/CalendarServer-1.2/twistedcaldav/tap.py", line 471,
 in makeService_Slave
 [-]     baseDirectory =
 directoryClass(**config.DirectoryService["params"])
 [-]   File
 "/tmp/src/CalendarServer-1.2/twistedcaldav/directory/ldapdirectory.py",
 line 144, in __init__
 [-]     self._updateStorage(recordType)
 [-]   File
 "/tmp/src/CalendarServer-1.2/twistedcaldav/directory/ldapdirectory.py",
 line 238, in _updateStorage
 [-]     logging.info("Retrieving subtree of %s." % ldap.dn.dn2str(base),
 system="LdapDirectoryService")
 [-] AttributeError: 'module' object has no attribute 'dn'
 }}}

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/260#comment:31>
CalendarServer </>
HTTP/WebDAV/CalDAV Server