[CalendarServer-dev] [Calendar and Contacts Server] ConfiguringLDAP added

Calendar and Contacts Server trac at macosforge.org
Thu Jul 12 11:24:24 PDT 2012


Added page "ConfiguringLDAP" by sagen at apple.com from 17.224.21.17*
Page URL: <http://trac.calendarserver.org/wiki/ConfiguringLDAP>
Content:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
By default, Calendar Server fetches users and groups from the configured directory service, and locations and resources from a local XML file.  If you would like all four record types to come out of LDAP, modify the caldavd.plist as follows:

1) Disable the resource/location XML service by changing "ResourceService > Enabled" to false:
{{{
   <key>ResourceService</key>
   <dict>
     <key>Enabled</key>
     <false/>
}}}

2) Add a "recordTypes" array to the "DirectoryService > params" dictionary, as well as configuring the DN's and attributes your LDAP server uses.  Each record type has an RDN (the dn relative to your base dn), and a mapping of calendar server record field names to LDAP attributes:
{{{
    <key>DirectoryService</key>
    <dict>
      <key>type</key>
      <string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>

      <key>params</key>
      <dict>
        <key>recordTypes</key>
        <array>
           <string>users</string>
           <string>groups</string>
           <string>locations</string>
           <string>resources</string>
        </array>
        <key>cacheTimeout</key>
        <integer>10</integer>
        <key>uri</key>
        <string>ldap://ldapserver.example.com/</string> <!-- your ldap server url -->
        <key>tls</key>
        <false/>
        <key>tlsCACertFile</key>
        <string></string>
        <key>tlsCACertDir</key>
        <string></string>
        <key>tlsRequireCert</key>
        <string>never</string>
        <key>credentials</key>
        <dict>
          <key>dn</key>
          <string>uid=admin,ou=people,o=example.com</string> <!-- dn to auth as -->
          <key>password</key>
          <string>PASSWORD</string> <!-- password to auth with -->
        </dict>
        <key>rdnSchema</key>
        <dict>
          <key>base</key>
          <string>o=example.com</string> <!-- your base dn -->
          <key>guidAttr</key>
          <string>GUID</string> <!-- LDAP attribute used for GUIDs -->
          <key>users</key>
          <dict>
            <key>rdn</key>
            <string>ou=people</string> <!-- dn for users (relative to base dn) -->
            <key>mapping</key>
            <dict>
                <key>recordName</key>
                <string>uid</string>
                <key>fullName</key>
                <string>cn</string>
                <key>emailAddresses</key>
                <array>
                    <string>mail</string>
                    <string>mailAlias</string>
                </array>
                <key>firstName</key>
                <string>givenName</string>
                <key>lastName</key>
                <string>sn</string>
            </dict>
          </dict>
          <key>groups</key>
          <dict>
            <key>rdn</key>
            <string>ou=groups</string> <!-- dn for groups (relative to base dn) -->
            <key>mapping</key>
            <dict>
                <key>recordName</key>
                <string>cn</string>
                <key>fullName</key>
                <string>cn</string>
                <key>emailAddresses</key>
                <array>
                    <string>mail</string>
                    <string>mailAlias</string>
                </array>
                <key>firstName</key>
                <string></string>
                <key>lastName</key>
                <string></string>
            </dict>
          </dict>
          <key>locations</key>
          <dict>
            <key>rdn</key>
            <string>ou=locations</string> <!-- dn for locations (relative to base dn) -->
            <key>mapping</key>
            <dict>
                <key>recordName</key>
                <string>cn</string>
                <key>fullName</key>
                <string>cn</string>
                <key>emailAddresses</key>
                <array>
                </array>
                <key>firstName</key>
                <string></string>
                <key>lastName</key>
                <string></string>
            </dict>
          </dict>
          <key>resources</key>
          <dict>
            <key>rdn</key>
            <string>ou=resources</string> <!-- dn for resources (relative to base dn) -->
            <key>mapping</key>
            <dict>
                <key>recordName</key>
                <string>cn</string>
                <key>fullName</key>
                <string>cn</string>
                <key>emailAddresses</key>
                <array>
                </array>
                <key>firstName</key>
                <string></string>
                <key>lastName</key>
                <string></string>
            </dict>
          </dict>
        </dict>
        <key>groupSchema</key>
        <dict>
          <key>membersAttr</key>
          <string>uniqueMember</string> <!-- LDAP attribute which indicates members of a group -->
          <key>nestedGroupsAttr</key>
          <string></string>
          <key>memberIdAttr</key>
          <string></string>
        </dict>
        <key>resourceSchema</key>
        <dict>
         <key>resourceInfoAttr</key>
         <string></string>
         <key>autoScheduleAttr</key>
         <string></string>
         <key>autoScheduleEnabledValue</key>
         <string></string>
         <key>proxyAttr</key>
         <string></string>
         <key>readOnlyProxyAttr</key>
         <string></string>
        </dict>
      </dict>
    </dict>
}}}
-------8<------8<------8<------8<------8<------8<------8<------8<--------

* The IP shown here might not mean anything if the user or the server is
behind a proxy.

--
Calendar and Contacts Server </>
HTTP/WebDAV/CalDAV Server

This is an automated message. Someone at / added your email
address to be notified of changes on ConfiguringLDAP. If it was not you, please
report to .


More information about the calendarserver-dev mailing list