[CalendarServer-dev] twistedcaldav/directory/ldapdirectory.py:1267:getGroups empty argument error

Dennison Williams dennison.williams at gmail.com
Thu Jan 31 12:05:21 PST 2013 

On 01/31/2013 12:29 PM, Morgen Sagen wrote:
> How does your LDAP schema specify group membership?  Calendar server's LDAP implementation expects that a group's record explicitly lists each member by a configurable attribute, e.g.
> 
> (Group record)
> dn: cn=Example Group,ou=groups,o=example.com
> member: uid=sagen,ou=people,o=example.com
> member: uid=williams,ou=people,o=example.com
> 
> The above LDAP record is for a group containing two members (you can also put a nested group in there).  Your caldavd.plist should then have:
> 
>         <key>groupSchema</key>
>         <dict>
>           <key>membersAttr</key>
>           <string>member</string>
>           <key>nestedGroupsAttr</key>
>           <string></string>
>           <key>memberIdAttr</key>
>           <string></string>
>         </dict>
> 
> If nested groups are specified by a different LDAP attribute, you would specify that attribute in the nestedGroupsAttr value.  If you reference the group's members by an attribute other than DN, put that attribute in the memberIdAttr value.
> 
> I notice that in the LDAP output you pasted, your user has a reference back to the group it's a member of…
> 
>> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
> 
> …however, calendar server doesn't support following those upward references.  We always start with the group and work downward.

Thanks ... I updated my config and this likely fixes a few other issues
I was having, but does not resolve the subject issue.  This feedback was
helpful.

-D

> 
> ~morgen
> 
> 	
> 
> On Jan 31, 2013, at 9:38 AM, Dennison Williams <dennison.williams at gmail.com> wrote:
> 
>> On 01/30/2013 10:53 PM, Glyph wrote:
>>>
>>> On Jan 30, 2013, at 8:06 PM, Dennison Williams
>>> <dennison.williams at gmail.com <mailto:dennison.williams at gmail.com>> wrote:
>>>
>>>> Tracing this all the way up the stack I see tha the getGroups method
>>>> receives a guid value of  set([None]), but this is not caught as I think
>>>> maybe it should be on line 675
>>>>
>>>> if guids is None:
>>>>
>>>> But because I am not super familar with this application and have
>>>> limited familiarity with python I am not sure if this indicates an issue
>>>> with my config, my environment, or the code.
>>>
>>> The LDAP directory is incredibly flexible, and can be coerced to do
>>> various insane things by setting up mappings incorrectly.  Having a copy
>>> of your caldavd.plist would be helpful when diagnosing this error.
>>> (Actually having a copy of your entire directory along with that would
>>> be even more useful, but I presume that isn't possible ;-)).
>>
>> Please see attached my caldavd.plist.  I also included a ldapsearch
>> result for the following query which shows how I am mapping the schema
>>
>> ldapsearch -x -h ad.meow.com -D 'auth' -w 'also_not_the_real_pass' -b
>> 'cn=Users,dc=meow,dc=comm' '(&(objectClass=user)(sAMAccountName=Meow))'
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=Users,dc=meow,dc=com> with scope subtree
>> # filter: (&(objectClass=user)(sAMAccountName=Meow))
>> # requesting: ALL
>> #
>>
>> # Meow Meow, Users, meow.com
>> dn: CN=Meow Meow,CN=Users,DC=meow,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Meow Meow
>> sn: Account
>> givenName: Nagios
>> distinguishedName: CN=Meow Meow,CN=Users,DC=meow,DC=com
>> instanceType: 4
>> whenCreated: 20111017230846.0Z
>> whenChanged: 20121023162519.0Z
>> displayName: Nagios Test Account
>> uSNCreated: 12446
>> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
>> uSNChanged: 304005
>> homeMTA: CN=Microsoft MTA,CN=AD,CN=Servers,CN=First Administrative Group
>> ,CN=Administrative Groups,CN=AD,CN=Microsoft Exchange,CN=Services,CN=
>> Configuration,DC=meowmeow,DC=com
>> proxyAddresses: SMTP:nagios at meow.com
>> proxyAddresses: smtp:meow at meow.com
>> proxyAddresses: smtp:meow at meow.com
>> proxyAddresses: X400:c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
>> homeMDB: CN=Mailbox Store (AD),CN=First Storage Group,CN=InformationStor
>> e,CN=AD,CN=Servers,CN=First Administrative Group,CN=Administrative Grou
>> ps,CN=meow,CN=Microsoft
>> Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
>> mDBUseDefaults: TRUE
>> mailNickname: meow
>> name: Meow Meow
>> objectGUID:: Kyz0aVBh5EGXjCt6tGMacw==
>> userAccountControl: 512
>> badPwdCount: 1
>> codePage: 0
>> countryCode: 0
>> badPasswordTime: 129958397349055788
>> pwdLastSet: 129945378370161242
>> primaryGroupID: 513
>> objectSid:: AQUAAAAAAAUVAAAARUxc9755Z7MIG4EGbgQAAA==
>> accountExpires: 9223372036854775807
>> sAMAccountName: meow
>> sAMAccountType: 805306368
>> showInAddressBook: CN=Default Global Address List,CN=All Global Address
>> Lists,
>> CN=Address Lists Container,CN=meow,CN=Microsoft Exchange,CN=Services,CN
>> =Configuration,DC=meow,DC=com
>> showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists
>> Containe
>> r,CN=meow,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
>> legacyExchangeDN: /o=meow/ou=First Administrative Group/cn=Recipients/cn
>> =meow
>> userPrincipalName: meow at meow.com
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=meow,DC=com
>> dSCorePropagationData: 16010101000000.0Z
>> lastLogonTimestamp: 129954831103763747
>> textEncodedORAddress: c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
>> mail: nagios at meow.com
>> msExchHomeServerName: /o=meow/ou=First Administrative Group/cn=Configura
>> tion/cn=Servers/cn=AD
>> msExchALObjectVersion: 49
>> msExchMailboxSecurityDescriptor::
>> AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
>> AAIAAQEAAAAAAAUKAAAAawBoAGUAYQByAHQALwBjAG4APQBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAb
>> wBuAC8AYwBuAD0AUwBlAHIAdgBpAGMAZQBzAAAAAQUAAAAAAAUVAAAARUxc9755Z7MIG4EG9AEAAA
>> EFAAAAAAAFFQAAAEVMXPe+eWezCBuBBvQBAAA=
>> msExchUserAccountControl: 0
>> msExchMailboxGuid:: vLqtcArWMkGG0dYMJAcWyw==
>> msExchPoliciesIncluded:
>> {A83A4004-3729-4AD2-869E-9DBD808B748D},{26491CFC-9E50-
>> 4857-861B-0CB8DF22B5D7}
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>>
>>>
>>> -glyph
>>
>> <caldavd.plist>_______________________________________________
>> calendarserver-dev mailing list
>> calendarserver-dev at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
>

More information about the calendarserver-dev mailing list