[CalendarServer-users] Errors with group based access control

Josh Wisenbaker macshome at afp548.com
Thu Dec 14 09:45:10 PST 2006


On Thu, December 14, 2006 9:00 am, Frank Strauß wrote:
> Josh Wisenbaker wrote:
>> On Thu, December 14, 2006 8:09 am, Frank Strauß wrote:
>>> This happens when I try to "get details" in Mulberry on a group's
>>> directory, no matter whether I am a member of that group or not.
>>> (I am using the XML directory backend as long as I don't know how to
>>> use
>>> LDAP.)
>>
>> No idea on the get details issue, but as soon as I get my lab set back
>> up
>> after my move I plan to evaluate the new trunk and then write my article
>> on LDAP integration.
>>
>> The only bit that wasn't working for me was kerb, which I realized
>> doesn't
>> matter as I haven't seen any kerberized caldav clients to use. :)
>>
>> The basics are...
>>
>> 1. Extend your schema to add a calendar principal attribute.
>> 2. Rebuild and install PyOpenDirectory with your custom attribute.
>
> Thanks, Josh!
>
> You motivate me to give it another try... :-) But I have some further
> questions:
>
> Where did you take the OID 1.3.6.1.4.1.63.1001.1.1.1.1.99 from? Is it
> kind of official? Does it matter in any way which OID we use (as long as
> we are testing it in our own environments)?

That's based on Apple's assignment. The "1.3.6.1.4.1" means private
enterprise and the "63" means Apple. I've submitted a request to IANA for
a AFP548.com number to use.

I suppose it really doesn't matter as long as Apple never conflicted
anything with it.

>
> What values do you put into calendarPrincipalURI attributes? Full URIs
> with a "http://cal.example.com:8008" prefix or just something like
> "/principals/user/josh"?

The FQDN of the principal.
"https://test.afp548.com:8443/principals/user/josh"

I was planning on doing a script or dsimport template for the article to
batch add the attributes.

>
> I'm no Python guru. Do you know how this warning can be avoided?
> Probably at some place, my Tiger Python-2.3 stuff is used, although 2.5
> is available and the first in my $PATH.
>
> 2006/12/14 15:49 +0200 [-]
> /private/var/automount/home/strauss/Developer/CalendarServer/twistedcaldav/directory/appleopendirectory.py:30:
> exceptions.RuntimeWarning: Python C API version mismatch for module
> opendirectory: This Python has API version 1013, module opendirectory
> has version 1012.

No clue! :)

Josh

-- 
Josh Wisenbaker
U, U, D, D, L, R, L, R, B, A, Start for your server
http://www.afp548.com



More information about the calendarserver-users mailing list