[CalendarServer-users] Errors with group based access control

Frank Strauß strauss at ibr.cs.tu-bs.de
Thu Dec 14 09:45:19 PST 2006

Frank Strauß wrote:
 > [...]
> Where did you take the OID from? Is it 
> kind of official? Does it matter in any way which OID we use (as long as 
> we are testing it in our own environments)?
> What values do you put into calendarPrincipalURI attributes? Full URIs 
> with a "http://cal.example.com:8008" prefix or just something like 
> "/principals/user/josh"?

[Continuing to talk to myself... :-)]

I got the LDAP backend running now. Cool. ;-) To share the answers to my 
questions with others that could be interested...

I use another OID from our organization's own namespace. So it seems the 
OID does not matter wrt the LDAP protocol. However, namespace conflicts 
should be avoided, of course.

I use "local" principal URIs like "/principal/user/strauss".

Minor note for people not using Apple's OD, but any other LDAP server: 
Your entries have to have apple-generateduid attributes. For now, I use
something like "DEADBEEF-0000-0000-0002-000000001801" (just filling in 
the Posix UID/GID at then end to achieve uniqueness), but like the OID 
question, I should probably make sure how to do it "correctly".

More information about the calendarserver-users mailing list