[CalendarServer-users] Errors with group based access control
Frank Strauß
strauss at ibr.cs.tu-bs.de
Thu Dec 14 09:45:19 PST 2006
Frank Strauß wrote:
> [...]
> Where did you take the OID 1.3.6.1.4.1.63.1001.1.1.1.1.99 from? Is it
> kind of official? Does it matter in any way which OID we use (as long as
> we are testing it in our own environments)?
>
> What values do you put into calendarPrincipalURI attributes? Full URIs
> with a "http://cal.example.com:8008" prefix or just something like
> "/principals/user/josh"?
[Continuing to talk to myself... :-)]
I got the LDAP backend running now. Cool. ;-) To share the answers to my
questions with others that could be interested...
I use another OID from our organization's own namespace. So it seems the
OID does not matter wrt the LDAP protocol. However, namespace conflicts
should be avoided, of course.
I use "local" principal URIs like "/principal/user/strauss".
Minor note for people not using Apple's OD, but any other LDAP server:
Your entries have to have apple-generateduid attributes. For now, I use
something like "DEADBEEF-0000-0000-0002-000000001801" (just filling in
the Posix UID/GID at then end to achieve uniqueness), but like the OID
question, I should probably make sure how to do it "correctly".
More information about the calendarserver-users
mailing list