[CalendarServer-users] Errors with group based access control
Josh Wisenbaker
macshome at afp548.com
Thu Dec 14 13:04:37 PST 2006
On Thu, December 14, 2006 12:45 pm, Frank Strauß wrote:
> Frank Strauß wrote:
> > [...]
>> Where did you take the OID 1.3.6.1.4.1.63.1001.1.1.1.1.99 from? Is it
>> kind of official? Does it matter in any way which OID we use (as long as
>> we are testing it in our own environments)?
>>
>> What values do you put into calendarPrincipalURI attributes? Full URIs
>> with a "http://cal.example.com:8008" prefix or just something like
>> "/principals/user/josh"?
>
> [Continuing to talk to myself... :-)]
>
> I got the LDAP backend running now. Cool. ;-) To share the answers to my
> questions with others that could be interested...
You have it getting principals from LDAP?
>
> I use another OID from our organization's own namespace. So it seems the
> OID does not matter wrt the LDAP protocol. However, namespace conflicts
> should be avoided, of course.
>
> I use "local" principal URIs like "/principal/user/strauss".
>
> Minor note for people not using Apple's OD, but any other LDAP server:
> Your entries have to have apple-generateduid attributes. For now, I use
> something like "DEADBEEF-0000-0000-0002-000000001801" (just filling in
> the Posix UID/GID at then end to achieve uniqueness), but like the OID
> question, I should probably make sure how to do it "correctly".
You can use uuidgen to make new UUIDs.
Josh
--
Josh Wisenbaker
U, U, D, D, L, R, L, R, B, A, Start for your server
http://www.afp548.com
More information about the calendarserver-users
mailing list