[CalendarServer-users] Adding principals

Cyrus Daboo cdaboo at apple.com
Tue Sep 5 08:11:52 PDT 2006

Hi Sebastian,

--On September 5, 2006 4:54:24 PM +0200 Sebastian Hagedorn 
<Hagedorn at uni-koeln.de> wrote:

>>> By editing the repository-dev.xml file I was able to create more users.
>>> The principals are created.
> Same here:
> 2006/09/05 16:37 CEST [-] Created principal: /principals/users/a0620
> I can see it in
> ~/Developer/Collaboration/CalendarServer/twistedcaldav/test/data/principa
> ls/users. Is that path to be expected?

Yes. The 'document root' is specified in the .plist file. The default run 
script is set to use caldav-dev.plist and repository-dev.plist, both of 
which have to be in the server's conf directory.

>> > When I attempt to publish a calendar as one
>>> of the new users the /calendars/users/<newuser> folder is created with
>>> the inbox and outbox folder.
> That doesn't even work for me, but the folders seem to be cerated while
> creating the principal. They are in
> ~/Developer/Collaboration/CalendarServer/twistedcaldav/test/data/calendar
> s/users/a0620

Correct - with the -static repository file user accounts and calendar homes 
are auto-created when the server starts up. (The process is slightly 
different with OpenDirectory.)

>>> But the calendar fails to publish with "Access to the calendar <server
>>> url> is not permitted.."  If I use the admin name and password I can
>>> publish the test calendar.
>> Can you provide the relevant portion of the server log?
> Here it reads:
> 2006/09/05 16:39 CEST [HTTPChannel,0,] OPTIONS
> /calendars/users/a0620/ HTTP/1.1
> 2006/09/05 16:39 CEST [HTTPChannel,0,] 'Invalid privileges
> with no authentication details: <OPTIONS /calendars/users/a0620/ (1, 1)>'
> 2006/09/05 16:39 CEST [HTTPChannel,0,] OPTIONS
> /calendars/users/a0620/ HTTP/1.1
> 2006/09/05 16:39 CEST [HTTPChannel,0,] 'Invalid privileges
> with valid authentication details: <OPTIONS /calendars/users/a0620/ (1,
> 1)>'

If you use the 'admin' user can you login?

What OS/system/version are you running this on?

>> As described on the wiki page, each user should be given <DAV:all>
>> privileges to their own calendar home collection. So it should be
>> possible to do anything in that collection once authenticated.
> That doesn't seem to work. Perhaps the implicit rights don't work? Could
> you give us an example how to set the privileges explicitly? In the
> example file I see:
>       <acl>
>         <ace>
>           <principal><all/></principal>
>           <grant><privilege><all/></privilege></grant>
>           <protected/>
>           <inheritable/>
>         </ace>
>       </acl>
> But I don't really understand how that's supposed to work.

The above acl is in the commented out section of -static, and is used to 
create some 'users' that have a publicly accessible calendar (hence use of 
<DAV:all> as the principal). For 'regular' users you should not use that - 
use the <user> element with 'repeat=99' as the guide for those.

Cyrus Daboo

More information about the calendarserver-users mailing list