[CalendarServer-users] delegation help?

Sun Nov 18 13:53:13 PST 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So are you saying that I should try setting up these accounts as  
resources instead of users? Or, would these resources be defined in  
addition to users? I'm assuming the former...

What is the effective difference between resources and locations  
anyway? Also, as per your example below, what should be put in place  
of the stars for GUID? Should this be the GUID as assigned to the  
user? If so, why would the password have to be provided again if we  
are just referencing an existing user?

On Nov 18, 2007, at 7:14 AM, Emil Lundberg wrote:

> Well, an error message would have been really helpful, as my mind- 
> reading skills aren't yet up to snuff... :-)
>
> I must confess I was setting you straight simply on the basis of  
> Cyrus's instructions. Trying it for real shows the exact behaviour  
> you and Louis describe. The server will continuously read the  
> accounts file and fail, until it is properly configured. I'm running  
> DCS under OS X 10.5.1 Server and the critical piece of log is:
>
> (DCS 1.0 = rev 1995)		ValueError: <auto-schedule> element only  
> allowed for Resources and Locations: proxies
> (DCS trunk = rev 2019)	exceptions.ValueError: <auto-schedule>  
> element only allowed for Resources and Locations: proxies
>
> Which suggest (although <auto-schedule/> is not used here) that the  
> <proxies> element cannot be used for users or groups. Adding <auto- 
> shedule/> for testing purposes makes it complain about this instead.
>
> I guess we need the DCS folks to chime in here.
>
> Regarding iCal's (3.0.1 = rev 1205) behavior with DCS, I've found  
> that it will detect me as a proxy member (even through a group, see  
> example) for a resource through its native interface, so need to go  
> through steps 4-6 in this case - just check the approprate resources  
> under Accounts -> Delegation and a "DELEGATES" header will appear in  
> the main window.
>
> best,
>
> /Emil
>
> example resource element, delegated by group:
>
>  <resource>
>    <uid>my_resource</uid>
>    <guid>*****</guid>
>    <password>*****</password>
>    <name>My Resource</name>
>    <auto-schedule/>
>    <proxies>
>      <member type="groups">my_group</member>
>    </proxies>
>  </resource>
>
>
>
>
> 18 nov 2007 kl. 07.02 skrev Joe Auty:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Also note that as soon as I comment out the proxies belonging to  
>> these two users, I can startup the server again...
>>
>> Thanks in advance for your help here!
>>
>> On Nov 18, 2007, at 1:01 AM, Joe Auty wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> On Nov 17, 2007, at 5:30 AM, Emil Lundberg wrote:
>>>
>>>> Hey Joe,
>>>>
>>>> You've confused the sample accounts file where locations have  
>>>> delegates (which is normal), with cyrus's example. You now have  
>>>> users and locations with duplicate uid's which is definitely not  
>>>> what you intended :-)
>>>>
>>>> Here's what your accounts.xml file should look like (but c.f. the  
>>>> previous discussion on the use of the guid field):
>>>>
>>>> <user>
>>>> <uid>userA</uid>
>>>> <guid>userA</guid>
>>>> <password>password</password>
>>>> <name>user A</name>
>>>> <proxies>
>>>> <member type="users">userB</member>
>>>> </proxies>
>>>> </user>
>>>> <user>
>>>> <uid>userB</uid>
>>>> <guid>userB</guid>
>>>> <password>password</password>
>>>> <name>user B</name>
>>>> <proxies>
>>>> <member type="users">userA</member>
>>>> </proxies>
>>>> </user>
>>>>
>>>
>>> Hmmm... setting up my accounts-test.xml file results in the server  
>>> not being able to startup (I could paste in the error if helpful,  
>>> but it is quite long)
>>>
>>> I have taken out my locations I have defined, and modifed my users  
>>> declarations to match the following:
>>>
>>> <user>
>>> <uid>joe</uid>
>>> <guid>joe</guid>
>>> <password>mypassword</password>
>>> <name>Joe Auty</name>
>>> <proxies>
>>> <member type="users">test</member>
>>> </proxies>
>>> </user>
>>> <user>
>>> <uid>test</uid>
>>> <guid>test</guid>
>>> <password>mypassword</password>
>>> <name>Joe Auty (test)</name>
>>> <proxies>
>>> <member type="users">joe</member>
>>> </proxies>
>>> </user>
>>>
>>>
>>> Here is the first few lines of my error message:
>>>
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-] Log opened.
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-] twistd  
>>>> 2.5.0+rUnknown (/usr/local/bin/python 2.4.4) starting up
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-] reactor class:  
>>>> <class 'twisted.internet.selectreactor.SelectReactor'>
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-] Configuring  
>>>> directory service of type:  
>>>> twistedcaldav.directory.xmlfile.XMLDirectoryService
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-] Traceback (most  
>>>> recent call last):
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]   File "../ 
>>>> Twisted/bin/twistd", line 21, in ?
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]     run()
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]   File "/usr/ 
>>>> local/src/Twisted/twisted/scripts/twistd.py", line 27, in run
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]      
>>>> app.run(runApp, ServerOptions)
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]   File "/usr/ 
>>>> local/src/Twisted/twisted/application/app.py", line 379, in run
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]     runApp(config)
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]   File "/usr/ 
>>>> local/src/Twisted/twisted/scripts/twistd.py", line 23, in runApp
>>>> 2007-11-18 01:01:19-0500 [-] [caldav-8008]  [-]      
>>>> _SomeApplicationRunner(config).run()
>>>
>>>
>>>
>>>
>>>
>>>> Then follow steps 4-6 below. Note that using iCal server (or DCS  
>>>> w/ OD directory service I presume), iCal let's a user define  
>>>> delgates for himself from within iCal, as well as lets the  
>>>> delegate see calendars for which he is the delegate.
>>>>
>>>> /Emil
>>>>
>>>>
>>>> On 17 nov 2007, at 07.10, Joe Auty wrote:
>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> Finally had time to test this, but this doesn't seem to work...  
>>>>> here are the your instructions again, Cyrus, as well as my  
>>>>> results...
>>>>>
>>>>> On Nov 12, 2007, at 10:13 AM, Cyrus Daboo wrote:
>>>>>>>
>>>>>>
>>>>>> OK, here are some step-by-step instructions for setting up  
>>>>>> delegates:
>>>>>>
>>>>>> Example add user 'A' as a delegate/proxy for user 'B'.
>>>>>>
>>>>>> 1) In the accounts.xml, locate the user 'B' account entry.
>>>>>>
>>>>>> 2) Add a <proxies> element to user B entry if one is not  
>>>>>> already present.
>>>>>>
>>>>>> 3) Inside the <proxies> element add an element for user 'A'  
>>>>>> thusly:
>>>>>>
>>>>>> <member type="users">A</member>
>>>>>>
>>>>>> replace 'A' with the actual user id.
>>>>>>
>>>>>> 4) In your web browser, navigate to /principals/users/B  
>>>>>> (substituting the user id for B). Copy the principal-URL value  
>>>>>> you see there (it will start with /principals/__uids__/).
>>>>>>
>>>>>> 5) In iCal create a new CalDAV account. For the user id enter  
>>>>>> user A's user id. For the password use user A's password.  
>>>>>> Expand down the 'Server Options" section and enter the  
>>>>>> principal-URL value for user B into the Account URL field. Then  
>>>>>> click Add.
>>>>>>
>>>>>> 6) After that the calendars for user B will appear in iCal.  
>>>>>> Note that this is being accessed by user A (i.e. using user A's  
>>>>>> login/password). So user B's login/password is kept private to  
>>>>>> them. User A will have full read-write access to user B's  
>>>>>> calendar data.
>>>>>>
>>>>>
>>>>> Okay, I have 3 accounts configured in iCal now:
>>>>>
>>>>> 1) my account (user A)
>>>>> 2) my test account (user B)
>>>>> 3) the account you requested me to create here using the  
>>>>> username and password for user A, and the following server  
>>>>> address:
>>>>> 	
>>>>> https://mydomain:8443/principals/__uids__/test/
>>>>>
>>>>> I have setup delegation for user A so that I can access user B  
>>>>> using the delegation tab in the iCal GUI
>>>>>
>>>>> Here is my accounts XML file:
>>>>>
>>>>>
>>>>> <user>
>>>>> <uid>userA</uid>
>>>>> <guid>userA</guid>
>>>>> <password>password</password>
>>>>> <name>user A</name>
>>>>> </user>
>>>>> <user>
>>>>> <uid>userB</uid>
>>>>> <guid>userB</guid>
>>>>> <password>password</password>
>>>>> <name>user B</name>
>>>>> </user>
>>>>> <user>
>>>>>
>>>>>
>>>>> <location>
>>>>> <uid>userA</uid>
>>>>> <password>password</password>
>>>>> <name>user A</name>
>>>>> <auto-schedule/>
>>>>> <proxies>
>>>>> <member type="users">userB</member>
>>>>> </proxies>
>>>>> </location>
>>>>>
>>>>> <location>
>>>>> <uid>userB</uid>
>>>>> <password>password</password>
>>>>> <name>user B</name>
>>>>> <auto-schedule/>
>>>>> <proxies>
>>>>> <member type="users">userA</member>
>>>>> </proxies>
>>>>> </location>
>>>>>
>>>>>
>>>>> The result: no noticeable change. I was expecting that anything  
>>>>> I'd write to the delegate calendar would be available under user  
>>>>> B's calendar and vice versa.
>>>>>
>>>>> Have I done something wrong here?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> - -----------
>>>>> Joe Auty
>>>>> NetMusician: web publishing software for musicians
>>>>> http://www.netmusician.org
>>>>> joe at netmusician.org
>>>>>
>>>>>
>>>>> -----BEGIN PGP SIGNATURE-----
>>>>> Version: GnuPG v1.4.7 (Darwin)
>>>>>
>>>>> iD8DBQFHPoXFCgdfeCwsL5ERAoGCAJ4r9IFaDqsMjteygSGNlepQZt9LXQCfVfIH
>>>>> RBp/h3FvSrQtQZkG9qTAUOM=
>>>>> =inbp
>>>>> -----END PGP SIGNATURE-----
>>>>> _______________________________________________
>>>>> calendarserver-users mailing list
>>>>> calendarserver-users at lists.macosforge.org
>>>>> http://lists.macosforge.org/mailman/listinfo/calendarserver-users
>>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.7 (Darwin)
>>>
>>> iD8DBQFHP9UwCgdfeCwsL5ERAgCqAJ9Ix1sykKweeJQ86i90D3RvO929WgCeO/dS
>>> K4NaKE+Nbw4BwxwOWqpeFKU=
>>> =zVN6
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> calendarserver-users mailing list
>>> calendarserver-users at lists.macosforge.org
>>> http://lists.macosforge.org/mailman/listinfo/calendarserver-users
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (Darwin)
>>
>> iD8DBQFHP9WPCgdfeCwsL5ERAoEeAJ9tm3WGfp6q3XxoCXAjKf2k4fvR4gCeJTBY
>> crpjuFBLjHzDtfu+r/RCaF0=
>> =X0Md
>> -----END PGP SIGNATURE-----
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHQLRKCgdfeCwsL5ERAg9sAJ42bFx/t6sNeIn1RK6/DILzU7J4mACfTD6K
ea743KRfB0TptJ8yOS9ywTE=
=RYU9
-----END PGP SIGNATURE-----