[CalendarServer-users] several questions on Calendarservice (on Debian) V.1.2.dfsg-8

Georg Troska georg.troska at uni-dortmund.de
Thu Apr 30 02:36:08 PDT 2009

Hi I'm not a real expert, but I hope I can answer you a few questions
Am 28.04.2009 um 16:10 schrieb Jochen Grotepass:

> Hello List,
> please apologize for questions that might have been answered  
> already. I
> read thru the list until August 2008 and did not find answers to my
> questions below.
> Upfront some information on what I try to archive and what we have...
> More than three years ago we went away from Exchange into a more
> multi-OS solution. We have different sort of OS - namely OSX (10.5.x),
> Debian (Sidux), Windows (XP). Our internal Calendarserver is right  
> now a
> DavICal (formerly RSCDS) setup running on a Debian server. As one of  
> the
> Mac users I was always looking into the progress of Calendarserver. We
> were now asked by some small companies and non-profit organization to
> provide Email and Calenderservice. Thats when I realized that  
> meanwhile
> Debian has the Calendarserver Package. So I give it a try and  
> installed
> it. Playing a bit arround I found it working. Right now, I use the
> XML-based accounts structure because the nss-ldap based implementation
> had too many issues related to our naming structure. Creating the
> accounts.xml automagically from the ldap directory for our users is a
> pretty easy task (except the Password ;) ) - so I gave that solution  
> the
> first try.

Thats my way as well, I didn't manage to get the NSS-Thing working. So  
a wrote a shell script to create the account.xml from LDAP Database
> Here now my questions:
> 1. Multidomain Calserver
> Based on the service we were asked for, we setup the Email service for
> an multi-domain scenario. Start to think how the Calendarserver might
> work with it, started the first questions. As far as I understand from
> the mailing list and some other internet sources, the caldavd.plist
> defines the location of the calendar files in the "DocumentRoot" Tag.
> Because I wanted to seperate the principals based on their domain to
> prevent security side effects I have had no idea at the first sight.  
> So
> I thought about to setup different servers listening on different  
> ports
> and use an apache reverse proxy to point to the propper service.
> Q: Is this a feasible plan or does anybody here has a better solution?

Security effects? What do you mean. My calendarserver is running on  
its own virtual server. I do not understand
> 2. Permissions
> I have read that giving read-permissions on user/group based calendars
> is a task that the client software should provide. We use currently
> Lightning (still 0.9 because of Thunderbird 2) and I have no chance to
> provide any permissions using this client.
> Q: Is there any command-line based tool that I can use? - If so, I  
> would
> create an admin/user Interface to provide the permissions dialogue.

As I understand there is a way to set permissions with iCal e.g. but  
this is not implemented on server-side. There is a tool called  
ClientLibrary. Since a few days this tools allows kerberos-logins as  
well. But I haven't tried this out yet. If it works one can think of  
setting permission that are stored in LDAP
> 3. Authentication
> As of now, I used the Digest Authentication (not sure if Lightning
> provides Kerberos Authentication).
Digist is not good ;-) Lighning does Kerberos! You have to set  
network.negotiate...something to your caldav-URL

> Every hour I got requested to provide
> a new Login via Lightning. As far as I have read thru the list, I knew
> that Lightning might not be the best solution because of still open  
> bugs
> in the CalDav implementation. However the error I can see in the error
> log says that the "nonce value is invalid". Searching through google I
> have not found a solution yet.
I use lighning on some machines with kerberos. And this is working  
very well
> Q: Does anybody have a clue on these messages:
> 2009-04-28 13:44:11+0200 [-] [caldav-8008]  [HTTPChannel, 
> 240,]
> 'Authentication failed: Digest credentials expired'
> 2009-04-28 13:44:11+0200 [-] [caldav-8008]  [HTTPChannel, 
> 241,]
> PROPFIND /calendars/groups/Familie/calendar/ HTTP/1.1
> 2009-04-28 13:44:11+0200 [-] [caldav-8008]  [HTTPChannel, 
> 241,]
> 'Authentication failed: Invalid nonce value:  
> 19270429311356917781566817204'
> 4. iCal Client Error
> Because I wanted to play with the item 2 (Permissions) I tried to use
> the iCal client on my mac. Unfortunately I got an error that blocks me
> from creating that Calendar in iCal. The Error Message
> "Bei der Anfrage ist ein unerwarteter Fehler aufgetreten (Domain  
> „CalDAV
> No Calendar Home Error“/Fehler 1)." (sorry for the German message) -
> keeps me away from testing with iCal. I checked in the access log and
> the error log and cannot see any difference in the path to the  
> Lightnng
> URL.
> Q: Can somebody give me a hint what this error mean?

Maybe there is omething wrong in you accounts.xml or the path you have  
used is bad. The path you have to use in iCal differs from that in  
lightning. I'm using https://<hostname>:8443/principals/groups/e4/ in  
iCal but https://<hostname>:8443/calendars/groups/e4/<calendarname> in  
> Sorry for the long list of questions. I would really like to use this
> package if I could see a clear path to solve my current issues/ 
> challenges...
> Thanks for any advice or hint that helps me to solve those  
> questions...

I guess the docuentation is still bad. I have had lots of problems in  
the beginnin as well. I want to start using person-based calendars,  
not group based, but I'm still working on it. Do you have any  
expertise in this?

> Jochen
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users

More information about the calendarserver-users mailing list