[CalendarServer-users] OpenLDAP & calendarserver
Fredrik Unger
fred at tree.se
Wed Apr 6 01:35:37 PDT 2011
Hi,
> as I understand, there is possible to get together OpenLDAP and
> calendarserver. However it is not clear, how record in LDAP should
> looks like.
> From my initial test it seems, that structure in OpenLDAP has to be
> altered a little to support Apple UUIDs for groups and users. Or I
> simply doing anything wrong?
I have so far been successful with a simple calendar accessed from Sunbird.
My ldap setup is a standard ou=people,dc=example,dc=com structure filled with OpenLDAPPersons.
The caldavd.plist section [1] was a simple rework for the one supplied by Debian.
I am not using resources or location.
# user, people, example.com
dn: uid=user,ou=people,dc=example,dc=com
givenName: Name
sn: Lastname
userPassword:: hashedpassword
loginShell: /bin/bash
uidNumber: NNNN
gidNumber: MMMM
mail: user at example.com
uid: user
objectClass: OpenLDAPperson
objectClass: posixAccount
cn: Name Lastname
homeDirectory: /home/user
In this case it is also a posixAccount, but I do not think that makes a difference.
> Can anybody send me example of working OpenLDAP configuration with
> LDIF,caldavd.plist files. I also need working iMIP gateway. I was able
> to make it work with accounts.xml file, but I would like to see it in
> LDAP.
I do not use iMIP.
> I am using debian squeeze with calendarserver 2.4
Me too, still interested in hints how to get a workable solution for groups, on 2.4.
http://www.mail-archive.com/calendarserver-users@lists.macosforge.org/msg01743.html
[1]
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>cacheTimeout</key>
<integer>30</integer>
<key>realmName</key>
<string>Calendar Realm</string>
<key>uri</key>
<string>ldapi://%2fvar%2frun%2fslapd%2fldapi</string>
<!-- <string>ldaps://example.com/</string> -->
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>demand</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string></string>
<key>password</key>
<string></string>
</dict>
<key>authMethod</key>
<string>LDAP</string>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>dc=example,dc=com</string>
<key>guidAttr</key>
<string>entryUUID</string>
<key>users</key>
<dict>
<key>rdn</key>
<string>ou=people</string>
<key>attr</key>
<string>uid</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string>(objectClass=OpenLDAPPerson)</string>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>ou=groups</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
<key>locations</key>
<dict>
<key>rdn</key>
<string>ou=Locations</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
<key>resources</key>
<dict>
<key>rdn</key>
<string>ou=Resources</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>member</string>
<key>memberIdAttr</key>
<string></string>
</dict>
</dict>
</dict>
More information about the calendarserver-users
mailing list