[CalendarServer-users] OpenLDAP & calendarserver

Ladislav Wartha lwartha at gmail.com
Wed Apr 6 02:21:24 PDT 2011 

Thanks,

Now is calendarserver working with OpenLDAP, however there is still
one issue - iMIP

For some reason, com.apple.calendarserver user cannot be authenticated
against calendar server

2011-04-06 11:04:07+0200 [-] [caldav-8008]
[AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.imip#error]
Could not do server-to-imip request :
<twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x3990a50>
Mail gateway not able to process reply; could not authenticate user
com.apple.calendarserver with calendar server
2011-04-06 11:04:07+0200 [-] [caldav-8008]
[AuthorizedHTTPGetter,client]
[twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error
during PUT for mailto:xxx at xxxx: None

User com.apple.calendarserver is in OpenLDAP configuration with dn:
cn:com.apple.calendarserver,ou=people,dc=example,dc=com

Using same account I am able to authenticate users without issue. I
also get entryUUID and add it to admin principals, but it still
doesn't work.

Before I used openLDAP i was using account.xml file and there it was
working just fine.

Any advice?

2011/4/6, Fredrik Unger <fred at tree.se>:
> Hi,
>
>> as I understand, there is possible to get together OpenLDAP and
>> calendarserver. However it is not clear, how record in LDAP should
>> looks like.
>>  From my initial test it seems, that structure in OpenLDAP has to be
>> altered a little to support Apple UUIDs for groups and users. Or I
>> simply doing anything wrong?
>
> I have so far been successful with a simple calendar accessed from Sunbird.
>
> My ldap setup is a standard ou=people,dc=example,dc=com structure filled
> with OpenLDAPPersons.
> The caldavd.plist section [1] was a simple rework for the one supplied by
> Debian.
> I am not using resources or location.
>
> # user, people, example.com
> dn: uid=user,ou=people,dc=example,dc=com
> givenName: Name
> sn: Lastname
> userPassword:: hashedpassword
> loginShell: /bin/bash
> uidNumber: NNNN
> gidNumber: MMMM
> mail: user at example.com
> uid: user
> objectClass: OpenLDAPperson
> objectClass: posixAccount
> cn: Name Lastname
> homeDirectory: /home/user
>
> In this case it is also a posixAccount, but I do not think that makes a
> difference.
>
>> Can anybody send me example of working OpenLDAP configuration with
>> LDIF,caldavd.plist files. I also need working iMIP gateway. I was able
>> to make it work with accounts.xml file, but I would like to see it in
>> LDAP.
>
> I do not use iMIP.
>
>> I am using debian squeeze with calendarserver 2.4
>
> Me too, still interested in hints how to get a workable solution for groups,
> on 2.4.
> http://www.mail-archive.com/calendarserver-users@lists.macosforge.org/msg01743.html
>
>
> [1]
>      <key>DirectoryService</key>
>      <dict>
>        <key>type</key>
>
> <string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
>
>        <key>params</key>
>        <dict>
>          <key>cacheTimeout</key>
>          <integer>30</integer>
>          <key>realmName</key>
>          <string>Calendar Realm</string>
>          <key>uri</key>
>          <string>ldapi://%2fvar%2frun%2fslapd%2fldapi</string>
>          <!-- <string>ldaps://example.com/</string> -->
>          <key>tls</key>
>          <false/>
>          <key>tlsCACertFile</key>
>          <string></string>
>          <key>tlsCACertDir</key>
>          <string></string>
>          <key>tlsRequireCert</key>
>          <string>demand</string>
>          <key>credentials</key>
>          <dict>
>            <key>dn</key>
>            <string></string>
>            <key>password</key>
>            <string></string>
>          </dict>
>          <key>authMethod</key>
>          <string>LDAP</string>
>          <key>rdnSchema</key>
>          <dict>
>            <key>base</key>
>            <string>dc=example,dc=com</string>
>            <key>guidAttr</key>
>            <string>entryUUID</string>
>            <key>users</key>
>            <dict>
>              <key>rdn</key>
>              <string>ou=people</string>
>              <key>attr</key>
>              <string>uid</string>
>              <key>emailSuffix</key>
>              <string></string>
>              <key>filter</key>
>              <string>(objectClass=OpenLDAPPerson)</string>
>            </dict>
>            <key>groups</key>
>            <dict>
>              <key>rdn</key>
>              <string>ou=groups</string>
>              <key>attr</key>
>              <string>cn</string>
>              <key>emailSuffix</key>
>              <string></string>
>              <key>filter</key>
>              <string></string>
>            </dict>
>            <key>locations</key>
>            <dict>
>              <key>rdn</key>
>              <string>ou=Locations</string>
>              <key>attr</key>
>              <string>cn</string>
>              <key>emailSuffix</key>
>              <string></string>
>              <key>filter</key>
>              <string></string>
>            </dict>
>            <key>resources</key>
>            <dict>
>              <key>rdn</key>
>              <string>ou=Resources</string>
>              <key>attr</key>
>              <string>cn</string>
>              <key>emailSuffix</key>
>              <string></string>
>              <key>filter</key>
>              <string></string>
>            </dict>
>          </dict>
>          <key>groupSchema</key>
>          <dict>
>            <key>membersAttr</key>
>            <string>member</string>
>            <key>memberIdAttr</key>
>            <string></string>
>          </dict>
>        </dict>
>      </dict>
>
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>

More information about the calendarserver-users mailing list