[CalendarServer-users] OpenLDAP & calendarserver

BarbUk barbarisme at gmail.com
Wed Apr 20 00:59:00 PDT 2011 

Hi, 


Ladislav Wartha wrote:
> 
> Before I used openLDAP i was using account.xml file and there it was
> working just fine.
> 
> Any advice?
> 

Have you try to had the login and the password of your principal admin in
the imip section ?

<!-- iMIP protocol options -->
      <key>iMIP</key>
      <dict>
        <key>Enabled</key>
        <true/>
        <key>MailGatewayServer</key>
        <string>localhost</string>
        <key>MailGatewayPort</key>
        <integer>62310</integer>
        <key>Username</key>
        <string>ADMINUSERNAME</string>
        <key>Password</key>
        <string>ADMINPASSWORD</string>
....

It work for me with an account (not com.apple.calendarserver) in the
account.xml file + the users UID in <key>AdminPrincipals</key>.

But i have a problem with my DCS/ldap installation. The auth and calendars
works but i have two major issues :
  - when i add an invitation for a meeting, the free/busy is working nice,
but all email are replaced with "urn:uuid:.......". In my caldavs.plist, I
have the key "<key>guidAttr</key>" defined to entryUUID, but no such field
in my ldap. My ldap have a field SambaUid, which is a unique key for each
user. I change the <key>guidAttr</key> to that. Now, all my principals have
an address with the sambaUid (/principal/users/__uuid__/$SAMBAUID), and the
calendars are working in lighting, but email for meeting are now replaced
with the sambaUid. Why the uuid isn't replaced with the mail field of the
ldap ?

  - When i try to invite a stranger (not a user in my ldap), there is a
modification error in lightning, and the DCS log tells me that the email is
not in my ldap  http://hpaste.org/45871/dcs_ldap_error
http://hpaste.org/45871/dcs_ldap_error .
But this is a blocking event, there is no modification in the calendar, and
an error popup in lightning.

I use DCS 2.4 with Debian Squeeze and lightning 1b2 (i also try with 1b3).
My ldap configuration is very similar to the one provided by Fredrik, with a
SambaUID replacing the GidNumber.

This is my caldavd.plist  http://hpaste.org/45872/caldavdplist
http://hpaste.org/45872/caldavdplist 


Ladislav Wartha wrote:
> 
> Thanks,
> 
> Now is calendarserver working with OpenLDAP, however there is still
> one issue - iMIP
> 
> For some reason, com.apple.calendarserver user cannot be authenticated
> against calendar server
> 
> 2011-04-06 11:04:07+0200 [-] [caldav-8008]
> [AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.imip#error]
> Could not do server-to-imip request :
> <twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x3990a50>
> Mail gateway not able to process reply; could not authenticate user
> com.apple.calendarserver with calendar server
> 2011-04-06 11:04:07+0200 [-] [caldav-8008]
> [AuthorizedHTTPGetter,client]
> [twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error
> during PUT for mailto:xxx at xxxx: None
> 
> User com.apple.calendarserver is in OpenLDAP configuration with dn:
> cn:com.apple.calendarserver,ou=people,dc=example,dc=com
> 
> Using same account I am able to authenticate users without issue. I
> also get entryUUID and add it to admin principals, but it still
> doesn't work.
> 
> Before I used openLDAP i was using account.xml file and there it was
> working just fine.
> 
> Any advice?
> 
> 2011/4/6, Fredrik Unger <fred at tree.se>:
>> Hi,
>>
>>> as I understand, there is possible to get together OpenLDAP and
>>> calendarserver. However it is not clear, how record in LDAP should
>>> looks like.
>>>  From my initial test it seems, that structure in OpenLDAP has to be
>>> altered a little to support Apple UUIDs for groups and users. Or I
>>> simply doing anything wrong?
>>
>> I have so far been successful with a simple calendar accessed from
>> Sunbird.
>>
>> My ldap setup is a standard ou=people,dc=example,dc=com structure filled
>> with OpenLDAPPersons.
>> The caldavd.plist section [1] was a simple rework for the one supplied by
>> Debian.
>> I am not using resources or location.
>>
>> # user, people, example.com
>> dn: uid=user,ou=people,dc=example,dc=com
>> givenName: Name
>> sn: Lastname
>> userPassword:: hashedpassword
>> loginShell: /bin/bash
>> uidNumber: NNNN
>> gidNumber: MMMM
>> mail: user at example.com
>> uid: user
>> objectClass: OpenLDAPperson
>> objectClass: posixAccount
>> cn: Name Lastname
>> homeDirectory: /home/user
>>
>> In this case it is also a posixAccount, but I do not think that makes a
>> difference.
>>
>>> Can anybody send me example of working OpenLDAP configuration with
>>> LDIF,caldavd.plist files. I also need working iMIP gateway. I was able
>>> to make it work with accounts.xml file, but I would like to see it in
>>> LDAP.
>>
>> I do not use iMIP.
>>
>>> I am using debian squeeze with calendarserver 2.4
>>
>> Me too, still interested in hints how to get a workable solution for
>> groups,
>> on 2.4.
>> http://www.mail-archive.com/calendarserver-users@lists.macosforge.org/msg01743.html
>>
>>
>> ...
>>
>> _______________________________________________
>> calendarserver-users mailing list
>> calendarserver-users at lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>>
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
> 
> 

-- 
View this message in context: http://old.nabble.com/OpenLDAP---calendarserver-tp31328810p31439147.html
Sent from the Calendar Server - Users mailing list archive at Nabble.com.

More information about the calendarserver-users mailing list