[CalendarServer-users] Users in LDAP: restrictEnabledRecords not working?

Morgen Sagen sagen at apple.com
Thu Aug 23 08:47:24 PDT 2012



This looks like a bug.  The LDAP server we test against has an LDAP attribute specifically for nested groups, so we've not run into this problem.  If you want to fix ldapdirectory.py by hand you could add "nestedGroups = []" just above the "if len(result) == 1" line in the restrictedGUIDs( ) method, and make sure the new line is at the same indention as the "if" statement.  I'll fix this in svn.

> 
> 
> On Aug 23, 2012, at 8:32 AM, tobiasbp <tobiasbp at gmail.com> wrote:
> 
>> I'm running calendarserver 3.2 with the packages available in Debian
>> Wheezy (Unstable). I have my users and groups in LDAP.
>> 
>> I can list my users and groups using the command
>> "calendarserver_manage_principals".
>> 
>> I would like to restrict calendar users to members of group "calendar_admins"
>> 
>> 
>> I update my caldavd.plist liek this:
>> 
>> <key>restrictEnabledRecords</key>
>> <true/>
>> <key>restrictToGroup</key>
>> <string>calendar_admins</string>
>> 
>> 
>> After the change, I can no longer list my users:
>> 
>> su caldavd -p -c "calendarserver_manage_principals --list-principals users"
>> 
>> Traceback (most recent call last):
>> File "/usr/bin/calendarserver_manage_principals", line 32, in <module>
>>   main()
>> File "/usr/lib/python2.7/dist-packages/calendarserver/tools/principals.py",
>> line 303, in main
>>   records = list(config.directory.listRecords(listPrincipals))
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py",
>> line 115, in listRecords
>>   records = self._query("listRecords", recordType)
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py",
>> line 192, in _query
>>   *[a[len(service.recordTypePrefix):] for a in args]
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py",
>> line 320, in listRecords
>>   if self.restrictedGUIDs is not None:
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py",
>> line 525, in restrictedGUIDs
>>   self._cachedRestrictedGUIDs =
>> set(self._expandGroupMembership(members, nestedGroups,
>> returnGroups=True))
>> UnboundLocalError: local variable 'nestedGroups' referenced before assignment
>> 
>> 
>> Turning off restrictEnabledRecords again like this lets me list my users again:
>> <key>restrictEnabledRecords</key>
>> <false/>
>> 
>> 
>> Any ideas? Looks like a bug to me.
>> _______________________________________________
>> calendarserver-users mailing list
>> calendarserver-users at lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo/calendarserver-users
> 



More information about the calendarserver-users mailing list