[CalendarServer-users] Users and Groups from AD

Dennison Williams dennison.williams at gmail.com
Thu Nov 29 18:20:35 PST 2012 

On 11/29/2012 10:46 AM, Morgen Sagen wrote:
> On Nov 28, 2012, at 9:17 PM, Dennison Williams <dennison.williams at gmail.com> wrote:
>
>> I am currently trying to configure calendarserver to pull users and
>> groups from Microsoft Active Directory and I am having a hard time
>> figuring out the schema that is required for the mapping to the calendar
>> server filed names.  The documentation
>> (http://trac.calendarserver.org/wiki/ConfiguringLDAP) does not clarify
>> it for me either.  Are the definitions one for one in the RFC (I have
>> not read through that yet)?
>>
>> For example:
>>
>> <key>users</key>
>>          <dict>
>>            <key>rdn</key>
>>            <string></string> <!-- this is included in my basdn
>> specified elsewhere -->
>>            <key>attr</key>  <!-- this is the calendarserver field name
>> ? -->
>>            <string>uid</string><!-- and this is the related field in
>> the LDAP qurey results?  If so how do I find out what it is expecting
>> here?  Is this a mapping to a UNIX uid? Im confused -->
>>            <key>emailSuffix</key> <!-- how is this used ? -->
>>            <string></string>
>>            <key>filter</key>
>>            <string></string> <!-- This would be the filter for
>> filtering out all of the results we are not interested in right? -->
>>          </dict>
>>
>> Thanks for any help!
>> Dennison Williams
>> _______________________________________________
>> calendarserver-users mailing list
>> calendarserver-users at lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo/calendarserver-users
>
> I'll start by saying I haven't heard of anyone pointing calendar server directly at Active Directory, so you'd be blazing new trails.
>

Ill give it my best shot!

> I just noticed the caldavd-test.plist in the open source project was a bit out of date for the LDAP section, so I just updated it with what's on http://trac.calendarserver.org/wiki/ConfiguringLDAP .  You should copy that DirectoryService section into your own plist and start from there.
>
Thanks for updating that!

> Unfortunately I'm not familiar enough with the Active Directory LDAP schema to set up the mapping either.  You'd need to find out what LDAP attribute AD uses for GUIDs, and set that as the value for guidAttr in the plist.  Then for each of the 4 record types supported (users, groups, locations, and resources), set the rdn value that your AD uses, as well as fill out each "mapping" section per record type.  Each mapping section maps a calendar server concept to its LDAP equivalent.

Thanks for the feedback.  I think I got the basic mapping right, but its
not working and I am trying to debug the issue.  I set logging to debug, but I am not seeing any evidence of it hitting the ldap server in the logs.  Steps to be taken on this are examining network behavior with tcpdump and reading through the code, but I thought I would make sure the functionality I am looking for even exists first.  I am making the assumption that the users I configure in the "users" section should be able to authenticate against AD via calendarserver LDAP Resource and should be able to create calendars and set permissions on calendars via groups that are pulled from AD via the settings in the "groups" section.  is this assumption correct?


I feel like I am getting close to topics for the developer list.  Should I take this there?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20121129/01a884dd/attachment.html>

More information about the calendarserver-users mailing list