[CalendarServer-users] LDAP Authentication fields

Ulrich Fourier ulrich.fourier at rockyourlife.de
Sun Apr 20 12:26:58 PDT 2014 

Hi,

thanks for your answer, Andre.
I think the " loginEnabledAttr" - option was the one I was looking for,
but I have the calendarserver in version 2.4 and the settings
(caldavd.plist) is in the plist format so I needed to convert the
loginEnabledAttr option now my ldap settings looks like this:
 <!--  OpenLDAP Directory Service -->
    <key>DirectoryService</key>
    <dict>
      <key>type</key>
     
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>

      <key>params</key>
      <dict>
        <key>cacheTimeout</key>
        <integer>30</integer>
        <key>realmName</key>
        <string>Test Realm</string>
        <key>uri</key>
        <string>ldap://localhost:389/</string>
        <key>tls</key>
        <false/>
        <key>tlsCACertFile</key>
        <string></string>
        <key>tlsCACertDir</key>
        <string></string>
        <key>tlsRequireCert</key>
        <string>demand</string>
        <key>credentials</key>
        <dict>
          <key>initials</key>
          <string>LDAPUSER</string>
          <key>password</key>
          <string>PASSWORD</string>
</dict>
        <key>authMethod</key>
        <string>LDAP</string>
        <key>rdnSchema</key>
        <dict>
          <key>base</key>
          <string>dc=rockyourlife,dc=de</string>
          <key>guidAttr</key>
          <string>entryUUID</string>
          <key>users</key>
          <dict>
            <key>rdn</key>
            <string>ou=People</string>
            <key>attr</key>
            <string>cn</string>
            <key>emailSuffix</key>
            <string></string>
            <key>filter</key>
            <string>(objectClass=inetOrgPerson)</string>
            <key>loginEnabledAttr</key>
            <string>initials</string>
            <key>loginEnabledValue</key>
            <true/>
          </dict>

I didn't changed the following group setting etc., because I'm not quite
sure if I want this feature.
I reinstalled the server, so that I'm sure there are no changes in the
source files made by myself.
Now I'm still getting the LDAP no such Object error message.
And he logs the wrong filter again:
(&(&(!(objectClass=organizationalUnit))(objectClass=inetOrgPerson))(|(uid=UlrichFourier)(userid=UlrichFourier)))

I don't want him to look at the uid or userid, I want him to compare the
username with a LDAP field called Initials.

Thank you so far
Ulrich Fourier

On Thu Apr 17 19:13:54 2014, Andre LaBranche wrote:
>
> Hi,
>
> It would be advisable to attempt to configure the ldap client for your
> site using caldavd.plist, instead of editing the code. Our ldap client
> is highly configurable / flexible, and so far I haven't found any
> reason to need to edit the source code to adapt our ldap client to a
> wide variety different ldap servers.
>
> You can look at
> http://trac.calendarserver.org/browser/CalendarServer/trunk/twistedcaldav/stdconfig.py
> under twistedcaldav.directory.ldapdirectory.LdapDirectoryService to
> see all the available settings.
>
> If the change you need cannot be represented using the plist, kindly
> let us know exactly what you're doing so we can consider making
> whatever you are doing configurable.
>
> -dre
>
> On Apr 17, 2014, at 8:18 AM, Ulrich Fourier
> <ulrich.fourier at rockyourlife.de> wrote:
>
>>
>> So i fixed it by editing the source file so that my custom field got
>> also checked.
>> Now I'm working on another error message, which also appeared earlier:
>> ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}
>>
>> I tested the request he is sending to the server(the filter and the
>> attributes) with the phpldapbrowser and got the correct response.
>> Thanks,
>> Ulrich
>>
>> On 17.04.14 15:09, Ulrich Fourier wrote:
>>>
>>> Hi everyone,
>>> A simple and stupid question:
>>> I'm currently working with the calendarserver and a ldap server.
>>> Users should be authenticated with the ldap server, but the uid field
>>> what is used by the calendarserver to look for the right user, is used
>>> for something different in my setup. I have there an integer. So how can
>>> i configure calendarserver to use the 'cn' or any other self defined
>>> field?
>>>
>>> Thank you
>>>
>>> Ulrich Fourier
>>>
>>> _______________________________________________
>>> calendarserver-users mailing list
>>> calendarserver-users at lists.macosforge.org
>>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users
>>
>> _______________________________________________
>> calendarserver-users mailing list
>> calendarserver-users at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/calendarserver-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20140420/192a8c43/attachment.html>

More information about the calendarserver-users mailing list