<p dir="ltr">Thanks Cyrus!</p>
<p dir="ltr">On Feb 24, 2014 5:01 PM, "Cyrus Daboo" <<a href="mailto:cdaboo@apple.com">cdaboo@apple.com</a>> wrote:<br>
><br>
> Hi Atli,<br>
><br>
><br>
> --On February 24, 2014 at 4:53:03 PM +0000 Atli Thorbjornsson <<a href="mailto:atlithorn@gmail.com">atlithorn@gmail.com</a>> wrote:<br>
><br>
>> From the client browser I can see that the proxies are stored under eg.<br>
>><br>
>> /principals/users/user09/calendar-proxy-write<br>
>><br>
>> If I am user09 can I dynamically add other users to these resources via<br>
>> http or do these proxies have to be set up beforehand via the directory<br>
>> service?<br>
>><br>
>> Can I add groups to these proxies instead of users? So an "admin-group"<br>
>> belongs to calendar-proxy-write instead of constantly making sure all<br>
>> admins are in there?<br>
><br>
><br>
> The calendar-proxy-write and calendar-proxy-read "sub-principal" resources are in effect "groups". So If user09 wants to make user10 a read-write proxy, all they need to do is add user10 to the DAV:group-member-set WebDAV property of the user09 calendar-proxy-write resource. So a simple PROPPATCH:<br>
><br>
> PROPPATCH /principals/users/user09/calendar-proxy-write HTTP/1.1<br>
> Host: localhost<br>
> ...<br>
><br>
> <?xml version="1.0" encoding="utf-8" ?><br>
> <D:propertyupdate xmlns:D="DAV:"><br>
> <D:set><br>
> <D:prop><br>
> <D:group-member-set><D:href>/principals/users/user10</D:href></D:group-member-set><br>
> </D:prop><br>
> </D:set><br>
> </D:propertyupdate><br>
><br>
> Note that you have to re-write the DAV:group-member-set each time, so you need to get the existing list first and make changes to that as a whole, then update the entire list via the PROPPATCH.</p>
<p dir="ltr">That's exactly what I need, perfect.</p>
<p dir="ltr">> And yes, our server does support adding group principals into the DAV:group-member-set property and the server takes care of automatically "expanding" that and effectively making all members of that group a proxy for the relevant user.</p>
<p dir="ltr">Even better. Out of curiosity, is that "expansion" cached? If a user is subsequently removed from a group in my custom directory service would I need to somehow clear the cache or is the directory service queried every time?</p>
<p dir="ltr">> -- <br>
> Cyrus Daboo<br>
></p>
<p dir="ltr">Thanks again,</p>
<p dir="ltr">Atli<br>
</p>