[prev in list] [next in list] [prev in thread] [next in thread]
List: calendarserver-dev
Subject: Re: [CalendarServer-dev] Create Users API
From: Andre LaBranche <dre () apple ! com>
Date: 2016-03-31 20:18:25
Message-ID: F2208320-9B83-473A-B675-E9C31C253614 () apple ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
> On Mar 31, 2016, at 12:54 PM, Maximiliano Sbrocca \
> <maximiliano.sbrocca@santexgroup.com> wrote:
> Many thanks Andre for your reply. For sure that this helps.
>
> One more question. As you said, in my tests I'm using the XMLs where I previously \
> created the users I need (I would use the default ones too). I saw that if you try \
> to sync a Calendar client for an account or user that doesn't exist, you'll get an \
> error.
> My question is: if you choose as auth method LDAP are the users inside the server \
> synchronized automatically?
Yes, although I wouldn't use the word 'synchronized' as that implies (to me anyway) \
that CalendarServer maintains a complete copy of everything that is also in LDAP, and \
that is not the case.
When configured to use LDAP, CalendarServer will query LDAP for any and all principal \
lookups. All the LDAP interactions are funneled through a 'sidecar' process we call \
the DirectoryProxy - this process does not service CalDAV requests, and exists only \
to serve other CalendarServer processes. The communication between CalDAV processes \
and the DirectoryProxy happens over a unix domain socket. We maintain two levels of \
caching of LDAP data, to reduce LDAP traffic, both with configurable timeouts. One \
cache is in the sidecar, and another is in each individual CalDAV daemon. So although \
CalendarServer can use any of the records in LDAP, it will only fetch and cache \
records that are used by clients or otherwise referenced by calendar data.
To customize the cache timeouts, use the following caldavd.plist options \
<http://trac.calendarserver.org/browser/CalendarServer/trunk/conf/caldavd-stdconfig.plist#L1701>. \
If not specified, the default values shown below will be used.
<key>DirectoryProxy</key>
<dict>
<key>InProcessCachingSeconds</key>
<integer>60</integer>
<key>InSidecarCachingSeconds</key>
<integer>120</integer>
</dict>
Cheers,
-dre
>
> Regards!
> Maxi
>
> On Thu, Mar 31, 2016 at 3:43 PM, Andre LaBranche <dre@apple.com \
> <mailto:dre@apple.com>> wrote: Hello,
>
> Replies inline.
>
> > On Mar 31, 2016, at 6:41 AM, Maximiliano Sbrocca \
> > <maximiliano.sbrocca@santexgroup.com \
> > <mailto:maximiliano.sbrocca@santexgroup.com>> wrote:
> > Hello everybody,
> >
> >
> > My name is Maxi and I'm analyzing caldav servers to implement in the company I'm \
> > working for. The company has an app where events are created. Once it happen, \
> > emails are sent with ICS files. The idea is to also save the events in the caldav \
> > server. I've this part working (dev mode) by calling the Darwin API \
> > (http://localhost:8008/calendars/users/ \
> > <http://localhost:8008/calendars/users/><USER>/calendar/<ICS-File>.ics and the \
> > ics file content in the request body). Then users will be able to sync their \
> > events against the caldav server. (This is also working. I was able to sync my \
> > events using Evolution and Thunderbird).
> > What I need now, is some help with the API part for users creation.
>
> There is no such API. CalendarServer itself does not act as a directory service; \
> instead it accesses an existing directory service in a read-only fashion to acquire \
> the various record types used by the service. The options for the directory backend \
> are: XML files, such as the ones you see in the SVN checkout under conf/auth, or \
> LDAP.
> The calendarserver_manage_princinpals tool does allow for creating location, \
> resource, or 'address' records (address records are used to support newer geo \
> features), but not user records. For production uses, we generally don't recommend \
> using the XML file method as it's not very interoperable. The interoperable, \
> production-grade option is LDAP. You are still free to spin your own workflow \
> around modification of the XML files, which might still be the path of least \
> resistance if you don't need to interoperate with a lot of other things.
> Hope this helps,
> -dre
>
> > Logged as the admin (admin/admin) I'm making PUT calls to:
> >
> > http://localhost:8008/calendars/users/ <http://localhost:8008/calendars/users/>
> >
> > The request header has Authorization - Basic for admin/admin and the body I'm \
> > sending is:
> > <record type="user">
> > <short-name>maxi.sbrocca</short-name>
> > <uid>maxi.sbrocca</uid>
> > <password>password</password>
> > <full-name>Maxi Sbrocca</full-name>
> > <email>maximiliano.sbrocca@santexgroup.com \
> > <mailto:maximiliano.sbrocca@santexgroup.com></email> </record>
> >
> >
> > And the response error I'm getting is:
> >
> > <?xml version='1.0' encoding='UTF-8'?>
> > <error xmlns='DAV:'>
> > <need-privileges>
> > <resource>
> > <href>/calendars/users/</href>
> > <privilege>
> > <write-content/>
> > </privilege>
> > </resource>
> > </need-privileges>
> > </error>
> >
> > I'm not seeing any console log error:
> >
> > 2016-03-31T10:40:24-0300 [caldav-0] [txweb2.server#info] PUT /calendars/users/ \
> > HTTP/1.1
> > Could you please help me to find out what I'm doing wrong?
> >
> > Thanks in advance,
> > --
> > Sbrocca Hector Maximiliano
> > Software Engineer
> >
> >
> >
> > Vélez Sársfield 576 4 ° piso.
> > Córdoba, Argentina.
> > +54 (0351) 589 7070
> > www.santexgroup.com <http://www.santexgroup.com/>
> >
> > Follow us
> >
> > <https://www.facebook.com/SantexGroup> <https://twitter.com/santexgroup> \
> > <https://plus.google.com/+Santexgroup/posts> \
> > <https://www.linkedin.com/company/129740?trk=tyah&trkInfo=clickedVertical%3Acompan \
> > y%2CclickedEntityId%3A129740%2Cidx%3A1-1-1%2CtarId%3A1442929736721%2Ctas%3Asantex> \
> > <https://www.youtube.com/user/TheSantexChannel> \
> > <http://santexgroup.com/blog/>_______________________________________________ \
> > calendarserver-dev mailing list calendarserver-dev@lists.macosforge.org \
> > <mailto:calendarserver-dev@lists.macosforge.org> \
> > https://lists.macosforge.org/mailman/listinfo/calendarserver-dev \
> > <https://lists.macosforge.org/mailman/listinfo/calendarserver-dev>
>
>
>
>
> --
> Sbrocca Hector Maximiliano
> Software Engineer
>
>
>
> Vélez Sársfield 576 4 ° piso.
> Córdoba, Argentina.
> +54 (0351) 589 7070
> www.santexgroup.com <http://www.santexgroup.com/>
>
> Follow us
>
> <https://www.facebook.com/SantexGroup> <https://twitter.com/santexgroup> \
> <https://plus.google.com/+Santexgroup/posts> \
> <https://www.linkedin.com/company/129740?trk=tyah&trkInfo=clickedVertical%3Acompany%2CclickedEntityId%3A129740%2Cidx%3A1-1-1%2CtarId%3A1442929736721%2Ctas%3Asantex> \
> <https://www.youtube.com/user/TheSantexChannel> <http://santexgroup.com/blog/>
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space;" class="">Hi,<div class=""><br \
class=""><div><blockquote type="cite" class=""><div class="">On Mar 31, 2016, at \
12:54 PM, Maximiliano Sbrocca <<a \
href="mailto:maximiliano.sbrocca@santexgroup.com" \
class="">maximiliano.sbrocca@santexgroup.com</a>> wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Many thanks \
Andre for your reply. For sure that this helps.<div class=""><br class=""></div><div \
class="">One more question. As you said, in my tests I'm using the XMLs where I \
previously created the users I need (I would use the default ones too). I saw that if \
you try to sync a Calendar client for an account or user that doesn't exist, you'll \
get an error. </div><div class=""><br class=""></div><div class="">My question \
is: if you choose as auth method LDAP are the users inside the server synchronized \
automatically? </div></div></div></blockquote><div><br class=""></div><div>Yes, \
although I wouldn't use the word 'synchronized' as that implies (to me anyway) that \
CalendarServer maintains a complete copy of everything that is also in LDAP, and that \
is not the case.</div><div><br class=""></div><div>When configured to use LDAP, \
CalendarServer will query LDAP for any and all principal lookups. All the LDAP \
interactions are funneled through a 'sidecar' process we call the DirectoryProxy - \
this process does not service CalDAV requests, and exists only to serve other \
CalendarServer processes. The communication between CalDAV processes and the \
DirectoryProxy happens over a unix domain socket. We maintain two levels of caching \
of LDAP data, to reduce LDAP traffic, both with configurable timeouts. One cache is \
in the sidecar, and another is in each individual CalDAV daemon. So although \
CalendarServer can use any of the records in LDAP, it will only fetch and cache \
records that are used by clients or otherwise referenced by calendar \
data.</div><div><br class=""></div><div>To customize the cache timeouts, use the \
following <a href="http://trac.calendarserver.org/browser/CalendarServer/trunk/conf/caldavd-stdconfig.plist#L1701" \
class="">caldavd.plist options</a>. If not specified, the default values shown below \
will be used.</div><div><br class=""></div><div><font face="Menlo" class=""> \
<key>DirectoryProxy</key><br class=""><span \
class="Apple-tab-span" style="white-space:pre"> </span><dict><br \
class=""> \
<key>InProcessCachingSeconds</key><br class=""> \
<integer>60</integer><br class=""><br \
class=""> \
<key>InSidecarCachingSeconds</key><br class=""> \
<integer>120</integer><br \
class=""> </dict></font></div><div><br \
class=""></div><div>Cheers,</div><div>-dre</div><div><br class=""></div><br \
class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div \
class=""><br class=""></div><div class="">Regards!</div><div \
class="">Maxi</div></div><div class="gmail_extra"><br class=""><div \
class="gmail_quote">On Thu, Mar 31, 2016 at 3:43 PM, Andre LaBranche <span dir="ltr" \
class=""><<a href="mailto:dre@apple.com" target="_blank" \
class="">dre@apple.com</a>></span> wrote:<br class=""><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Hello,<div \
class=""><br class=""></div><div class="">Replies inline.</div><div class=""><br \
class=""><div class=""><span class=""><blockquote type="cite" class=""><div \
class="">On Mar 31, 2016, at 6:41 AM, Maximiliano Sbrocca <<a \
href="mailto:maximiliano.sbrocca@santexgroup.com" target="_blank" \
class="">maximiliano.sbrocca@santexgroup.com</a>> wrote:</div><br class=""><div \
class=""><div dir="ltr" class="">Hello everybody,<div class=""><br class=""><div \
class=""><div class=""><br class=""></div><div class=""> My name is Maxi \
and I'm analyzing caldav servers to implement in the company I'm working for. The \
company has an app where events are created. Once it happen, emails are sent with ICS \
files. The idea is to also save the events in the caldav server. I've this part \
working (dev mode) by calling the Darwin API (<a \
href="http://localhost:8008/calendars/users/" target="_blank" \
class="">http://localhost:8008/calendars/users/</a><USER>/calendar/<ICS-File>.ics \
and the ics file content in the request body). Then users will be able to sync their \
events against the caldav server. (This is also working. I was able to sync my events \
using Evolution and Thunderbird).</div><div class=""><br class=""></div><div \
class=""> What I need now, is some help with the API part for \
users creation. </div></div></div></div></div></blockquote><div class=""><br \
class=""></div></span><div class="">There is no such API. CalendarServer itself does \
not act as a directory service; instead it accesses an existing directory service in \
a read-only fashion to acquire the various record types used by the service. The \
options for the directory backend are: XML files, such as the ones you see in the SVN \
checkout under conf/auth, or LDAP.</div><div class=""><br class=""></div><div \
class="">The calendarserver_manage_princinpals tool does allow for creating location, \
resource, or 'address' records (address records are used to support newer geo \
features), but not user records. For production uses, we generally don't recommend \
using the XML file method as it's not very interoperable. The interoperable, \
production-grade option is LDAP. You are still free to spin your own workflow around \
modification of the XML files, which might still be the path of least resistance if \
you don't need to interoperate with a lot of other things.</div><div class=""><br \
class=""></div><div class="">Hope this helps,</div><div class="">-dre</div><br \
class=""><blockquote type="cite" class=""><div class=""><div class=""><div \
class="h5"><div dir="ltr" class=""><div class=""><div class=""><div class=""> \
Logged as the admin (admin/admin) I'm making PUT calls to:</div><div \
class=""><br class=""></div><div class=""><a \
href="http://localhost:8008/calendars/users/" target="_blank" \
class="">http://localhost:8008/calendars/users/</a><br class=""></div><div \
class=""><br class=""></div><div class=""> The request header \
has Authorization - Basic for admin/admin and the body I'm sending is:</div><div \
class=""><br class=""></div><div class=""><div class=""><record \
type="user"></div><div class=""> \
<short-name>maxi.sbrocca</short-name></div><div class=""> \
<uid>maxi.sbrocca</uid></div><div class=""> \
<password>password</password></div><div class=""> \
<full-name>Maxi Sbrocca</full-name></div><div class=""> \
<email><a href="mailto:maximiliano.sbrocca@santexgroup.com" target="_blank" \
class="">maximiliano.sbrocca@santexgroup.com</a></email></div><div \
class=""> </record></div></div><div class=""><br class=""></div><div \
class=""><br class=""></div><div class=""> And the response error \
I'm getting is:</div><div class=""><br class=""></div><div class=""><div \
class=""><?xml version='1.0' encoding='UTF-8'?></div><div class=""><error \
xmlns='DAV:'></div><div class=""> <need-privileges></div><div \
class=""> <resource></div><div class=""> \
\
<href>/calendars/users/</href></div><div class=""> \
<privilege></div><div class=""> \
<write-content/></div><div class=""> \
</privilege></div><div class=""> \
</resource></div><div class=""> \
</need-privileges></div><div class=""></error></div></div><div \
class=""><br class=""></div><div class=""> I'm not seeing any console \
log error:</div><div class=""><br class=""></div><div \
class="">2016-03-31T10:40:24-0300 [caldav-0] [txweb2.server#info] PUT \
/calendars/users/ HTTP/1.1<br class=""></div><div class=""><br class=""></div><div \
class=""> Could you please help me to find out what I'm doing \
wrong?</div><div class=""> </div><div class="">Thanks in advance,</div>-- \
<br class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" \
class=""><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;margin:0px;background-color:rgb(255,255,255)" \
class=""><b style="font-family:'Times New Roman';font-size:inherit" class=""><span \
style="font-size:15px;font-family:Calibri;vertical-align:baseline;white-space:pre-wrap" \
class="">Sbrocca Hector Maximiliano</span></b><br class=""></div><div class=""><div \
dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div \
dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><font face="Calibri" class=""><span \
style="font-size:15px;white-space:pre-wrap" class="">Software \
Engineer</span></font></div><div dir="ltr" style="font-size:12.8px" class=""><font \
face="Calibri" class=""><span style="font-size:15px;white-space:pre-wrap" \
class=""><br class=""></span></font><div class=""><br class=""></div><div \
class=""><img src="http://santexgroup.com/images/Santex_logo.png" class=""><br \
class=""></div><span \
style="font-size:15px;font-family:Calibri;vertical-align:baseline" class="">Vélez \
Sársfield 576 4 ° piso.</span><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" \
class=""> </span><span \
style="font-size:15px;font-family:Calibri;color:rgb(255,0,0);font-weight:bold;vertical-align:baseline" \
class=""></span><br style="font-size:13px" class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class="">Córdoba, \
Argentina. </span><br \
style="font-size:13px" class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class="">+54 \
(0351) 589 7070 </span><br class=""><div class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class=""><font \
color="#3333ff" class=""><a href="http://www.santexgroup.com/" \
style="color:rgb(17,85,204)" target="_blank" \
class="">www.santexgroup.com</a></font></span></div><div class=""><br \
class=""></div><div class="">Follow us</div><div class=""><br class=""></div><div \
class=""><a href="https://www.facebook.com/SantexGroup" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/F.png" \
class=""></a> <a href="https://twitter.com/santexgroup" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/T.png" style="font-size:12.8px" class=""></a><span \
style="font-size:12.8px" class=""> </span><a \
href="https://plus.google.com/+Santexgroup/posts" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/G.png" \
style="font-size:12.8px" class=""></a><span style="font-size:12.8px" \
class=""> </span><a \
href="https://www.linkedin.com/company/129740?trk=tyah&trkInfo=clickedVertical%3Ac \
ompany%2CclickedEntityId%3A129740%2Cidx%3A1-1-1%2CtarId%3A1442929736721%2Ctas%3Asantex" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/L.png" style="font-size:12.8px" class=""></a><span \
style="font-size:12.8px" class=""> </span><a \
href="https://www.youtube.com/user/TheSantexChannel" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/Y.png" \
style="font-size:12.8px" class=""></a><span style="font-size:12.8px" \
class=""> </span><a href="http://santexgroup.com/blog/" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/B.png" style="font-size:12.8px" \
class=""></a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div></div></div>
_______________________________________________<br class="">calendarserver-dev \
mailing list<br class=""><a href="mailto:calendarserver-dev@lists.macosforge.org" \
target="_blank" class="">calendarserver-dev@lists.macosforge.org</a><br class=""><a \
href="https://lists.macosforge.org/mailman/listinfo/calendarserver-dev" \
target="_blank" class="">https://lists.macosforge.org/mailman/listinfo/calendarserver-dev</a><br \
class=""></div></blockquote></div><br class=""></div></div></blockquote></div><br \
class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br \
class=""><div class="gmail_signature"><div dir="ltr" class=""><div class=""><div \
dir="ltr" class=""><div style="color: rgb(34, 34, 34); font-family: arial, \
sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); margin: 0px;" \
class=""><b style="font-family: 'Times New Roman'; font-size: inherit;" \
class=""><span style="font-size:15px;font-family:Calibri;vertical-align:baseline;white-space:pre-wrap" \
class="">Sbrocca Hector Maximiliano</span></b><br class=""></div><div class=""><div \
dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div \
dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><font face="Calibri" class=""><span \
style="font-size:15px;white-space:pre-wrap" class="">Software \
Engineer</span></font></div><div dir="ltr" style="font-size:12.8000001907349px" \
class=""><font face="Calibri" class=""><span \
style="font-size:15px;white-space:pre-wrap" class=""><br class=""></span></font><div \
class=""><br class=""></div><div class=""><img \
src="http://santexgroup.com/images/Santex_logo.png" class=""><br class=""></div><span \
style="font-size:15px;font-family:Calibri;vertical-align:baseline" class="">Vélez \
Sársfield 576 4 ° piso.</span><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" \
class=""> </span><span \
style="font-size:15px;font-family:Calibri;color:rgb(255,0,0);font-weight:bold;vertical-align:baseline" \
class=""></span><br style="font-size:13px" class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class="">Córdoba, \
Argentina. </span><br \
style="font-size:13px" class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class="">+54 \
(0351) 589 7070 </span><br class=""><div class=""><span \
style="vertical-align:baseline;font-size:15px;font-family:Calibri" class=""><font \
color="#3333ff" class=""><a href="http://www.santexgroup.com/" \
style="color:rgb(17,85,204)" target="_blank" \
class="">www.santexgroup.com</a></font></span></div><div class=""><br \
class=""></div><div class="">Follow us</div><div class=""><br class=""></div><div \
class=""><a href="https://www.facebook.com/SantexGroup" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/F.png" \
class=""></a> <a href="https://twitter.com/santexgroup" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/T.png" style="font-size:12.8px" class=""></a><span \
style="font-size:12.8px" class=""> </span><a \
href="https://plus.google.com/+Santexgroup/posts" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/G.png" \
style="font-size:12.8px" class=""></a><span style="font-size:12.8px" \
class=""> </span><a \
href="https://www.linkedin.com/company/129740?trk=tyah&trkInfo=clickedVertical%3Ac \
ompany%2CclickedEntityId%3A129740%2Cidx%3A1-1-1%2CtarId%3A1442929736721%2Ctas%3Asantex" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/L.png" style="font-size:12.8px" class=""></a><span \
style="font-size:12.8px" class=""> </span><a \
href="https://www.youtube.com/user/TheSantexChannel" style="color:rgb(17,85,204)" \
target="_blank" class=""><img src="http://santexgroup.com/images/Y.png" \
style="font-size:12.8px" class=""></a><span style="font-size:12.8px" \
class=""> </span><a href="http://santexgroup.com/blog/" \
style="color:rgb(17,85,204)" target="_blank" class=""><img \
src="http://santexgroup.com/images/B.png" style="font-size:12.8px" \
class=""></a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
</div></blockquote></div><br class=""></div></body></html>
_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic