[prev in list] [next in list] [prev in thread] [next in thread]
List: calendarserver-users
Subject: Re: [CalendarServer-users] Users and Groups from AD
From: Dennison Williams <dennison.williams () gmail ! com>
Date: 2012-11-30 2:20:35
Message-ID: 50B817F3.4020506 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 11/29/2012 10:46 AM, Morgen Sagen wrote:
> On Nov 28, 2012, at 9:17 PM, Dennison Williams <dennison.williams@gmail.com> wrote:
>
> > I am currently trying to configure calendarserver to pull users and
> > groups from Microsoft Active Directory and I am having a hard time
> > figuring out the schema that is required for the mapping to the calendar
> > server filed names. The documentation
> > (http://trac.calendarserver.org/wiki/ConfiguringLDAP) does not clarify
> > it for me either. Are the definitions one for one in the RFC (I have
> > not read through that yet)?
> >
> > For example:
> >
> > <key>users</key>
> > <dict>
> > <key>rdn</key>
> > <string></string> <!-- this is included in my basdn
> > specified elsewhere -->
> > <key>attr</key> <!-- this is the calendarserver field name
> > ? -->
> > <string>uid</string><!-- and this is the related field in
> > the LDAP qurey results? If so how do I find out what it is expecting
> > here? Is this a mapping to a UNIX uid? Im confused -->
> > <key>emailSuffix</key> <!-- how is this used ? -->
> > <string></string>
> > <key>filter</key>
> > <string></string> <!-- This would be the filter for
> > filtering out all of the results we are not interested in right? -->
> > </dict>
> >
> > Thanks for any help!
> > Dennison Williams
> > _______________________________________________
> > calendarserver-users mailing list
> > calendarserver-users@lists.macosforge.org
> > http://lists.macosforge.org/mailman/listinfo/calendarserver-users
>
> I'll start by saying I haven't heard of anyone pointing calendar server directly at \
> Active Directory, so you'd be blazing new trails.
Ill give it my best shot!
> I just noticed the caldavd-test.plist in the open source project was a bit out of \
> date for the LDAP section, so I just updated it with what's on \
> http://trac.calendarserver.org/wiki/ConfiguringLDAP . You should copy that \
> DirectoryService section into your own plist and start from there.
Thanks for updating that!
> Unfortunately I'm not familiar enough with the Active Directory LDAP schema to set \
> up the mapping either. You'd need to find out what LDAP attribute AD uses for \
> GUIDs, and set that as the value for guidAttr in the plist. Then for each of the 4 \
> record types supported (users, groups, locations, and resources), set the rdn value \
> that your AD uses, as well as fill out each "mapping" section per record type. \
> Each mapping section maps a calendar server concept to its LDAP equivalent.
Thanks for the feedback. I think I got the basic mapping right, but its
not working and I am trying to debug the issue. I set logging to debug, but I am not \
seeing any evidence of it hitting the ldap server in the logs. Steps to be taken on \
this are examining network behavior with tcpdump and reading through the code, but I \
thought I would make sure the functionality I am looking for even exists first. I am \
making the assumption that the users I configure in the "users" section should be \
able to authenticate against AD via calendarserver LDAP Resource and should be able \
to create calendars and set permissions on calendars via groups that are pulled from \
AD via the settings in the "groups" section. is this assumption correct?
I feel like I am getting close to topics for the developer list. Should I take this \
there?
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 11/29/2012 10:46 AM, Morgen Sagen
wrote:<br>
</div>
<blockquote
cite="mid:748ECA0D-917A-4478-9C41-FAC4C4C0BB17@apple.com"
type="cite">
<pre wrap="">
On Nov 28, 2012, at 9:17 PM, Dennison Williams <a class="moz-txt-link-rfc2396E" \
href="mailto:dennison.williams@gmail.com"><dennison.williams@gmail.com></a> \
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I am currently trying to configure calendarserver to pull users \
and groups from Microsoft Active Directory and I am having a hard time
figuring out the schema that is required for the mapping to the calendar
server filed names. The documentation
(<a class="moz-txt-link-freetext" \
href="http://trac.calendarserver.org/wiki/ConfiguringLDAP">http://trac.calendarserver.org/wiki/ConfiguringLDAP</a>) \
does not clarify it for me either. Are the definitions one for one in the RFC (I \
have not read through that yet)?
For example:
<key>users</key>
<dict>
<key>rdn</key>
<string></string> <!-- this is included in my basdn
specified elsewhere -->
<key>attr</key> <!-- this is the calendarserver field name
? -->
<string>uid</string><!-- and this is the related field in
the LDAP qurey results? If so how do I find out what it is expecting
here? Is this a mapping to a UNIX uid? Im confused -->
<key>emailSuffix</key> <!-- how is this used ? -->
<string></string>
<key>filter</key>
<string></string> <!-- This would be the filter for
filtering out all of the results we are not interested in right? -->
</dict>
Thanks for any help!
Dennison Williams
_______________________________________________
calendarserver-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:calendarserver-users@lists.macosforge.org">calendarserver-users@lists.macosforge.org</a>
<a class="moz-txt-link-freetext" \
href="http://lists.macosforge.org/mailman/listinfo/calendarserver-users">http://lists.macosforge.org/mailman/listinfo/calendarserver-users</a>
</pre>
</blockquote>
<pre wrap="">
I'll start by saying I haven't heard of anyone pointing calendar server directly at \
Active Directory, so you'd be blazing new trails.
</pre>
</blockquote>
<br>
<div class="moz-text-plain" wrap="true" graphical-quote="true"
style="font-family: -moz-fixed; font-size: 12px;" lang="x-western">
<pre wrap="">Ill give it my best shot!
</pre>
<blockquote type="cite" style="color: #000000;">
<pre wrap="">I just noticed the caldavd-test.plist in the open source project \
was a bit out of date for the LDAP section, so I just updated it with what's on <a \
class="moz-txt-link-freetext" \
href="http://trac.calendarserver.org/wiki/ConfiguringLDAP">http://trac.calendarserver.org/wiki/ConfiguringLDAP</a> \
. You should copy that DirectoryService section into your own plist and start from \
there.
</pre>
</blockquote>
<pre wrap="">Thanks for updating that!
</pre>
<blockquote type="cite" style="color: #000000;">
<pre wrap="">Unfortunately I'm not familiar enough with the Active Directory \
LDAP schema to set up the mapping either. You'd need to find out what LDAP attribute \
AD uses for GUIDs, and set that as the value for guidAttr in the plist. Then for \
each of the 4 record types supported (users, groups, locations, and resources), set \
the rdn value that your AD uses, as well as fill out each "mapping" section per \
record type. Each mapping section maps a calendar server concept to its LDAP \
equivalent. </pre>
</blockquote>
<pre wrap="">
Thanks for the feedback. I think I got the basic mapping right, but its
not working and I am trying to debug the issue. I set logging to debug, but I am not \
seeing any evidence of it hitting the ldap server in the logs. Steps to be taken on \
this are examining network behavior with tcpdump and reading through the code, but I \
thought I would make sure the functionality I am looking for even exists first. I am \
making the assumption that the users I configure in the "users" section should be \
able to authenticate against AD via calendarserver LDAP Resource and should be able \
to create calendars and set permissions on calendars via groups that are pulled from \
AD via the settings in the "groups" section. is this assumption correct?
I feel like I am getting close to topics for the developer list. Should I take this \
there? </pre>
</div>
</body>
</html>
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/calendarserver-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic