Added page "ConfiguringLDAP" by [email protected] from 17.224.21.17*
Page URL: <http://trac.calendarserver.org/wiki/ConfiguringLDAP>
Content:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
By default, Calendar Server fetches users and groups from the configured
directory service, and locations and resources from a local XML file. If you
would like all four record types to come out of LDAP, modify the caldavd.plist
as follows:
1) Disable the resource/location XML service by changing "ResourceService >
Enabled" to false:
{{{
<key>ResourceService</key>
<dict>
<key>Enabled</key>
<false/>
}}}
2) Add a "recordTypes" array to the "DirectoryService > params" dictionary, as
well as configuring the DN's and attributes your LDAP server uses. Each record
type has an RDN (the dn relative to your base dn), and a mapping of calendar
server record field names to LDAP attributes:
{{{
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
<string>locations</string>
<string>resources</string>
</array>
<key>cacheTimeout</key>
<integer>10</integer>
<key>uri</key>
<string>ldap://ldapserver.example.com/</string> <!-- your ldap server
url -->
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>never</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string>uid=admin,ou=people,o=example.com</string> <!-- dn to auth as
-->
<key>password</key>
<string>PASSWORD</string> <!-- password to auth with -->
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>o=example.com</string> <!-- your base dn -->
<key>guidAttr</key>
<string>GUID</string> <!-- LDAP attribute used for GUIDs -->
<key>users</key>
<dict>
<key>rdn</key>
<string>ou=people</string> <!-- dn for users (relative to base dn)
-->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>uid</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>ou=groups</string> <!-- dn for groups (relative to base dn)
-->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>locations</key>
<dict>
<key>rdn</key>
<string>ou=locations</string> <!-- dn for locations (relative to
base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>resources</key>
<dict>
<key>rdn</key>
<string>ou=resources</string> <!-- dn for resources (relative to
base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>uniqueMember</string> <!-- LDAP attribute which indicates
members of a group -->
<key>nestedGroupsAttr</key>
<string></string>
<key>memberIdAttr</key>
<string></string>
</dict>
<key>resourceSchema</key>
<dict>
<key>resourceInfoAttr</key>
<string></string>
<key>autoScheduleAttr</key>
<string></string>
<key>autoScheduleEnabledValue</key>
<string></string>
<key>proxyAttr</key>
<string></string>
<key>readOnlyProxyAttr</key>
<string></string>
</dict>
</dict>
</dict>
}}}
-------8<------8<------8<------8<------8<------8<------8<------8<--------
* The IP shown here might not mean anything if the user or the server is
behind a proxy.
--
Calendar and Contacts Server </>
HTTP/WebDAV/CalDAV Server
This is an automated message. Someone at / added your email
address to be notified of changes on ConfiguringLDAP. If it was not you, please
report to .
_______________________________________________
calendarserver-dev mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo/calendarserver-dev
