On 01/31/2013 12:29 PM, Morgen Sagen wrote:
> How does your LDAP schema specify group membership?  Calendar server's LDAP 
> implementation expects that a group's record explicitly lists each member by 
> a configurable attribute, e.g.
> 
> (Group record)
> dn: cn=Example Group,ou=groups,o=example.com
> member: uid=sagen,ou=people,o=example.com
> member: uid=williams,ou=people,o=example.com
> 
> The above LDAP record is for a group containing two members (you can also put 
> a nested group in there).  Your caldavd.plist should then have:
> 
>         <key>groupSchema</key>
>         <dict>
>           <key>membersAttr</key>
>           <string>member</string>
>           <key>nestedGroupsAttr</key>
>           <string></string>
>           <key>memberIdAttr</key>
>           <string></string>
>         </dict>
> 
> If nested groups are specified by a different LDAP attribute, you would 
> specify that attribute in the nestedGroupsAttr value.  If you reference the 
> group's members by an attribute other than DN, put that attribute in the 
> memberIdAttr value.
> 
> I notice that in the LDAP output you pasted, your user has a reference back 
> to the group it's a member of…
> 
>> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
> 
> …however, calendar server doesn't support following those upward references.  
> We always start with the group and work downward.

Thanks ... I updated my config and this likely fixes a few other issues
I was having, but does not resolve the subject issue.  This feedback was
helpful.

-D

> 
> ~morgen
> 
>       
> 
> On Jan 31, 2013, at 9:38 AM, Dennison Williams <dennison.willi...@gmail.com> 
> wrote:
> 
>> On 01/30/2013 10:53 PM, Glyph wrote:
>>>
>>> On Jan 30, 2013, at 8:06 PM, Dennison Williams
>>> <dennison.willi...@gmail.com <mailto:dennison.willi...@gmail.com>> wrote:
>>>
>>>> Tracing this all the way up the stack I see tha the getGroups method
>>>> receives a guid value of  set([None]), but this is not caught as I think
>>>> maybe it should be on line 675
>>>>
>>>> if guids is None:
>>>>
>>>> But because I am not super familar with this application and have
>>>> limited familiarity with python I am not sure if this indicates an issue
>>>> with my config, my environment, or the code.
>>>
>>> The LDAP directory is incredibly flexible, and can be coerced to do
>>> various insane things by setting up mappings incorrectly.  Having a copy
>>> of your caldavd.plist would be helpful when diagnosing this error.
>>> (Actually having a copy of your entire directory along with that would
>>> be even more useful, but I presume that isn't possible ;-)).
>>
>> Please see attached my caldavd.plist.  I also included a ldapsearch
>> result for the following query which shows how I am mapping the schema
>>
>> ldapsearch -x -h ad.meow.com -D 'auth' -w 'also_not_the_real_pass' -b
>> 'cn=Users,dc=meow,dc=comm' '(&(objectClass=user)(sAMAccountName=Meow))'
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=Users,dc=meow,dc=com> with scope subtree
>> # filter: (&(objectClass=user)(sAMAccountName=Meow))
>> # requesting: ALL
>> #
>>
>> # Meow Meow, Users, meow.com
>> dn: CN=Meow Meow,CN=Users,DC=meow,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Meow Meow
>> sn: Account
>> givenName: Nagios
>> distinguishedName: CN=Meow Meow,CN=Users,DC=meow,DC=com
>> instanceType: 4
>> whenCreated: 20111017230846.0Z
>> whenChanged: 20121023162519.0Z
>> displayName: Nagios Test Account
>> uSNCreated: 12446
>> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
>> uSNChanged: 304005
>> homeMTA: CN=Microsoft MTA,CN=AD,CN=Servers,CN=First Administrative Group
>> ,CN=Administrative Groups,CN=AD,CN=Microsoft Exchange,CN=Services,CN=
>> Configuration,DC=meowmeow,DC=com
>> proxyAddresses: SMTP:nag...@meow.com
>> proxyAddresses: smtp:m...@meow.com
>> proxyAddresses: smtp:m...@meow.com
>> proxyAddresses: X400:c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
>> homeMDB: CN=Mailbox Store (AD),CN=First Storage Group,CN=InformationStor
>> e,CN=AD,CN=Servers,CN=First Administrative Group,CN=Administrative Grou
>> ps,CN=meow,CN=Microsoft
>> Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
>> mDBUseDefaults: TRUE
>> mailNickname: meow
>> name: Meow Meow
>> objectGUID:: Kyz0aVBh5EGXjCt6tGMacw==
>> userAccountControl: 512
>> badPwdCount: 1
>> codePage: 0
>> countryCode: 0
>> badPasswordTime: 129958397349055788
>> pwdLastSet: 129945378370161242
>> primaryGroupID: 513
>> objectSid:: AQUAAAAAAAUVAAAARUxc9755Z7MIG4EGbgQAAA==
>> accountExpires: 9223372036854775807
>> sAMAccountName: meow
>> sAMAccountType: 805306368
>> showInAddressBook: CN=Default Global Address List,CN=All Global Address
>> Lists,
>> CN=Address Lists Container,CN=meow,CN=Microsoft Exchange,CN=Services,CN
>> =Configuration,DC=meow,DC=com
>> showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists
>> Containe
>> r,CN=meow,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
>> legacyExchangeDN: /o=meow/ou=First Administrative Group/cn=Recipients/cn
>> =meow
>> userPrincipalName: m...@meow.com
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=meow,DC=com
>> dSCorePropagationData: 16010101000000.0Z
>> lastLogonTimestamp: 129954831103763747
>> textEncodedORAddress: c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
>> mail: nag...@meow.com
>> msExchHomeServerName: /o=meow/ou=First Administrative Group/cn=Configura
>> tion/cn=Servers/cn=AD
>> msExchALObjectVersion: 49
>> msExchMailboxSecurityDescriptor::
>> AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
>> AAIAAQEAAAAAAAUKAAAAawBoAGUAYQByAHQALwBjAG4APQBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAb
>> wBuAC8AYwBuAD0AUwBlAHIAdgBpAGMAZQBzAAAAAQUAAAAAAAUVAAAARUxc9755Z7MIG4EG9AEAAA
>> EFAAAAAAAFFQAAAEVMXPe+eWezCBuBBvQBAAA=
>> msExchUserAccountControl: 0
>> msExchMailboxGuid:: vLqtcArWMkGG0dYMJAcWyw==
>> msExchPoliciesIncluded:
>> {A83A4004-3729-4AD2-869E-9DBD808B748D},{26491CFC-9E50-
>> 4857-861B-0CB8DF22B5D7}
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>>
>>>
>>> -glyph
>>
>> <caldavd.plist>_______________________________________________
>> calendarserver-dev mailing list
>> calendarserver-dev@lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
> 

_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/calendarserver-dev

Reply via email to