On 01/31/2013 12:29 PM, Morgen Sagen wrote: > How does your LDAP schema specify group membership? Calendar server's LDAP > implementation expects that a group's record explicitly lists each member by > a configurable attribute, e.g. > > (Group record) > dn: cn=Example Group,ou=groups,o=example.com > member: uid=sagen,ou=people,o=example.com > member: uid=williams,ou=people,o=example.com > > The above LDAP record is for a group containing two members (you can also put > a nested group in there). Your caldavd.plist should then have: > > <key>groupSchema</key> > <dict> > <key>membersAttr</key> > <string>member</string> > <key>nestedGroupsAttr</key> > <string></string> > <key>memberIdAttr</key> > <string></string> > </dict> > > If nested groups are specified by a different LDAP attribute, you would > specify that attribute in the nestedGroupsAttr value. If you reference the > group's members by an attribute other than DN, put that attribute in the > memberIdAttr value. > > I notice that in the LDAP output you pasted, your user has a reference back > to the group it's a member of… > >> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com > > …however, calendar server doesn't support following those upward references. > We always start with the group and work downward.
Thanks ... I updated my config and this likely fixes a few other issues I was having, but does not resolve the subject issue. This feedback was helpful. -D > > ~morgen > > > > On Jan 31, 2013, at 9:38 AM, Dennison Williams <dennison.willi...@gmail.com> > wrote: > >> On 01/30/2013 10:53 PM, Glyph wrote: >>> >>> On Jan 30, 2013, at 8:06 PM, Dennison Williams >>> <dennison.willi...@gmail.com <mailto:dennison.willi...@gmail.com>> wrote: >>> >>>> Tracing this all the way up the stack I see tha the getGroups method >>>> receives a guid value of set([None]), but this is not caught as I think >>>> maybe it should be on line 675 >>>> >>>> if guids is None: >>>> >>>> But because I am not super familar with this application and have >>>> limited familiarity with python I am not sure if this indicates an issue >>>> with my config, my environment, or the code. >>> >>> The LDAP directory is incredibly flexible, and can be coerced to do >>> various insane things by setting up mappings incorrectly. Having a copy >>> of your caldavd.plist would be helpful when diagnosing this error. >>> (Actually having a copy of your entire directory along with that would >>> be even more useful, but I presume that isn't possible ;-)). >> >> Please see attached my caldavd.plist. I also included a ldapsearch >> result for the following query which shows how I am mapping the schema >> >> ldapsearch -x -h ad.meow.com -D 'auth' -w 'also_not_the_real_pass' -b >> 'cn=Users,dc=meow,dc=comm' '(&(objectClass=user)(sAMAccountName=Meow))' >> >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=Users,dc=meow,dc=com> with scope subtree >> # filter: (&(objectClass=user)(sAMAccountName=Meow)) >> # requesting: ALL >> # >> >> # Meow Meow, Users, meow.com >> dn: CN=Meow Meow,CN=Users,DC=meow,DC=com >> objectClass: top >> objectClass: person >> objectClass: organizationalPerson >> objectClass: user >> cn: Meow Meow >> sn: Account >> givenName: Nagios >> distinguishedName: CN=Meow Meow,CN=Users,DC=meow,DC=com >> instanceType: 4 >> whenCreated: 20111017230846.0Z >> whenChanged: 20121023162519.0Z >> displayName: Nagios Test Account >> uSNCreated: 12446 >> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com >> uSNChanged: 304005 >> homeMTA: CN=Microsoft MTA,CN=AD,CN=Servers,CN=First Administrative Group >> ,CN=Administrative Groups,CN=AD,CN=Microsoft Exchange,CN=Services,CN= >> Configuration,DC=meowmeow,DC=com >> proxyAddresses: SMTP:nag...@meow.com >> proxyAddresses: smtp:m...@meow.com >> proxyAddresses: smtp:m...@meow.com >> proxyAddresses: X400:c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow; >> homeMDB: CN=Mailbox Store (AD),CN=First Storage Group,CN=InformationStor >> e,CN=AD,CN=Servers,CN=First Administrative Group,CN=Administrative Grou >> ps,CN=meow,CN=Microsoft >> Exchange,CN=Services,CN=Configuration,DC=meow,DC=com >> mDBUseDefaults: TRUE >> mailNickname: meow >> name: Meow Meow >> objectGUID:: Kyz0aVBh5EGXjCt6tGMacw== >> userAccountControl: 512 >> badPwdCount: 1 >> codePage: 0 >> countryCode: 0 >> badPasswordTime: 129958397349055788 >> pwdLastSet: 129945378370161242 >> primaryGroupID: 513 >> objectSid:: AQUAAAAAAAUVAAAARUxc9755Z7MIG4EGbgQAAA== >> accountExpires: 9223372036854775807 >> sAMAccountName: meow >> sAMAccountType: 805306368 >> showInAddressBook: CN=Default Global Address List,CN=All Global Address >> Lists, >> CN=Address Lists Container,CN=meow,CN=Microsoft Exchange,CN=Services,CN >> =Configuration,DC=meow,DC=com >> showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists >> Containe >> r,CN=meow,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=meow,DC=com >> legacyExchangeDN: /o=meow/ou=First Administrative Group/cn=Recipients/cn >> =meow >> userPrincipalName: m...@meow.com >> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=meow,DC=com >> dSCorePropagationData: 16010101000000.0Z >> lastLogonTimestamp: 129954831103763747 >> textEncodedORAddress: c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow; >> mail: nag...@meow.com >> msExchHomeServerName: /o=meow/ou=First Administrative Group/cn=Configura >> tion/cn=Servers/cn=AD >> msExchALObjectVersion: 49 >> msExchMailboxSecurityDescriptor:: >> AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD >> AAIAAQEAAAAAAAUKAAAAawBoAGUAYQByAHQALwBjAG4APQBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAb >> wBuAC8AYwBuAD0AUwBlAHIAdgBpAGMAZQBzAAAAAQUAAAAAAAUVAAAARUxc9755Z7MIG4EG9AEAAA >> EFAAAAAAAFFQAAAEVMXPe+eWezCBuBBvQBAAA= >> msExchUserAccountControl: 0 >> msExchMailboxGuid:: vLqtcArWMkGG0dYMJAcWyw== >> msExchPoliciesIncluded: >> {A83A4004-3729-4AD2-869E-9DBD808B748D},{26491CFC-9E50- >> 4857-861B-0CB8DF22B5D7} >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> >>> >>> -glyph >> >> <caldavd.plist>_______________________________________________ >> calendarserver-dev mailing list >> calendarserver-dev@lists.macosforge.org >> https://lists.macosforge.org/mailman/listinfo/calendarserver-dev > _______________________________________________ calendarserver-dev mailing list calendarserver-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-dev