Package: calendarserver
Version: 9.2+dfsg-1
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (100, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages calendarserver depends on:
ii adduser 3.115
ii lsb-base 9.20161125
ii memcached 1.5.6-1
ii python 2.7.13-2
ii python-crypto 2.6.1-9+b1
ii python-dateutil 2.7.3-3
ii python-kerberos 1.1.5-2+b2
ii python-openssl 16.2.0-1
ii python-pg8000 1.10.6-1
ii python-psutil 5.5.1-1
ii python-pycalendar 1:2.1~git20161130.0.e68e150-1
ii python-service-identity 16.0.0-2
ii python-setproctitle 1.1.10-1+b2
ii python-sqlparse 0.2.2-1
ii python-twext 1:0.1~git20161216.0.b90293c-1
ii python-twisted 18.9.0-3
ii python-twisted-core 18.9.0-3
ii python-tz 2018.9-1
ii python-xattr 0.9.6-1
ii python-zope.interface 4.3.2-1+b2
ii ssl-cert 1.0.39
Versions of packages calendarserver recommends:
ii python-pam 0.4.2-13.2
calendarserver suggests no packages.
-- Configuration Files:
/etc/caldavd/caldavd.plist changed:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2006-2017 Apple Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<!--
Public network address information
This is the server's public network address, which is provided to
clients in URLs and the like. It may or may not be the network
address that the server is listening to directly, though it is by
default. For example, it may be the address of a load balancer or
proxy which forwards connections to the server.
-->
<!-- Network host name [empty = system host name] -->
<key>ServerHostName</key>
<string>calendarServer</string> <!-- The hostname clients use when
connecting -->
<!-- HTTP port [0 = disable HTTP] -->
<key>HTTPPort</key>
<integer>8008</integer>
<!-- SSL port [0 = disable HTTPS] -->
<!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
<key>SSLPort</key>
<integer>8443</integer>
<key>EnableSSL</key>
<true/>
<key>SSLMethod</key>
<string>TLSv1_2_METHOD</string>
<!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
<key>RedirectHTTPToHTTPS</key>
<false/>
<!--
Network address configuration information
This configures the actual network address that the server binds to.
-->
<!-- Fehlermeldung, der Methode gethostbyaddr "{socket.error: Address
family not supported by protocol}"
https://www.lug-kr.de/wiki/Calendarserver
Abholfe schafft folgender Eintrag in der Konfiguration.
-->
<key>BindAddresses</key>
<array>
<string>10.33.34.26</string>
</array>
<!-- List of IP addresses to bind to [empty = all]
<key>BindAddresses</key>
<array>
</array>
-->
<!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
<key>BindHTTPPorts</key>
<array>
</array>
<!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
<key>BindSSLPorts</key>
<array>
</array>
<!--
Data Store
-->
<!-- Server root -->
<key>ServerRoot</key>
<string>/var/lib/caldavd</string>
<!-- Database connection -->
<key>DBType</key>
<string>postgres</string>
<key>DatabaseConnection</key>
<dict>
<key>endpoint</key>
<string>unix:/var/run/postgresql</string>
<key>database</key>
<string>caldav</string>
<key>user</key>
<string>caldavd</string>
<key>password</key>
<string></string>
</dict>
<!-- Data root -->
<key>DataRoot</key>
<string>/var/lib/caldavd</string>
<!-- Document root -->
<key>DocumentRoot</key>
<string>/var/spool/caldavd</string>
<!-- Configuration root -->
<key>ConfigRoot</key>
<string>/etc/caldavd</string>
<!-- Run root -->
<key>RunRoot</key>
<string>/var/run/caldavd</string>
<!-- Child aliases -->
<key>Aliases</key>
<array>
<!--
<dict>
<key>url</key>
<string>/foo</string>
<key>path</key>
<string>/path/to/foo</string>
</dict>
-->
</array>
<!--
Quotas and limits
-->
<!-- User quota (in bytes) [0 = no quota] applies to attachments only -->
<key>UserQuota</key>
<integer>104857600</integer> <!-- 100Mb -->
<!-- Maximum size for a single attachment (in bytes) [0 = no limit] -->
<key>MaximumAttachmentSize</key>
<integer>10485760</integer> <!-- 10Mb -->
<!-- Maximum number of calendars/address books allowed in a home -->
<!-- 0 for no limit -->
<key>MaxCollectionsPerHome</key>
<integer>50</integer>
<!-- Maximum number of resources in a calendar/address book -->
<!-- 0 for no limit -->
<key>MaxResourcesPerCollection</key>
<integer>10000</integer>
<!-- Maximum resource size (in bytes) -->
<key>MaxResourceSize</key>
<integer>1048576</integer> <!-- 1Mb -->
<!-- Maximum number of unique attendees per entire event -->
<!-- 0 for no limit -->
<key>MaxAttendeesPerInstance</key>
<integer>100</integer>
<!-- Maximum number of instances allowed during expansion -->
<!-- 0 for no limit -->
<key>MaxAllowedInstances</key>
<integer>3000</integer>
<!--
Directory service
A directory service provides information about principals (eg.
users, groups, locations and resources) to the server.
A variety of directory services are available for use.
-->
<!-- XML File Directory Service
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>xml</string>
<key>params</key>
<dict>
<key>xmlFile</key>
<string>/etc/caldavd/accounts.xml</string>
</dict>
</dict>
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>ldap</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
</array>
<key>uri</key>
<string>ldaps://sambaDC/</string>
<key>useTLS</key>
<true/>
<key>credentials</key>
<dict>
<key>dn</key>
<string>CN=calServUser,CN=Users,DC=example,DC=eu</string>
<key>password</key>
<string>******</string>
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>dc=example,dc=eu</string>
<key>users</key>
<string>cn=Users</string>
<key>groups</key>
<string>cn=Users</string>
<key>locations</key>
<string>ou=places</string>
<key>resources</key>
<string>ou=resources</string>
<key>addresses</key>
<string>ou=buildings</string>
</dict>
<key>mapping</key>
<dict>
<key>uid</key>
<array>
<string>uidNumber</string>
</array>
<key>guid</key>
<array>
<string>gidNumber</string>
</array>
<key>shortNames</key>
<array>
<string>sAMAccountName</string>
</array>
<key>fullNames</key>
<array>
<string>cn</string>
</array>
<key>emailAddresses</key>
<array>
<string>mail</string>
</array>
<key>memberDNs</key>
<array>
<string>member</string>
</array>
<key>loginAllowed</key>
<array>
<string>sAMAccountType:805306368</string>
</array>
<key>hasCalendars</key>
<array>
<string>sAMAccountType:805306368</string>
</array>
<key>autoScheduleMode</key>
<array>
<string></string>
<string></string>
</array>
<key>autoAcceptGroup</key>
<array>
<string>autoAcceptGroup</string>
</array>
<key>readWriteProxy</key>
<array>
<string>calRWProxy</string>
</array>
<key>readOnlyProxy</key>
<array>
<string>calROProxy</string>
</array>
</dict>
<key>extraFilters</key>
<dict>
<key>users</key>
<string>(objectCategory=user)</string>
<key>groups</key>
<string>(objectCategory=group)</string>
<key>locations</key>
<string>(calStatus=active)</string>
<key>resources</key>
<string>(calStatus=active)</string>
<key>addresses</key>
<string></string>
</dict>
</dict>
</dict>
-->
<!-- NSS directory service -->
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.nss.NssDirectoryService</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
</array>
<key>realmName</key>
<string>example.eu</string>
<!-- Don't treat user ids smaller than firstValidUid as calendarserver
users -->
<key>firstValidUid</key>
<integer>1000</integer>
<!-- Don't treat user ids larger than lastValidUid as calendarserver users
-->
<key>lastValidUid</key>
<integer>3500000</integer>
<!-- Groups starting with this prefix are considered calendarserver groups
-->
<key>groupPrefix</key>
<string>caldavd-</string>
<!-- Don't treat group ids smaller than firstValidGid as calendarserver
groups -->
<key>firstValidGid</key>
<integer>1000</integer>
<!-- Don't treat group ids larger than lastValidGid as calendarserver
groups -->
<key>lastValidGid</key>
<integer>3500000</integer>
<!-- use username@mailDomain as calender user mail addresses -->
<key>mailDomain</key>
<string>example.eu</string>
<!-- refresh time in seconds -->
<key>refreshIntervalThreshold</key>
<integer>1200</integer>
</dict>
</dict>
<!--
Special principals
These principals are granted special access and/or perform
special roles on the server.
-->
<!-- Principals with "DAV:all" access (relative URLs) -->
<key>AdminPrincipals</key>
<array>
<!--
<string>/principals/__uids__/AEB68DD7-D2B8-4D4D-A574-2A4533DF36A4/</string> -->
</array>
<!-- Principals with "DAV:read" access (relative URLs) -->
<key>ReadPrincipals</key>
<array>
<!--
<string>/principals/__uids__/983C8238-FB6B-4D92-9242-89C0A39E5F81/</string> -->
</array>
<!-- Create "proxy access" principals -->
<key>EnableProxyPrincipals</key>
<true/>
<!-- NSS Directory Service -->
<!-- Groups starting with groupPrefix are considered calendarserver groups
-->
<!-- Don't treat user id's smaller than firstValidUid as calendarserver
users -->
<!-- Don't treat group id's smaller than firstValidGid as calendarserver
groups -->
<!-- use shortName@mailDomain as calender user mail addresses -->
<!-- Users and groups information will not be reloaded if the cache is not
empty
and it had been populated less than refreshIntervalThreshold seconds
ago -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>nss</string>
<key>params</key>
<dict>
<key>realmName</key>
<string>Test Realm</string>
<key>groupPrefix</key>
<string>caldavd-</string>
<key>firstValidUid</key>
<integer>1000</integer>
<key>lastValidUid</key>
<integer>65533</integer>
<key>firstValidGid</key>
<integer>1000</integer>
<key>lastValidGid</key>
<integer>65533</integer>
<key>mailDomain</key>
<string>example.com</string>
<key>refreshIntervalThreshold</key>
<integer>60</integer>
</dict>
</dict>
-->
<!-- Resource and Location Service -->
<key>ResourceService</key>
<dict>
<key>Enabled</key>
<true/>
<key>type</key>
<string>xml</string>
<key>params</key>
<dict>
<key>xmlFile</key>
<string>/etc/caldavd/resources.xml</string>
</dict>
</dict>
<!-- Augment Service -->
<key>AugmentService</key>
<dict>
<key>type</key>
<string>xml</string>
<key>params</key>
<dict>
<key>xmlFiles</key>
<array>
<string>/etc/caldavd/augments.xml</string>
</array>
</dict>
</dict>
<!--
Permissions
-->
<!-- Anonymous read access for root resource -->
<key>EnableAnonymousReadRoot</key>
<true/>
<!-- Anonymous read access for resource hierarchy -->
<key>EnableAnonymousReadNav</key>
<false/>
<!-- Enables directory listings for principals -->
<key>EnablePrincipalListings</key>
<false/>
<!-- Render calendar collections as a monolithic iCalendar object -->
<key>EnableMonolithicCalendars</key>
<true/>
<!--
Authentication
-->
<key>Authentication</key>
<dict>
<!-- Clear text; best avoided -->
<key>Basic</key>
<dict>
<key>Enabled</key>
<true/>
<!-- Set to false to disallow plaintext authentication over non-SSL -->
<key>AllowedOverWireUnencrypted</key>
<false/>
</dict>
<!-- Digest challenge/response -->
<key>Digest</key>
<dict>
<key>Enabled</key>
<false/>
<key>Algorithm</key>
<string>md5</string>
<key>Qop</key>
<string></string>
</dict>
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<false/>
<key>ServicePrincipal</key>
<string>sambaDC</string>
</dict>
</dict>
<!--
Logging
-->
<!-- Log root -->
<key>LogRoot</key>
<string>/var/log/caldavd</string>
<!-- Apache-style access log -->
<key>AccessLogFile</key>
<string>access.log</string>
<key>RotateAccessLog</key>
<true/>
<!-- Server activity log -->
<key>ErrorLogFile</key>
<string>error.log</string>
<!-- Log levels -->
<key>DefaultLogLevel</key>
<string>info</string> <!-- debug, info, warn, error -->
<!-- Server process ID file -->
<key>PIDFile</key>
<string>caldavd.pid</string>
<!--
SSL/TLS
-->
<!-- Public key -->
<key>SSLCertificate</key>
<string>/etc/ssl/certs/calendarServer.pem</string>
<!-- SSL authority chain (for intermediate certs) -->
<key>SSLAuthorityChain</key>
<string></string>
<!-- Private key -->
<key>SSLPrivateKey</key>
<string>/etc/ssl/private/calendarServer.key</string>
<!--
Process management
-->
<key>UserName</key>
<string>caldavd</string>
<key>GroupName</key>
<string>caldavd</string>
<key>ProcessType</key>
<string>Combined</string>
<key>MultiProcess</key>
<dict>
<key>ProcessCount</key>
<integer>0</integer> <!-- 0 = automatic -->
</dict>
<!--
Notifications
-->
<key>Notifications</key>
<dict>
<!-- Time spent coalescing notifications before delivery -->
<key>CoalesceSeconds</key>
<integer>3</integer>
<key>Services</key>
<dict>
<key>XMPPNotifier</key>
<dict>
<!-- XMPP notification service -->
<key>Service</key>
<string>twistedcaldav.notify.XMPPNotifierService</string>
<key>Enabled</key>
<false/>
<!-- XMPP host and port to contact -->
<key>Host</key>
<string>xmpp.host.name</string>
<key>Port</key>
<integer>5222</integer>
<!-- Jabber ID and password for the server -->
<key>JID</key>
<string>j...@xmpp.host.name/resource</string>
<key>Password</key>
<string>password_goes_here</string>
<!-- PubSub service address -->
<key>ServiceAddress</key>
<string>pubsub.xmpp.host.name</string>
</dict>
</dict>
</dict>
<!--
Server-to-server protocol
-->
<key>Scheduling</key>
<dict>
<!-- CalDAV protocol options -->
<key>CalDAV</key>
<dict>
<key>EmailDomain</key>
<string></string>
<key>HTTPDomain</key>
<string></string>
<key>AddressPatterns</key>
<array>
</array>
</dict>
<!-- iSchedule protocol options -->
<key>iSchedule</key>
<dict>
<key>Enabled</key>
<false/>
<key>AddressPatterns</key>
<array>
</array>
<key>RemoteServers</key>
<string>/etc/caldavd/remoteservers.xml</string>
</dict>
<!-- iMIP protocol options -->
<key>iMIP</key>
<dict>
<key>Enabled</key>
<false/>
<key>MailGatewayServer</key>
<string>localhost</string>
<key>MailGatewayPort</key>
<integer>62310</integer>
<key>Sending</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>587</integer>
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>Address</key>
<string></string> <!-- Address email will be sent from -->
</dict>
<key>Receiving</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>995</integer>
<key>Type</key>
<string></string> <!-- Either "pop" or "imap" -->
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>PollingSeconds</key>
<integer>30</integer>
</dict>
<key>AddressPatterns</key>
<array>
<string>mailto:.*</string>
</array>
</dict>
</dict>
<!--
Free-busy URL protocol
-->
<key>FreeBusyURL</key>
<dict>
<key>Enabled</key>
<true/>
<key>TimePeriod</key>
<integer>14</integer>
<key>AnonymousAccess</key>
<false/>
</dict>
<!--
Non-standard CalDAV extensions
-->
<!-- Private Events -->
<key>EnablePrivateEvents</key>
<true/>
<!-- Shared Calendars & Address Books -->
<key>Sharing</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<!--
Miscellaneous items
-->
<!-- Web-based administration -->
<key>EnableWebAdmin</key>
<true/>
<!-- Do not split calendars and tasks -->
<key>RestrictCalendarsToOneComponentType</key>
<false/>
</dict>
</plist>
/etc/caldavd/resources.xml changed:
<directory realm="/Search" />
/etc/default/calendarserver changed:
start_calendarserver=yes
-- no debconf information
