How does your LDAP schema specify group membership? Calendar server's LDAP
implementation expects that a group's record explicitly lists each member by a
configurable attribute, e.g.
(Group record)
dn: cn=Example Group,ou=groups,o=example.com
member: uid=sagen,ou=people,o=example.com
member: uid=williams,ou=people,o=example.com
The above LDAP record is for a group containing two members (you can also put a
nested group in there). Your caldavd.plist should then have:
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>member</string>
<key>nestedGroupsAttr</key>
<string></string>
<key>memberIdAttr</key>
<string></string>
</dict>
If nested groups are specified by a different LDAP attribute, you would specify
that attribute in the nestedGroupsAttr value. If you reference the group's
members by an attribute other than DN, put that attribute in the memberIdAttr
value.
I notice that in the LDAP output you pasted, your user has a reference back to
the group it's a member of…
> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
…however, calendar server doesn't support following those upward references.
We always start with the group and work downward.
~morgen
On Jan 31, 2013, at 9:38 AM, Dennison Williams <[email protected]>
wrote:
> On 01/30/2013 10:53 PM, Glyph wrote:
>>
>> On Jan 30, 2013, at 8:06 PM, Dennison Williams
>> <[email protected] <mailto:[email protected]>> wrote:
>>
>>> Tracing this all the way up the stack I see tha the getGroups method
>>> receives a guid value of set([None]), but this is not caught as I think
>>> maybe it should be on line 675
>>>
>>> if guids is None:
>>>
>>> But because I am not super familar with this application and have
>>> limited familiarity with python I am not sure if this indicates an issue
>>> with my config, my environment, or the code.
>>
>> The LDAP directory is incredibly flexible, and can be coerced to do
>> various insane things by setting up mappings incorrectly. Having a copy
>> of your caldavd.plist would be helpful when diagnosing this error.
>> (Actually having a copy of your entire directory along with that would
>> be even more useful, but I presume that isn't possible ;-)).
>
> Please see attached my caldavd.plist. I also included a ldapsearch
> result for the following query which shows how I am mapping the schema
>
> ldapsearch -x -h ad.meow.com -D 'auth' -w 'also_not_the_real_pass' -b
> 'cn=Users,dc=meow,dc=comm' '(&(objectClass=user)(sAMAccountName=Meow))'
>
> # extended LDIF
> #
> # LDAPv3
> # base <cn=Users,dc=meow,dc=com> with scope subtree
> # filter: (&(objectClass=user)(sAMAccountName=Meow))
> # requesting: ALL
> #
>
> # Meow Meow, Users, meow.com
> dn: CN=Meow Meow,CN=Users,DC=meow,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Meow Meow
> sn: Account
> givenName: Nagios
> distinguishedName: CN=Meow Meow,CN=Users,DC=meow,DC=com
> instanceType: 4
> whenCreated: 20111017230846.0Z
> whenChanged: 20121023162519.0Z
> displayName: Nagios Test Account
> uSNCreated: 12446
> memberOf: CN=VPN Users,CN=Users,DC=meow,DC=com
> uSNChanged: 304005
> homeMTA: CN=Microsoft MTA,CN=AD,CN=Servers,CN=First Administrative Group
> ,CN=Administrative Groups,CN=AD,CN=Microsoft Exchange,CN=Services,CN=
> Configuration,DC=meowmeow,DC=com
> proxyAddresses: SMTP:[email protected]
> proxyAddresses: smtp:[email protected]
> proxyAddresses: smtp:[email protected]
> proxyAddresses: X400:c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
> homeMDB: CN=Mailbox Store (AD),CN=First Storage Group,CN=InformationStor
> e,CN=AD,CN=Servers,CN=First Administrative Group,CN=Administrative Grou
> ps,CN=meow,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
> mDBUseDefaults: TRUE
> mailNickname: meow
> name: Meow Meow
> objectGUID:: Kyz0aVBh5EGXjCt6tGMacw==
> userAccountControl: 512
> badPwdCount: 1
> codePage: 0
> countryCode: 0
> badPasswordTime: 129958397349055788
> pwdLastSet: 129945378370161242
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAARUxc9755Z7MIG4EGbgQAAA==
> accountExpires: 9223372036854775807
> sAMAccountName: meow
> sAMAccountType: 805306368
> showInAddressBook: CN=Default Global Address List,CN=All Global Address
> Lists,
> CN=Address Lists Container,CN=meow,CN=Microsoft Exchange,CN=Services,CN
> =Configuration,DC=meow,DC=com
> showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists
> Containe
> r,CN=meow,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=meow,DC=com
> legacyExchangeDN: /o=meow/ou=First Administrative Group/cn=Recipients/cn
> =meow
> userPrincipalName: [email protected]
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=meow,DC=com
> dSCorePropagationData: 16010101000000.0Z
> lastLogonTimestamp: 129954831103763747
> textEncodedORAddress: c=US;a= ;p=meow;o=Exchange;s=Meow;g=Meow;
> mail: [email protected]
> msExchHomeServerName: /o=meow/ou=First Administrative Group/cn=Configura
> tion/cn=Servers/cn=AD
> msExchALObjectVersion: 49
> msExchMailboxSecurityDescriptor::
> AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
> AAIAAQEAAAAAAAUKAAAAawBoAGUAYQByAHQALwBjAG4APQBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAb
> wBuAC8AYwBuAD0AUwBlAHIAdgBpAGMAZQBzAAAAAQUAAAAAAAUVAAAARUxc9755Z7MIG4EG9AEAAA
> EFAAAAAAAFFQAAAEVMXPe+eWezCBuBBvQBAAA=
> msExchUserAccountControl: 0
> msExchMailboxGuid:: vLqtcArWMkGG0dYMJAcWyw==
> msExchPoliciesIncluded:
> {A83A4004-3729-4AD2-869E-9DBD808B748D},{26491CFC-9E50-
> 4857-861B-0CB8DF22B5D7}
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>>
>> -glyph
>
> <caldavd.plist>_______________________________________________
> calendarserver-dev mailing list
> [email protected]
> https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
_______________________________________________
calendarserver-dev mailing list
[email protected]
https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
