#260: OpenLDAP directory service
---------------------------------------+------------------------------------
Reporter: jusis...@… | Owner: sa...@…
Type: Feature | Status: new
Priority: 2: Expected | Milestone: CalendarServer-2.x
Component: Calendar Server | Severity: Other
Keywords: |
---------------------------------------+------------------------------------
Comment(by ra...@…):
I have modified the patch given to me by Oxullo to include LDAP TLS
support as well as filters. Also authentication is done using PAM rather
than LDAP. I have only commented out the LDAP authentication code just in
case you intend to revert to using LDAP server for authentication. The
configuration options are as below now (I have included a sample filter
option as well). Also the tlsCACertDir option does not seem to be working
(no idea as to why this option is not working).
{{{
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>realmName</key>
<string>EXAMPLE.COM</string>
<key>uri</key>
<string>ldap://dbs.example.com:389/</string>
<key>tls</key>
<true/>
<key>tlsCACertFile</key>
<string>/etc/ssl/certs/dbs.example.com.pem</string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>demand</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string>cn=admin,dc=example,dc=com</string>
<key>password</key>
<string>admin123</string>
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>dc=example,dc=com</string>
<key>users</key>
<dict>
<key>rdn</key>
<string>ou=People</string>
<key>attr</key>
<string>uid</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string>(&(objectClass=x-scs-Person)(x-scs-
PrivilegeName=caldav)(!(x-scs-AccountInactive=TRUE)))</string>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>ou=Group</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
<key>locations</key>
<dict>
<key>rdn</key>
<string>ou=Locations</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
<key>resources</key>
<dict>
<key>rdn</key>
<string>ou=Resources</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>uniqueMember</string>
<key>memberIdAttr</key>
<string></string>
</dict>
</dict>
</dict>
}}}
--
Ticket URL: <http://trac.calendarserver.org/ticket/260#comment:29>
CalendarServer </>
HTTP/WebDAV/CalDAV Server
_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
