Hi,
I am the Debian Maintainer for calendarserer. The debian package for
calendarserver has always included a NSS directory service for the
convenience of users. We have been updating it regularly. However, with
the recent release of calendarserver 3.2, I am finding it hard to debug
the error message which is being thrown.
I am attaching the NSS directory file, the config file, access.log and
error log. The error that is being thrown is logged at the end.
Any suggestions on fixing this error would be highly appreciated.
Regards,
Rahul.
Log opened - server start: [Wed Jun 6 20:48:13 2012].
192.168.56.1 - - [06/Jun/2012:20:48:56 +0530] "PROPFIND /calendars/users/rahul/calendar/ HTTP/1.1" 500 201 "-" "Mozilla/5.0 (X11; Linux i686; rv:10.0.4) Gecko/20120510 Icedove/10.0.4 Lightning/1.2.1" i=0 t=352.0 or=1
Log closed - server stop: [Wed Jun 6 20:49:03 2012].
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2006-2011 Apple Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<!--
Public network address information
This is the server's public network address, which is provided to
clients in URLs and the like. It may or may not be the network
address that the server is listening to directly, though it is by
default. For example, it may be the address of a load balancer or
proxy which forwards connections to the server.
-->
<!-- Network host name [empty = system host name] -->
<key>ServerHostName</key>
<string></string> <!-- The hostname clients use when connecting -->
<!-- HTTP port [0 = disable HTTP] -->
<key>HTTPPort</key>
<integer>8008</integer>
<!-- SSL port [0 = disable HTTPS] -->
<!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
<!--
<key>SSLPort</key>
<integer>8443</integer>
-->
<!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
<key>RedirectHTTPToHTTPS</key>
<false/>
<!--
Network address configuration information
This configures the actual network address that the server binds to.
-->
<!-- List of IP addresses to bind to [empty = all] -->
<key>BindAddresses</key>
<array>
</array>
<!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
<key>BindHTTPPorts</key>
<array>
</array>
<!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
<key>BindSSLPorts</key>
<array>
</array>
<!--
Data Store
-->
<!-- Server root -->
<key>ServerRoot</key>
<string>/var/lib/caldavd</string>
<!-- Database connection -->
<key>UseDatabase</key>
<false/>
<!--
<key>DBType</key>
<string>postgres</string>
<key>DSN</key>
<string>127.0.0.1:caldav:caldav:password::</string>
-->
<!-- Data root -->
<key>DataRoot</key>
<string>/var/lib/caldavd</string>
<!-- Document root -->
<key>DocumentRoot</key>
<string>/var/spool/caldavd</string>
<!-- Configuration root -->
<key>ConfigRoot</key>
<string>/etc/caldavd</string>
<!-- Run root -->
<key>RunRoot</key>
<string>/var/run/caldavd</string>
<!-- Child aliases -->
<key>Aliases</key>
<dict>
<!--
<key>foo</key>
<dict>
<key>path</key>
<string>/path/to/foo</string>
</dict>
-->
</dict>
<!--
Quotas and limits
-->
<!-- User quota (in bytes) [0 = no quota] applies to attachments only -->
<key>UserQuota</key>
<integer>104857600</integer> <!-- 100Mb -->
<!-- Maximum number of calendars/address books allowed in a home -->
<!-- 0 for no limit -->
<key>MaxCollectionsPerHome</key>
<integer>50</integer>
<!-- Maximum number of resources in a calendar/address book -->
<!-- 0 for no limit -->
<key>MaxResourcesPerCollection</key>
<integer>10000</integer>
<!-- Maximum resource size (in bytes) -->
<key>MaxResourceSize</key>
<integer>1048576</integer> <!-- 1Mb -->
<!-- Maximum number of unique attendees per entire event -->
<!-- 0 for no limit -->
<key>MaxAttendeesPerInstance</key>
<integer>100</integer>
<!-- Maximum number of instances allowed during expansion -->
<!-- 0 for no limit -->
<key>MaxAllowedInstances</key>
<integer>3000</integer>
<!-- Maximum number of instances allowed for a single RRULE -->
<!-- 0 for no limit -->
<key>MaxInstancesForRRULE</key>
<integer>400</integer>
<!-- NSS Directory Service -->
<!-- Groups starting with groupPrefix are considered calendarserver groups -->
<!-- Don't treat user id's smaller than firstValidUid as calendarserver users -->
<!-- Don't treat group id's smaller than firstValidGid as calendarserver groups -->
<!-- use shortName@mailDomain as calender user mail addresses -->
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.nss.NssDirectoryService</string>
<key>params</key>
<dict>
<key>realmName</key>
<string>Test Realm</string>
<key>groupPrefix</key>
<string>caldavd-</string>
<key>firstValidUid</key>
<integer>1000</integer>
<key>lastValidUid</key>
<integer>65533</integer>
<key>firstValidGid</key>
<integer>1000</integer>
<key>lastValidGid</key>
<integer>65533</integer>
<key>mailDomain</key>
<string>example.com</string>
<key>cacheTimeout</key>
<integer>30</integer>
</dict>
</dict>
<!--
Directory service
A directory service provides information about principals (eg.
users, groups, locations and resources) to the server.
A variety of directory services are available for use.
-->
<!-- XML File Directory Service -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.xmlfile.XMLDirectoryService</string>
<key>params</key>
<dict>
<key>xmlFile</key>
<string>/etc/caldavd/accounts.xml</string>
</dict>
</dict>
-->
<!-- Open Directory Service (Mac OS X) -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.appleopendirectory.OpenDirectoryService</string>
<key>params</key>
<dict>
<key>node</key>
<string>/Search</string>
<key>cacheTimeout</key>
<integer>30</integer>
</dict>
</dict>
-->
<!-- OpenLDAP Directory Service -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>restrictEnabledRecords</key>
<false/>
<key>restrictToGroup</key>
<string>odtestgrouptop</string>
<key>cacheTimeout</key>
<integer>30</integer>
<key>uri</key>
<string>ldap://example.com/</string>
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>never</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string></string>
<key>password</key>
<string></string>
</dict>
<key>authMethod</key>
<string>LDAP</string>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>dc=example,dc=com</string>
<key>guidAttr</key>
<string>apple-generateduid</string>
<key>users</key>
<dict>
<key>rdn</key>
<string>cn=users</string>
<key>attr</key>
<string>uid</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
<key>loginEnabledAttr</key>
<string></string>
<key>loginEnabledValue</key>
<string>yes</string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>uid</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<string>mail</string>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>cn=groups</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<string>mail</string>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>apple-group-memberguid</string>
<key>nestedGroupsAttr</key>
<string>apple-group-nestedgroup</string>
<key>memberIdAttr</key>
<string>apple-generateduid</string>
</dict>
<key>resourceSchema</key>
<dict>
<key>resourceInfoAttr</key>
<string>apple-resource-info</string>
<key>autoScheduleAttr</key>
<string></string>
<key>autoScheduleEnabledValue</key>
<string>yes</string>
<key>proxyAttr</key>
<string></string>
<key>readOnlyProxyAttr</key>
<string></string>
</dict>
</dict>
</dict>
-->
<!--
Special principals
These principals are granted special access and/or perform
special roles on the server.
-->
<!-- Principals with "DAV:all" access (relative URLs) -->
<key>AdminPrincipals</key>
<array>
<!-- <string>/principals/__uids__/AEB68DD7-D2B8-4D4D-A574-2A4533DF36A4/</string> -->
</array>
<!-- Principals with "DAV:read" access (relative URLs) -->
<key>ReadPrincipals</key>
<array>
<!-- <string>/principals/__uids__/983C8238-FB6B-4D92-9242-89C0A39E5F81/</string> -->
</array>
<!-- Create "proxy access" principals -->
<key>EnableProxyPrincipals</key>
<true/>
<!--
Permissions
-->
<!-- Anonymous read access for root resource -->
<key>EnableAnonymousReadRoot</key>
<true/>
<!-- Anonymous read access for resource hierarchy -->
<key>EnableAnonymousReadNav</key>
<false/>
<!-- Enables directory listings for principals -->
<key>EnablePrincipalListings</key>
<false/>
<!-- Render calendar collections as a monolithic iCalendar object -->
<key>EnableMonolithicCalendars</key>
<true/>
<!--
Authentication
-->
<key>Authentication</key>
<dict>
<!-- Clear text; best avoided -->
<key>Basic</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<!-- Digest challenge/response -->
<key>Digest</key>
<dict>
<key>Enabled</key>
<false/>
<key>Algorithm</key>
<string>md5</string>
<key>Qop</key>
<string></string>
</dict>
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<true/>
<key>ServicePrincipal</key>
<string></string>
</dict>
</dict>
<!--
Logging
-->
<!-- Log root -->
<key>LogRoot</key>
<string>/var/log/caldavd</string>
<!-- Apache-style access log -->
<key>AccessLogFile</key>
<string>access.log</string>
<key>RotateAccessLog</key>
<true/>
<!-- Server activity log -->
<key>ErrorLogFile</key>
<string>error.log</string>
<!-- Log levels -->
<key>DefaultLogLevel</key>
<string>debug</string> <!-- debug, info, warn, error -->
<!-- Global server stats -->
<key>GlobalStatsSocket</key>
<string>caldavd-stats.sock</string>
<!-- Server process ID file -->
<key>PIDFile</key>
<string>caldavd.pid</string>
<!--
SSL/TLS
-->
<!-- Public key -->
<key>SSLCertificate</key>
<string></string>
<!-- SSL authority chain (for intermediate certs) -->
<key>SSLAuthorityChain</key>
<string></string>
<!-- Private key -->
<key>SSLPrivateKey</key>
<string></string>
<!--
Process management
-->
<key>UserName</key>
<string>caldavd</string>
<key>GroupName</key>
<string>caldavd</string>
<key>ProcessType</key>
<string>Combined</string>
<key>MultiProcess</key>
<dict>
<key>ProcessCount</key>
<integer>0</integer> <!-- 0 = larger of: 4 or (2 * CPU count) -->
</dict>
<!--
Notifications
-->
<key>Notifications</key>
<dict>
<!-- Time spent coalescing notifications before delivery -->
<key>CoalesceSeconds</key>
<integer>3</integer>
<key>Services</key>
<dict>
<key>XMPPNotifier</key>
<dict>
<!-- XMPP notification service -->
<key>Service</key>
<string>twistedcaldav.notify.XMPPNotifierService</string>
<key>Enabled</key>
<false/>
<!-- XMPP host and port to contact -->
<key>Host</key>
<string>xmpp.host.name</string>
<key>Port</key>
<integer>5222</integer>
<!-- Jabber ID and password for the server -->
<key>JID</key>
<string>j...@xmpp.host.name/resource</string>
<key>Password</key>
<string>password_goes_here</string>
<!-- PubSub service address -->
<key>ServiceAddress</key>
<string>pubsub.xmpp.host.name</string>
</dict>
</dict>
</dict>
<!--
Server-to-server protocol
-->
<key>Scheduling</key>
<dict>
<!-- CalDAV protocol options -->
<key>CalDAV</key>
<dict>
<key>EmailDomain</key>
<string></string>
<key>HTTPDomain</key>
<string></string>
<key>AddressPatterns</key>
<array>
</array>
</dict>
<!-- iSchedule protocol options -->
<key>iSchedule</key>
<dict>
<key>Enabled</key>
<false/>
<key>AddressPatterns</key>
<array>
</array>
<key>Servers</key>
<string>/etc/caldavd/servertoserver.xml</string>
</dict>
<!-- iMIP protocol options -->
<key>iMIP</key>
<dict>
<key>Enabled</key>
<false/>
<key>MailGatewayServer</key>
<string>localhost</string>
<key>MailGatewayPort</key>
<integer>62310</integer>
<key>Sending</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>587</integer>
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>Address</key>
<string></string> <!-- Address email will be sent from -->
</dict>
<key>Receiving</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>995</integer>
<key>Type</key>
<string></string> <!-- Either "pop" or "imap" -->
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>PollingSeconds</key>
<integer>30</integer>
</dict>
<key>AddressPatterns</key>
<array>
<string>mailto:.*</string>
</array>
</dict>
</dict>
<!--
Free-busy URL protocol
-->
<key>FreeBusyURL</key>
<dict>
<key>Enabled</key>
<true/>
<key>TimePeriod</key>
<integer>14</integer>
<key>AnonymousAccess</key>
<false/>
</dict>
<!--
Non-standard CalDAV extensions
-->
<!-- Private Events -->
<key>EnablePrivateEvents</key>
<true/>
<!-- Shared Calendars & Address Books -->
<key>Sharing</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<!--
Miscellaneous items
-->
<!-- Web-based administration -->
<key>EnableWebAdmin</key>
<true/>
<!-- Memcached -->
<key>Memcached</key>
<dict>
<key>Pools</key>
<dict>
<key>Default</key>
<dict>
<key>ServerEnabled</key>
<false/>
</dict>
</dict>
</dict>
</dict>
</plist>
2012-06-06 20:48:13+0530 [-] Log opened.
2012-06-06 20:48:13+0530 [-] twistd 12.0.0 (/usr/bin/python2.7 2.7.3) starting up.
2012-06-06 20:48:13+0530 [-] reactor class: twisted.internet.pollreactor.PollReactor.
2012-06-06 20:48:13+0530 [-] AMPLoggingFactory starting on '/var/run/caldavd/caldavd.sock'
2012-06-06 20:48:13+0530 [-] [calendarserver.accesslog#debug] rotateGlobalHitHistoryStats: [{'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}, {'hits': 0, 'time': 1338995893}]
2012-06-06 20:48:13+0530 [-] CalDAVStatisticsServer starting on '/var/run/caldavd/caldavd-stats.sock'
2012-06-06 20:48:13+0530 [-] LimitingInheritingProtocolFactory starting on 8008
2012-06-06 20:48:13+0530 [-] [calendarserver.tap.caldav.CalDAVServiceMaker#info] Adding group caching service
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] Log opened.
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] twistd 12.0.0 (/usr/bin/python2.7 2.7.3) starting up.
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] reactor class: twisted.internet.selectreactor.SelectReactor.
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] set uid/gid 103/106
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacherService#warn] Starting group membership cacher service
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCache#debug] is group-cacher-populated
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCache#debug] Getting Cache Token for 'group-cacher-populated'
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.memcachepool.MemCachePool#debug] Initating new client connection to: IPv4Address(TCP, '127.0.0.1', 11211)
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [Uninitialized] [twistedcaldav.memcachepool.MemCachePool#debug] Busied client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [Uninitialized] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 1, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Freed client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 1, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Updating group membership cache
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Group membership snapshot file exists: /var/lib/caldavd/memberships_cache
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Attempting to acquire group membership cache lock
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCache#debug] add group-cacher-lock
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCache#debug] Adding Cache Token for 'group-cacher-lock'
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Busied client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 1, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [caldav-1] Reading configuration from file: /etc/caldavd/caldavd.plist
2012-06-06 20:48:25+0530 [-] [caldav-1] [-] Log opened.
2012-06-06 20:48:25+0530 [-] [caldav-1] [-] twistd 12.0.0 (/usr/bin/python2.7 2.7.3) starting up.
2012-06-06 20:48:25+0530 [-] [caldav-1] [-] reactor class: twisted.internet.selectreactor.SelectReactor.
2012-06-06 20:48:25+0530 [-] [caldav-0] Reading configuration from file: /etc/caldavd/caldavd.plist
2012-06-06 20:48:25+0530 [-] [caldav-0] [-] Log opened.
2012-06-06 20:48:25+0530 [-] [caldav-0] [-] twistd 12.0.0 (/usr/bin/python2.7 2.7.3) starting up.
2012-06-06 20:48:25+0530 [-] [caldav-0] [-] reactor class: twisted.internet.selectreactor.SelectReactor.
2012-06-06 20:48:25+0530 [-] [caldav-0] [-] set uid/gid 103/106
2012-06-06 20:48:25+0530 [-] [caldav-1] [-] set uid/gid 103/106
2012-06-06 20:48:25+0530 [calendarserver.accesslog.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXAddress('/var/run/caldavd/caldavd.sock') PEER:UNIXAddress(''))
2012-06-06 20:48:25+0530 [calendarserver.accesslog.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXAddress('/var/run/caldavd/caldavd.sock') PEER:UNIXAddress(''))
2012-06-06 20:48:25+0530 [-] [caldav-0] [-] AMP connection established (HOST:UNIXAddress(None) PEER:UNIXAddress('/var/run/caldavd/caldavd.sock'))
2012-06-06 20:48:25+0530 [-] [caldav-1] [-] AMP connection established (HOST:UNIXAddress(None) PEER:UNIXAddress('/var/run/caldavd/caldavd.sock'))
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Freed client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 1, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Acquired lock
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Retrieving list of all proxies
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.database#debug] Starting ADBAPI thread: -1246483600
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] There are 0 proxies
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Retrieving group hierarchy from directory
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] 0 groups retrieved from the directory
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] 0 groups are proxies
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] There are 0 users delegated-to via groups
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Taking snapshot of group memberships to /var/lib/caldavd/memberships_cache
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Storing 0 group memberships in memcached
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCache#debug] set group-cacher-populated
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCache#debug] Setting Cache Token for 'group-cacher-populated'
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.memcachepool.MemCachePool#debug] Busied client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [-] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 1, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Freed client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 1, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Releasing lock
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCache#debug] delete group-cacher-lock
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCache#debug] Deleting Cache Token for 'group-cacher-lock'
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Busied client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 1, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Freed client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xab54a4c>
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 1, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacheUpdater#info] Group memberships cache updated
2012-06-06 20:48:25+0530 [-] [groupcacher] 2012-06-06 20:48:25+0530 [PooledMemCacheProtocol,client] [twistedcaldav.directory.directory.GroupMembershipCacherService#info] Scheduling next group membership update
2012-06-06 20:48:56+0530 [-] [caldav-0] [HTTPChannel,1,192.168.56.1] [twext.web2.server#info] PROPFIND /calendars/users/rahul/calendar/ HTTP/1.1
2012-06-06 20:48:56+0530 [-] [caldav-0] [-] [twistedcaldav.cache.MemcacheResponseCache#debug] hashing key for get: ('PROPFIND', '{DAV:}unauthenticated', '/calendars/users/rahul/calendar/', '0', -434887077) to '968020e381000c3797420ca0a6085a94'
2012-06-06 20:48:56+0530 [-] [caldav-0] [-] [twistedcaldav.cache.MemcacheResponseCache#debug] Checking cache for: '968020e381000c3797420ca0a6085a94'
2012-06-06 20:48:56+0530 [-] [caldav-0] [-] [twistedcaldav.memcachepool.MemCachePool#debug] Initating new client connection to: IPv4Address(TCP, '127.0.0.1', 11211)
2012-06-06 20:48:56+0530 [-] [caldav-0] [-] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:56+0530 [-] [caldav-0] [Uninitialized] [twistedcaldav.memcachepool.MemCachePool#debug] Busied client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xaee2a8c>
2012-06-06 20:48:56+0530 [-] [caldav-0] [Uninitialized] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 0, #busy: 1, #pending: 0, #queued: 0
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Freed client: <twistedcaldav.memcachepool.PooledMemCacheProtocol instance at 0xaee2a8c>
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.memcachepool.MemCachePool#debug] Clients #free: 1, #busy: 0, #pending: 0, #queued: 0
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.cache.MemcacheResponseCache#debug] Not in cache: '968020e381000c3797420ca0a6085a94'
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.nss.NssDirectoryService#debug] Memcache: checking dir|8EFFFAF1-5221-4813-B971-58506B963573|shortname|rahul|users|groups
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.nss.NssDirectoryService#debug] Memcache: miss dir|8EFFFAF1-5221-4813-B971-58506B963573|shortname|rahul|users|groups
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.nss.NssDirectoryService#debug] Faulting record for attribute 'shortname' with value 'rahul'
2012-06-06 20:48:56+0530 [-] [caldav-0] [NssDirectoryService] [twistedcaldav.directory.nss.NssDirectoryService#debug] Querying directory for recordTypes ['users'], indexType shortname and indexKey rahul
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.nss.NssDirectoryService#info] Directory service <NssDirectoryService 'Test Realm'> has no GUID; generating service GUID from realm name.
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.cachingdirectory.DictRecordTypeCache#debug] Memcache: storing dir|8EFFFAF1-5221-4813-B971-58506B963573|shortname|rahul|users|groups
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.cachingdirectory.DictRecordTypeCache#debug] Memcache: storing dir|8EFFFAF1-5221-4813-B971-58506B963573|guid|96a9be9a-cce0-52a7-9b70-878879070d8f|users|groups
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twistedcaldav.directory.nss.NssDirectoryService#debug] Found record for attribute 'shortname' with value 'rahul'
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twext.web2.server#info] Exception rendering:
2012-06-06 20:48:56+0530 [-] [caldav-0] [PooledMemCacheProtocol,client] [twext.web2.server#error] [Failure instance: Traceback: <type 'exceptions.AttributeError'>: 'NoneType' object has no attribute 'principalURL'
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twext/web2/dav/resource.py:1461:accessControlList
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twistedcaldav/directory/calendar.py:241:accessControlList
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:301:addCallback
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:290:addCallbacks
2012-06-06 20:48:56+0530 [-] [caldav-0] --- <exception caught here> ---
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twisted/internet/defer.py:551:_runCallbacks
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twistedcaldav/directory/calendar.py:238:gotACL
2012-06-06 20:48:56+0530 [-] [caldav-0] /usr/lib/python2.7/dist-packages/twistedcaldav/resource.py:2490:defaultAccessControlList
2012-06-06 20:48:56+0530 [-] [caldav-0] ]
2012-06-06 20:49:03+0530 [-] Received SIGINT, shutting down.
2012-06-06 20:49:03+0530 [-] [caldav-0] [-] Received SIGINT, shutting down.
2012-06-06 20:49:03+0530 [-] [groupcacher] 2012-06-06 20:49:03+0530 [-] Received SIGINT, shutting down.
2012-06-06 20:49:03+0530 [-] [groupcacher] 2012-06-06 20:49:03+0530 [-] [twistedcaldav.directory.directory.GroupMembershipCacherService#warn] Stopping group membership cacher service
2012-06-06 20:49:03+0530 [-] [groupcacher] 2012-06-06 20:49:03+0530 [-] [twistedcaldav.database#debug] Closing ADBAPI thread: -1246483600
2012-06-06 20:49:03+0530 [-] [groupcacher] 2012-06-06 20:49:03+0530 [-] Main loop terminated.
2012-06-06 20:49:03+0530 [-] [groupcacher] 2012-06-06 20:49:03+0530 [-] Server Shut Down.
2012-06-06 20:49:03+0530 [AMPLoggingProtocol,0,] AMPLoggingProtocol connection lost (HOST:UNIXAddress('/var/run/caldavd/caldavd.sock') PEER:UNIXAddress(''))
2012-06-06 20:49:03+0530 [-] [caldav-0] [AMP,client] AMP connection lost (HOST:UNIXAddress(None) PEER:UNIXAddress('/var/run/caldavd/caldavd.sock'))
2012-06-06 20:49:03+0530 [-] [caldav-0] [-] Main loop terminated.
2012-06-06 20:49:03+0530 [-] [caldav-0] [-] Server Shut Down.
2012-06-06 20:49:03+0530 [-] [caldav-1] [-] Received SIGINT, shutting down.
2012-06-06 20:49:03+0530 [-] [caldav-1] [AMP,client] AMP connection lost (HOST:UNIXAddress(None) PEER:UNIXAddress('/var/run/caldavd/caldavd.sock'))
2012-06-06 20:49:03+0530 [-] [caldav-1] [-] Main loop terminated.
2012-06-06 20:49:03+0530 [-] [caldav-1] [-] Server Shut Down.
2012-06-06 20:49:03+0530 [AMPLoggingProtocol,1,] AMPLoggingProtocol connection lost (HOST:UNIXAddress('/var/run/caldavd/caldavd.sock') PEER:UNIXAddress(''))
2012-06-06 20:49:03+0530 [-] (TCP Port 8008 Closed)
2012-06-06 20:49:03+0530 [-] (UNIX Port '/var/run/caldavd/caldavd-stats.sock' Closed)
2012-06-06 20:49:03+0530 [-] (UNIX Port '/var/run/caldavd/caldavd.sock' Closed)
2012-06-06 20:49:03+0530 [-] Main loop terminated.
2012-06-06 20:49:03+0530 [-] Server Shut Down.
##
# Copyright (c) 2008 Guido Guenther <a...@sigxcpu.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##
"""
NSS Directory service interfaces.
Uses libc's Name Service Switch for user and groups (/etc/nsswitch.conf).
"""
__all__ = [
"NssDirectoryService",
]
from twistedcaldav.directory.cachingdirectory import CachingDirectoryService,\
CachingDirectoryRecord
from twisted.cred.credentials import UsernamePassword
from twistedcaldav.scheduling.cuaddress import normalizeCUAddr
from twisted.python import log
import pwd, grp, socket
import PAM
class NsSwitch(object):
"""Simple interface to the nsswitch calls"""
def get_user(self, username):
try:
return pwd.getpwnam(username)
except KeyError:
return None
def get_group(self, groupname):
try:
return grp.getgrnam(groupname)
except KeyError:
return None
def get_users(self):
return pwd.getpwall()
def get_groups(self):
return grp.getgrall()
class NssDirectoryService(CachingDirectoryService):
"""
Nss based Directory Service of L{IDirectoryService}
"""
baseGUID = "8EFFFAF1-5221-4813-B971-58506B963573"
def __repr__(self):
return "<%s %r>" % (self.__class__.__name__, self.realmName)
def __init__(self, params):
"""
@param params: a dictionary containing the following keys:
cacheTimeout, realmName, groupPrefix, mailDomain, firstValidUid,
lastValidUid, firstValidGid, lastValidGid
"""
defaults = {
"realmName": "Test Realm",
# we only consider groups starting with:
"groupPrefix": "caldavd-",
# dont set calendarUserAdresses by default
"mailDomain": None,
# exclude system users and nobody by "default":
"firstValidUid": 1000,
"lastValidUid": 65533,
"firstValidGid": 1000,
"lastValidGid": 65533,
"cacheTimeout": 1, # Minutes
"augmentService" : None,
"groupMembershipCache" : None,
}
ignored = None
params = self.getParams(params, defaults, ignored)
super(NssDirectoryService, self).__init__(params['cacheTimeout'])
self.nsswitch = NsSwitch()
self.realmName = params["realmName"]
self.mailDomain = params["mailDomain"]
self.groupPrefix = params["groupPrefix"]
self.first_valid_uid = params["firstValidUid"]
self.first_valid_gid = params["firstValidGid"]
self.last_valid_uid = params["lastValidUid"]
self.last_valid_gid = params["lastValidGid"]
self.augmentService = params["augmentService"]
self.groupMembershipCache = params["groupMembershipCache"]
def recordTypes(self):
recordTypes = (
self.recordType_users,
self.recordType_groups,
)
return recordTypes
def _isValidUid(self, uid):
if uid >= self.first_valid_uid and uid <= self.last_valid_uid:
return True
def _isValidGid(self, gid):
if gid >= self.first_valid_gid and gid <= self.last_valid_gid:
return True
def queryDirectory(self, recordTypes, indexType, indexKey):
self.log_debug("Querying directory for recordTypes %s, "
"indexType %s and indexKey %s" %
(recordTypes, indexType, indexKey),
system="NssDirectoryService")
def _recordWithGUID(recordType, guid):
# Code has to be written to query on GUID
pass
def _recordWithShortName(recordType, shortName):
record = None
if recordType == self.recordType_users:
result = self.nsswitch.get_user(shortName)
if result and self._isValidUid(result[2]):
record = NssUserRecord(
service = self,
userName = result[0],
gecos = result[4],
)
elif recordType == self.recordType_groups:
result = self.nsswitch.get_group(self.groupPrefix + shortName)
if result and self._isValidGid(result[2]):
record = NssGroupRecord(
service = self,
groupName = result[0],
members = result[3]
)
return record
for recordType in recordTypes:
record = None
if indexType == self.INDEX_TYPE_GUID:
record = _recordWithGUID(recordType, indexKey)
elif indexType == self.INDEX_TYPE_SHORTNAME:
record = _recordWithShortName(recordType, indexKey)
elif indexType == self.INDEX_TYPE_CUA:
address = normalizeCUAddr(indexKey)
if address.startswith("urn:uuid:"):
guid = address[9:]
record = _recordWithGUID(recordType, guid)
elif address.startswith("mailto:") and \
address.endswith("@"+self.mailDomain):
shortName = address[7:].partition("@")[0]
record = _recordWithShortName(recordType, shortName)
elif indexType == self.INDEX_TYPE_AUTHID:
pass
if record:
self.recordCacheForType(recordType).addRecord(
record, indexType, indexKey
)
# We got a match, so don't bother checking other types
break
class NssDirectoryRecord(CachingDirectoryRecord):
"""
Nss Directory Record
"""
def __init__(self, service, recordType, shortNames,
fullName=None, emailAddresses=set(),
enabledForCalendaring=None,
enabledForAddressBooks=None,
enabledForLogin=True
):
super(NssDirectoryRecord, self).__init__(
service = service,
recordType = recordType,
guid = None,
shortNames = shortNames,
fullName = fullName,
emailAddresses = emailAddresses,
enabledForCalendaring = enabledForCalendaring,
enabledForAddressBooks= enabledForAddressBooks,
enabledForLogin = enabledForLogin,
)
class NssUserRecord(NssDirectoryRecord):
"""
NSS Users implementation of L{IDirectoryRecord}.
"""
def __init__(self, service, userName, gecos):
recordType = service.recordType_users
shortNames = (userName,)
fullName = gecos.split(",",1)[0]
emailAddresses = set()
if service.mailDomain:
emailAddresses.add("%s@%s" % (userName, service.mailDomain))
super(NssUserRecord, self).__init__(service, recordType, shortNames,
fullName=fullName,
emailAddresses=emailAddresses,
enabledForCalendaring=True,
enabledForAddressBooks=True)
def groups(self):
for result in self.service.nsswitch.get_groups():
if self.service._isValidGid(result[2]) and \
result[0].startswith(self.service.groupPrefix) and \
self.shortNames[0] in result[3]:
yield self.service.recordWithShortName(
self.service.recordType_groups,
result[0].replace(self.service.groupPrefix,'',1)
)
def verifyCredentials(self, credentials):
if isinstance(credentials, UsernamePassword):
# Check that the username supplied matches the shortName
# (The DCS might already enforce this constraint, not sure)
if credentials.username not in self.shortNames:
return False
# Check cached password
try:
if credentials.password == self.password:
return True
except AttributeError:
pass
# Authenticate against PAM
def pam_conv(auth, query_list, userData):
return [(credentials.password, 0)]
auth = PAM.pam()
auth.start("caldav")
auth.set_item(PAM.PAM_USER, credentials.username)
auth.set_item(PAM.PAM_CONV, pam_conv)
try:
auth.authenticate()
except PAM.error, resp:
return False
else:
# Cache the password to avoid future DS queries
self.password = credentials.password
return True
return super(NssUserRecord, self).verifyCredentials(credentials)
class NssGroupRecord(NssDirectoryRecord):
"""
NSS Groups implementation of L{IDirectoryRecord}.
"""
def __init__(self, service, groupName, members=()):
recordType = service.recordType_groups
shortNames = (groupName.replace(service.groupPrefix,'',1),)
super(NssGroupRecord, self).__init__(service, recordType, shortNames,
enabledForCalendaring=False,
enabledForAddressBooks=False,
enabledForLogin=False)
self._members = members
def members(self):
for shortName in self._members:
yield self.service.recordWithShortName(
self.service.recordType_users,
shortName
)
_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
