Cyrus,
I'm having trouble accessing group calendars. So far I've
implemented a
custom directory service tied to my application, but when a member
tries
to access their group's calendar, I get a "403 Forbidden"
response. The
custom directory service is properly returning the set of members
for the
group and then the DirectoryRecords for each member in the group.
I've
verified that the groupMembers() method in principal.py returns the
proper DirectoryPrincipalResources of the members as well. I
don't know
if it's an issue with the directory service, but I thought I'd
mention it
anyway.
Can someone please explain what I'm missing?
To check whether principals and group memberships are setup
properly, use a browser and view the /principals hierarchy there.
When you click on a principal the server will generate an HTML page
with some (really) useful information on it. So check that your
groups do appear under /principals and that their membership looks
right. Also check the regular principals that are members of a
group to verify they show themselves as belonging to it.
If the principal all look OK, then next thing to check is the ACLs
on the resources you are trying to access. For that you may need to
probe with a WebDAV client that allows you to inspect the ACL
property (you will likely need to do that as the admin user).
As always, I really appreciate your quick response. I think I'm on
the right track now at least, but unfortunately, I haven't figured
this one out on my own. For example, when I try to view my group
principal in the browser, I get the following error (or vice versa on
the user principal):
Unhandled Error
Traceback (most recent call last):
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 191, in addCallback
callbackKeywords=kw)
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 182, in addCallbacks
self._runCallbacks()
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 317, in _runCallbacks
self.result = callback(self.result, *args, **kw)
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 663, in unwindGenerator
return _deferGenerator(f(*args, **kwargs))
--- <exception caught here> ---
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 623, in _deferGenerator
result = g.next()
File "/Users/admin/Developer/Collaboration/CalendarServer/
twistedcaldav/extensions.py", line 269, in gotProperties
property = property.getResult()
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
internet/defer.py", line 609, in getResult
self.result.raiseException()
File "/Users/admin/Developer/Collaboration/Twisted/twisted/
python/failure.py", line 259, in raiseException
raise self.type, self.value, self.tb
exceptions.AssertionError: Not an element:
<DirectoryPrincipalResource: /Users/admin/Developer/Collaboration/
CalendarServer/data/principals/users/keating>
I'll keep looking into it on my own, but thought I'd throw this error
message back to you first, in case the problem becomes apparent and
you've got a quick answer. Plus the ACLs all look okay, but I have
no experience with ACLs. Which ACE does a group's member fall under?
Thanks,
- Tyler Keating
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/calendarserver-users
