This looks like a bug. The LDAP server we test against has an LDAP attribute
specifically for nested groups, so we've not run into this problem. If you
want to fix ldapdirectory.py by hand you could add "nestedGroups = []" just
above the "if len(result) == 1" line in the restrictedGUIDs( ) method, and make
sure the new line is at the same indention as the "if" statement. I'll fix
this in svn.
>
>
> On Aug 23, 2012, at 8:32 AM, tobiasbp <tobia...@gmail.com> wrote:
>
>> I'm running calendarserver 3.2 with the packages available in Debian
>> Wheezy (Unstable). I have my users and groups in LDAP.
>>
>> I can list my users and groups using the command
>> "calendarserver_manage_principals".
>>
>> I would like to restrict calendar users to members of group "calendar_admins"
>>
>>
>> I update my caldavd.plist liek this:
>>
>> <key>restrictEnabledRecords</key>
>> <true/>
>> <key>restrictToGroup</key>
>> <string>calendar_admins</string>
>>
>>
>> After the change, I can no longer list my users:
>>
>> su caldavd -p -c "calendarserver_manage_principals --list-principals users"
>>
>> Traceback (most recent call last):
>> File "/usr/bin/calendarserver_manage_principals", line 32, in <module>
>> main()
>> File "/usr/lib/python2.7/dist-packages/calendarserver/tools/principals.py",
>> line 303, in main
>> records = list(config.directory.listRecords(listPrincipals))
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py",
>> line 115, in listRecords
>> records = self._query("listRecords", recordType)
>> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py",
>> line 192, in _query
>> *[a[len(service.recordTypePrefix):] for a in args]
>> File
>> "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py",
>> line 320, in listRecords
>> if self.restrictedGUIDs is not None:
>> File
>> "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py",
>> line 525, in restrictedGUIDs
>> self._cachedRestrictedGUIDs =
>> set(self._expandGroupMembership(members, nestedGroups,
>> returnGroups=True))
>> UnboundLocalError: local variable 'nestedGroups' referenced before assignment
>>
>>
>> Turning off restrictEnabledRecords again like this lets me list my users
>> again:
>> <key>restrictEnabledRecords</key>
>> <false/>
>>
>>
>> Any ideas? Looks like a bug to me.
>> _______________________________________________
>> calendarserver-users mailing list
>> calendarserver-users@lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo/calendarserver-users
>
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/calendarserver-users
