Actually, the LDAP implementation for the restrictToGroup feature is pretty broken. I just checked in a fix:
https://trac.calendarserver.org/changeset/9741/CalendarServer/trunk On Aug 23, 2012, at 8:43 AM, Morgen Sagen <mor...@apple.com> wrote: > This looks like a bug. The LDAP server we test against has an LDAP attribute > specifically for nested groups, so we've not run into this problem. If you > want to fix ldapdirectory.py by hand you could add "nestedGroups = []" just > above the "if len(result) == 1" line in the restrictedGUIDs( ) method, and > make sure the new line is at the same indention as the "if" statement. I'll > fix this in svn. > > > > On Aug 23, 2012, at 8:32 AM, tobiasbp <tobia...@gmail.com> wrote: > >> I'm running calendarserver 3.2 with the packages available in Debian >> Wheezy (Unstable). I have my users and groups in LDAP. >> >> I can list my users and groups using the command >> "calendarserver_manage_principals". >> >> I would like to restrict calendar users to members of group "calendar_admins" >> >> >> I update my caldavd.plist liek this: >> >> <key>restrictEnabledRecords</key> >> <true/> >> <key>restrictToGroup</key> >> <string>calendar_admins</string> >> >> >> After the change, I can no longer list my users: >> >> su caldavd -p -c "calendarserver_manage_principals --list-principals users" >> >> Traceback (most recent call last): >> File "/usr/bin/calendarserver_manage_principals", line 32, in <module> >> main() >> File "/usr/lib/python2.7/dist-packages/calendarserver/tools/principals.py", >> line 303, in main >> records = list(config.directory.listRecords(listPrincipals)) >> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py", >> line 115, in listRecords >> records = self._query("listRecords", recordType) >> File "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/aggregate.py", >> line 192, in _query >> *[a[len(service.recordTypePrefix):] for a in args] >> File >> "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py", >> line 320, in listRecords >> if self.restrictedGUIDs is not None: >> File >> "/usr/lib/python2.7/dist-packages/twistedcaldav/directory/ldapdirectory.py", >> line 525, in restrictedGUIDs >> self._cachedRestrictedGUIDs = >> set(self._expandGroupMembership(members, nestedGroups, >> returnGroups=True)) >> UnboundLocalError: local variable 'nestedGroups' referenced before assignment >> >> >> Turning off restrictEnabledRecords again like this lets me list my users >> again: >> <key>restrictEnabledRecords</key> >> <false/> >> >> >> Any ideas? Looks like a bug to me. >> _______________________________________________ >> calendarserver-users mailing list >> calendarserver-users@lists.macosforge.org >> http://lists.macosforge.org/mailman/listinfo/calendarserver-users > _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo/calendarserver-users
