On Dec 17, 2012, at 12:42 PM, Thomas Harvey <harve...@mac.com> wrote:
> Thanks dre, I realised after asking that it had moved to a postgres backed > datastore. > > Although, I guess we could have 2 cardDAV servers running, one in read only > and the other in read-write, but both on the same DB backend? In the read > only server, authentication would be valid for all listed in the ou=people > branch of the directory, but the read-write server would only allow > connection from specific roles...just a thought, or is this completely > outrageous? It sounds completely outrageous, but it might actually work :) The 'read only server' option is a caldavd.plist setting, and (afaik) merely disables write operations. So really all you need to do is deploy multiple server instances pointed at the same DB backend, and with the same configuration (except for the read-only setting). Normally in a multi-server config, you want all servers behind a load balancer, but in this case, you want them discretely addressable on purpose. Be aware that in such a config, there would be nothing to stop the user from connecting to the writable service - if that's a consideration, you'll need to implement your own measures for doing this. Directly using LDAP concepts for authorization, such as record location within the LDAP tree, is bordering on out of scope for Calendar Server. However, there are bits in the accounts and augments files that can be set as a result of your policy evaluations - see these: http://trac.calendarserver.org/browser/CalendarServer/trunk/conf/auth Here's a doc that can help you get to a multi-server config: http://trac.calendarserver.org/browser/CalendarServer/trunk/doc/Admin/MultiServerDeployment.rst The config option for read-only mode is called EnableReadOnlyServer, and is false by default. HTH, -dre > > I'll also be sure to check out gaya's branch to see what direction is being > taken there, perhaps I can help out with that. > > Tom > > On Dec 17, 2012, at 08:32 PM, Andre LaBranche <d...@mac.com> wrote: > >> >> On Dec 14, 2012, at 5:30 AM, Thomas Harvey <harve...@mac.com> wrote: >> >> > I've got myself a nice new CardDAV server setup and I'm working on the >> > user accounts - just through the XML based directory. I would like to have >> > one collection of contacts which has an admin user with read/write access >> > but to also have a subordinate user who can connect to this collection >> > with read only access. I don't particularly need to be able to provide a >> > separate contacts collection for the subordinate user. >> > >> > The current thinking is to have a Principal which is listed in the >> > caldavd.plist as a ReadPrincipal and then to symlink the folder for that >> > principal into another location, which is listed as AdminPrincipals - Is >> > this really the best way to do this? >> >> Symlinks probably won't help you here; the Calendar Server backend is a >> postgres database. It used to be a filesystem, but that was a long time >> ago... >> >> Unfortunately I don't think there's currently any support in the server for >> what you're asking for. There is a 'read only server' switch, but it's >> global for the entire service. There is some CardDAV sharing stuff in >> development, but it's not release-quality yet. Here's the branch if you're >> curious what is being done: >> >> http://trac.calendarserver.org/log/CalendarServer/branches/users/gaya/sharedgroups >> >> Cheers, >> -dre >> > _______________________________________________ > calendarserver-users mailing list > calendarserver-users@lists.macosforge.org > http://lists.macosforge.org/mailman/listinfo/calendarserver-users
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo/calendarserver-users
