Here is the DirectoryService config that worked for me. This works on
CalendarServer trunk (checked out on 2012-12-22). Your mileage may vary.
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
<!--
<string>locations</string>
<string>resources</string>
-->
</array>
<key>cacheTimeout</key>
<integer>10</integer>
<key>uri</key>
<string>ldap://active.directory.server.com:389/</string>
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>never</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string>cn=ad_lookup_user,cn=Users,dc=domain,dc=tld</string>
<key>password</key>
<string>ad_lookup_user_password</string>
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>cn=Users,dc=domain,dc=tld</string>
<key>guidAttr</key>
<string>sAMAccountName</string>
<key>users</key>
<dict>
<key>filter</key>
<string>(objectClass=user)</string>
<key>rdn</key>
<string></string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>sAMAccountName</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string></string>
<key>filter</key>
<string>(objectClass=group)</string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>sAMAccountName</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>locations</key>
<dict>
<key>rdn</key>
<string>ou=locations</string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>resources</key>
<dict>
<key>rdn</key>
<string>ou=resources</string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>uniqueMember</string>
<key>nestedGroupsAttr</key>
<string></string>
<key>memberIdAttr</key>
<string></string>
</dict>
<key>resourceSchema</key>
<dict>
<key>resourceInfoAttr</key>
<string></string>
<key>autoAcceptGroupAttr</key>
<string></string>
<key>autoScheduleAttr</key>
<string></string>
<key>autoScheduleEnabledValue</key>
<string></string>
<key>proxyAttr</key>
<string></string>
<key>readOnlyProxyAttr</key>
<string></string>
</dict>
</dict>
</dict>
On 11/28/2012 11:17 PM, Dennison Williams wrote:
> I am currently trying to configure calendarserver to pull users and
> groups from Microsoft Active Directory and I am having a hard time
> figuring out the schema that is required for the mapping to the calendar
> server filed names. The documentation
> (http://trac.calendarserver.org/wiki/ConfiguringLDAP) does not clarify
> it for me either. Are the definitions one for one in the RFC (I have
> not read through that yet)?
>
> For example:
>
> <key>users</key>
> <dict>
> <key>rdn</key>
> <string></string> <!-- this is included in my basdn
> specified elsewhere -->
> <key>attr</key> <!-- this is the calendarserver field name
> ? -->
> <string>uid</string><!-- and this is the related field in
> the LDAP qurey results? If so how do I find out what it is expecting
> here? Is this a mapping to a UNIX uid? Im confused -->
> <key>emailSuffix</key> <!-- how is this used ? -->
> <string></string>
> <key>filter</key>
> <string></string> <!-- This would be the filter for
> filtering out all of the results we are not interested in right? -->
> </dict>
>
> Thanks for any help!
> Dennison Williams
>
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/calendarserver-users
