Package: calendarserver
Version: 3.2+dfsg-1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After the upgrade from v2.x, calendarserver no longer listens on the
SSL port as it did before. Nothing obvious in the access or error
logs, even in debug mode.
- -- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.4-tinkerbell-0 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages calendarserver depends on:
ii adduser 3.113+nmu3
ii libc6 2.13-33
ii lsb-base 4.1+Debian7
ii memcached 1.4.13-0.1
ii python 2.7.3~rc2-1
ii python-dateutil 1.5-1
ii python-kerberos 1.1+svn4895-1+b2
ii python-openssl 0.13-2
ii python-plist 1.8-1
ii python-pycalendar 2.0~svn188-1
ii python-pygresql 1:4.0-3
ii python-pysqlite2 2.6.3-3
ii python-sqlparse 0.1.4-1
ii python-twisted-conch 1:12.0.0-1
ii python-twisted-core 12.0.0-1
ii python-twisted-mail 12.0.0-1
ii python-twisted-web 12.0.0-1
ii python-twisted-words 12.0.0-1
ii python-xattr 0.6.4-2
ii python-zope.interface 3.6.1-1
ii python2.7 2.7.3~rc2-2.1
ii ssl-cert 1.0.31
Versions of packages calendarserver recommends:
ii python-ldap 2.4.10-1
ii python-pam 0.4.2-13
calendarserver suggests no packages.
- -- Configuration Files:
/etc/caldavd/accounts.xml
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright (c) 2006-2010 Apple Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE accounts SYSTEM "accounts.dtd">
<accounts realm="rjmx Realm">
<user>
<uid>admin</uid>
<password>xxxxxxxxxx</password>
<name>Super User</name>
</user>
<user>
<uid>xxxxx</uid>
<password>xxxxxxxxxxx</password>
<name>xxxxxxxxx</name>
</user>
<group>
<uid>users</uid>
<password>users</password>
<name>Users Group</name>
<members>
<member type="users">xxxx</member>
</members>
</group>
<location>
<uid>livingroom</uid>
<password>LivingRoom-8126</password>
<name>Living Room</name>
</location>
</accounts>
/etc/caldavd/caldavd.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2006-2011 Apple Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<!--
Public network address information
This is the server's public network address, which is provided to
clients in URLs and the like. It may or may not be the network
address that the server is listening to directly, though it is by
default. For example, it may be the address of a load balancer or
proxy which forwards connections to the server.
-->
<!-- Network host name [empty = system host name] -->
<key>ServerHostName</key>
<string>calendar.rjmx.net</string> <!-- The hostname clients use when
connecting -->
<!-- HTTP port [0 = disable HTTP] -->
<key>HTTPPort</key>
<integer>8008</integer>
<!-- SSL port [0 = disable HTTPS] -->
<!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
<key>SSLPort</key>
<integer>8043</integer>
<!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
<key>RedirectHTTPToHTTPS</key>
<true/>
<!--
Network address configuration information
This configures the actual network address that the server binds to.
-->
<!-- List of IP addresses to bind to [empty = all] -->
<key>BindAddresses</key>
<array>
</array>
<!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
<key>BindHTTPPorts</key>
<array>
</array>
<!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
<key>BindSSLPorts</key>
<array>
<integer>8043</integer>
</array>
<!--
Data Store
-->
<!-- Server root -->
<key>ServerRoot</key>
<string>/var/lib/caldavd</string>
<!-- Database connection -->
<key>UseDatabase</key>
<false/>
<!--
<key>DBType</key>
<string>postgres</string>
<key>DSN</key>
<string>127.0.0.1:caldav:caldav:password::</string>
-->
<!-- Data root -->
<key>DataRoot</key>
<string>/var/lib/caldavd</string>
<!-- Document root -->
<key>DocumentRoot</key>
<string>/var/spool/caldavd</string>
<!-- Configuration root -->
<key>ConfigRoot</key>
<string>/etc/caldavd</string>
<!-- Run root -->
<key>RunRoot</key>
<string>/var/run/caldavd</string>
<!-- Child aliases -->
<key>Aliases</key>
<dict>
<!--
<key>foo</key>
<dict>
<key>path</key>
<string>/path/to/foo</string>
</dict>
-->
</dict>
<!--
Quotas and limits
-->
<!-- User quota (in bytes) [0 = no quota] applies to attachments only -->
<key>UserQuota</key>
<integer>104857600</integer> <!-- 100Mb -->
<!-- Maximum number of calendars/address books allowed in a home -->
<!-- 0 for no limit -->
<key>MaxCollectionsPerHome</key>
<integer>50</integer>
<!-- Maximum number of resources in a calendar/address book -->
<!-- 0 for no limit -->
<key>MaxResourcesPerCollection</key>
<integer>10000</integer>
<!-- Maximum resource size (in bytes) -->
<key>MaxResourceSize</key>
<integer>1048576</integer> <!-- 1Mb -->
<!-- Maximum number of unique attendees per entire event -->
<!-- 0 for no limit -->
<key>MaxAttendeesPerInstance</key>
<integer>100</integer>
<!-- Maximum number of instances allowed during expansion -->
<!-- 0 for no limit -->
<key>MaxAllowedInstances</key>
<integer>3000</integer>
<!-- Maximum number of instances allowed for a single RRULE -->
<!-- 0 for no limit -->
<key>MaxInstancesForRRULE</key>
<integer>400</integer>
<!-- NSS Directory Service -->
<!-- Groups starting with groupPrefix are considered calendarserver groups
-->
<!-- Don't treat user id's smaller than firstValidUid as calendarserver
users -->
<!-- Don't treat group id's smaller than firstValidGid as calendarserver
groups -->
<!-- use shortName@mailDomain as calender user mail addresses -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.nss.NssDirectoryService</string>
<key>params</key>
<dict>
<key>realmName</key>
<string>Test Realm</string>
<key>groupPrefix</key>
<string>caldavd-</string>
<key>firstValidUid</key>
<integer>1000</integer>
<key>lastValidUid</key>
<integer>65533</integer>
<key>firstValidGid</key>
<integer>1000</integer>
<key>lastValidGid</key>
<integer>65533</integer>
<key>mailDomain</key>
<string>example.com</string>
<key>cacheTimeout</key>
<integer>30</integer>
</dict>
</dict>
-->
<!--
Directory service
A directory service provides information about principals (eg.
users, groups, locations and resources) to the server.
A variety of directory services are available for use.
-->
<!-- XML File Directory Service -->
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.xmlfile.XMLDirectoryService</string>
<key>params</key>
<dict>
<key>xmlFile</key>
<string>/etc/caldavd/accounts.xml</string>
</dict>
</dict>
<!-- Open Directory Service (Mac OS X) -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.appleopendirectory.OpenDirectoryService</string>
<key>params</key>
<dict>
<key>node</key>
<string>/Search</string>
<key>cacheTimeout</key>
<integer>30</integer>
</dict>
</dict>
-->
<!-- OpenLDAP Directory Service -->
<!--
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>restrictEnabledRecords</key>
<false/>
<key>restrictToGroup</key>
<string></string>
<key>cacheTimeout</key>
<integer>30</integer>
<key>uri</key>
<string>ldap://example.com/</string>
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>never</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string></string>
<key>password</key>
<string></string>
</dict>
<key>authMethod</key>
<string>LDAP</string>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>dc=example,dc=com</string>
<key>guidAttr</key>
<string>entryUUID</string>
<key>users</key>
<dict>
<key>rdn</key>
<string>ou=People</string>
<key>attr</key>
<string>uid</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
<key>loginEnabledAttr</key>
<string></string>
<key>loginEnabledValue</key>
<string>yes</string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>uid</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<string>mail</string>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>ou=Group</string>
<key>attr</key>
<string>cn</string>
<key>emailSuffix</key>
<string></string>
<key>filter</key>
<string></string>
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<string>mail</string>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>member</string>
<key>nestedGroupsAttr</key>
<string></string>
<key>memberIdAttr</key>
<string></string>
</dict>
<key>resourceSchema</key>
<dict>
<key>resourceInfoAttr</key>
<string></string>
<key>autoScheduleAttr</key>
<string></string>
<key>autoScheduleEnabledValue</key>
<string>yes</string>
<key>proxyAttr</key>
<string></string>
<key>readOnlyProxyAttr</key>
<string></string>
</dict>
</dict>
</dict>
-->
<!-- Resource and Location Service -->
<key>ResourceService</key>
<dict>
<key>Enabled</key>
<true/>
<key>type</key>
<string>twistedcaldav.directory.xmlfile.XMLDirectoryService</string>
<key>params</key>
<dict>
<key>xmlFile</key>
<string>/etc/caldavd/resources.xml</string>
</dict>
</dict>
<!--
Special principals
These principals are granted special access and/or perform
special roles on the server.
-->
<!-- Principals with "DAV:all" access (relative URLs) -->
<key>AdminPrincipals</key>
<array>
<!--
<string>/principals/__uids__/AEB68DD7-D2B8-4D4D-A574-2A4533DF36A4/</string> -->
</array>
<!-- Principals with "DAV:read" access (relative URLs) -->
<key>ReadPrincipals</key>
<array>
<!--
<string>/principals/__uids__/983C8238-FB6B-4D92-9242-89C0A39E5F81/</string> -->
</array>
<!-- Create "proxy access" principals -->
<key>EnableProxyPrincipals</key>
<true/>
<!--
Permissions
-->
<!-- Anonymous read access for root resource -->
<key>EnableAnonymousReadRoot</key>
<true/>
<!-- Anonymous read access for resource hierarchy -->
<key>EnableAnonymousReadNav</key>
<false/>
<!-- Enables directory listings for principals -->
<key>EnablePrincipalListings</key>
<false/>
<!-- Render calendar collections as a monolithic iCalendar object -->
<key>EnableMonolithicCalendars</key>
<true/>
<!--
Authentication
-->
<key>Authentication</key>
<dict>
<!-- Clear text; best avoided -->
<key>Basic</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
<!-- Digest challenge/response -->
<key>Digest</key>
<dict>
<key>Enabled</key>
<true/>
<key>Algorithm</key>
<string>md5</string>
<key>Qop</key>
<string></string>
</dict>
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<true/>
<key>ServicePrincipal</key>
<string></string>
</dict>
</dict>
<!--
Logging
-->
<!-- Log root -->
<key>LogRoot</key>
<string>/var/log/caldavd</string>
<!-- Apache-style access log -->
<key>AccessLogFile</key>
<string>access.log</string>
<key>RotateAccessLog</key>
<true/>
<!-- Server activity log -->
<key>ErrorLogFile</key>
<string>error.log</string>
<!-- Log levels -->
<key>DefaultLogLevel</key>
<string>debug</string> <!-- debug, info, warn, error -->
<!-- Global server stats -->
<key>GlobalStatsSocket</key>
<string>caldavd-stats.sock</string>
<!-- Server process ID file -->
<key>PIDFile</key>
<string>caldavd.pid</string>
<!--
SSL/TLS
-->
<!-- Public key -->
<key>SSLCertificate</key>
<string>/etc/ssl/certs/rjmx-calendar.crt</string>
<!-- SSL authority chain (for intermediate certs) -->
<key>SSLAuthorityChain</key>
<string>/etc/ssl/certs/rjmx-ca.crt</string>
<!-- Private key -->
<key>SSLPrivateKey</key>
<string>/etc/ssl/keys/rjmx-calendar.key</string>
<!--
Process management
-->
<key>UserName</key>
<string>caldavd</string>
<key>GroupName</key>
<string>caldavd</string>
<key>ProcessType</key>
<string>Combined</string>
<key>MultiProcess</key>
<dict>
<key>ProcessCount</key>
<integer>0</integer> <!-- 0 = larger of: 4 or (2 * CPU count) -->
</dict>
<!--
Notifications
-->
<key>Notifications</key>
<dict>
<!-- Time spent coalescing notifications before delivery -->
<key>CoalesceSeconds</key>
<integer>3</integer>
<key>Services</key>
<dict>
<key>XMPPNotifier</key>
<dict>
<!-- XMPP notification service -->
<key>Service</key>
<string>twistedcaldav.notify.XMPPNotifierService</string>
<key>Enabled</key>
<false/>
<!-- XMPP host and port to contact -->
<key>Host</key>
<string>xmpp.host.name</string>
<key>Port</key>
<integer>5222</integer>
<!-- Jabber ID and password for the server -->
<key>JID</key>
<string>j...@xmpp.host.name/resource</string>
<key>Password</key>
<string>password_goes_here</string>
<!-- PubSub service address -->
<key>ServiceAddress</key>
<string>pubsub.xmpp.host.name</string>
</dict>
</dict>
</dict>
<!--
Server-to-server protocol
-->
<key>Scheduling</key>
<dict>
<!-- CalDAV protocol options -->
<key>CalDAV</key>
<dict>
<key>EmailDomain</key>
<string></string>
<key>HTTPDomain</key>
<string></string>
<key>AddressPatterns</key>
<array>
</array>
</dict>
<!-- iSchedule protocol options -->
<key>iSchedule</key>
<dict>
<key>Enabled</key>
<false/>
<key>AddressPatterns</key>
<array>
</array>
<key>Servers</key>
<string>/etc/caldavd/servertoserver.xml</string>
</dict>
<!-- iMIP protocol options -->
<key>iMIP</key>
<dict>
<key>Enabled</key>
<false/>
<key>MailGatewayServer</key>
<string>localhost</string>
<key>MailGatewayPort</key>
<integer>62310</integer>
<key>Sending</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>587</integer>
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>Address</key>
<string></string> <!-- Address email will be sent from -->
</dict>
<key>Receiving</key>
<dict>
<key>Server</key>
<string></string>
<key>Port</key>
<integer>995</integer>
<key>Type</key>
<string></string> <!-- Either "pop" or "imap" -->
<key>UseSSL</key>
<true/>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
<key>PollingSeconds</key>
<integer>30</integer>
</dict>
<key>AddressPatterns</key>
<array>
<string>mailto:.*</string>
</array>
</dict>
</dict>
<!--
Free-busy URL protocol
-->
<key>FreeBusyURL</key>
<dict>
<key>Enabled</key>
<true/>
<key>TimePeriod</key>
<integer>14</integer>
<key>AnonymousAccess</key>
<false/>
</dict>
<!--
Non-standard CalDAV extensions
-->
<!-- Private Events -->
<key>EnablePrivateEvents</key>
<true/>
<!-- Shared Calendars & Address Books -->
<key>Sharing</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<!--
Miscellaneous items
-->
<!-- Web-based administration -->
<key>EnableWebAdmin</key>
<true/>
<!-- Memcached -->
<key>Memcached</key>
<dict>
<key>Pools</key>
<dict>
<key>Default</key>
<dict>
<key>ServerEnabled</key>
<false/>
</dict>
</dict>
</dict>
</dict>
</plist>
/etc/caldavd/sudoers.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>users</key>
<array>
<!-- Sudo user definitions -->
<!-- With the exception of username and password none of the following
elements are used in the current implementation. -->
<!--
<dict>
<key>authorize-as</key>
<dict>
<key>allow</key>
<true/>
<key>principals</key>
<array>
<string>all</string>
<string>/principals/user/wsanchez</string>
</array>
</dict>
<key>authorize-from</key>
<array>
<string>127.0.0.1</string>
</array>
<key>username</key>
<string></string>
<key>password</key>
<string></string>
</dict>
- -->
<dict>
<key>username</key>
<string>superuser</string>
<key>password</key>
<string>xxxxxxxxxx</string>
</dict>
</array>
</dict>
</plist>
/etc/default/calendarserver changed:
start_calendarserver=yes
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJP/P2eAAoJEDHYrtWvbQ1KrisP/jqFSRU7vYqaBUJED40z5q2q
f6YKkOtPAd2tJlcRVCtAPkgmJ3rI8QK/4ZFerhx+I+N5XtppRncf6GDK/pKAX1qa
tf9KrD+/lQPrxltckREsIVfuaxWKNO79EYPbNyJkbaQgmX7kmwny9be0Cfm8wnsf
D7dpP71KvDEohV2Id3SHav5ZMmQCleIlg7DpCsc7ms4YEgnRJyBilQomb8XjzbeE
pPxDLiN1PDKXyTe7xpBcKM98sK/NfkAPApO6+be8hJacbxkkufqkHdlMAr4qxp/i
uqeaFHAK98VnNsGYMMpaTAXA0zWDn3zrflEDrhJps+nCqxZM8j38FptYFU5DwLmy
+UDdnUsabOqYUWUNCbT3Ckmok+PH5rr5NuKFtIta+WCMjd97istPvRcxvf52EVjo
YyFV1ia5HJzIMb+ukChdNje/qA+aKLneRvjl3dPNHBKsb9jOsdvvPVDdXZe2g5wi
T0i9nmsHxAgNW4uSK/e/IGBDI9BnTf0Meh8jZNAtVz1K2pAa26hzXHfSDBe7sFSA
DCAXA4WuG8wRsb4CjN9bTxHTq8EjAJi/IJq4K8sFhjUiazlsxXH8A7qtZ8tdjCky
7Z76HYHucGY8kL7Zn6iRbQ8Uf3/XYcH5/sqd845a4+PUYCZYolylmLANlka87GBD
qYyqTmVn6oLIyohMukti
=YWlm
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
