Hi Irma,
in SOGo you can set a superuser in sogo.conf then under that user you
can set rights to any calendar in SOGo Web GUI.
Alternatively set a password to your resource and login into its SOGo
Web GUI.
Kind Regards,
Michal
Dne 02.11.2018 v 17:14 Rene Schroth ([email protected]) napsal(a):
Hi Michal,
the question was, how are you able to set the ACL, if you cannot login
with your resource's account into SOGo Web GUI in order to manipulate
the "Sharing" settings.
BR
Irma
_______________________________________________________________
Am 02.11.2018 um 16:05 schrieb Michal Kminek ([email protected]):
Hi Irma,
use the email attribute with your resource and use any email address.
For me "View Time and Date" for "All Authenticated Users" was
sufficient. You can set higher rights for certain users so they can
see event details.
Regards,
Michal
Dne 02.11.2018 v 12:06 Rene Schroth ([email protected]) napsal(a):
Hi Michal,
> It's not important whether you have mailGroup objectClass or not
I know. Any oC providing the mail attribute is required.
>Just
> review the objectClasses you mentioned for the email attribute and
> choose one.
My LDIF has objectClass mailUser and inetOrgPerson. Both of them
provide the mail attribute.
How do you set the ACL for the resource's calendar in order to make
it readable for the other users?
BR
Irma
_______________________________________________________________
Am 02.11.2018 um 09:38 schrieb Michal Kminek ([email protected]):
Hi Irma,
It's not important whether you have mailGroup objectClass or not.
You need to add any objectClass that contains an email attribute.
Just review the objectClasses you mentioned for the email attribute
and choose one. Then check all attributes of the objectClasses,
some attributes can be mandatory and some are optional. Choose an
objectClass ideally with no mandatory attributes or mandatory
attributes that already exist in your resource definition (sn, uid,
...) then just add the email attribute.
Regards
Michal
Dne 01.11.2018 v 20:37 Rene Schroth ([email protected]) napsal(a):
Hi Michal,
thank you very much for your reply.
Great to know, that generally LDAP calendar resources in SOGo work
without restriction.
I guess that you do not use the iRedMail OpenLDAP server, because
I do and there's no objectClass mailGroup available.
My iRedMail OpenLDAP installation provides these mail-related
objectClasses:
- mailAdmin
- mailAlias
- mailDomain
- mailExternalUser
- mailList
- mailUser
BTW: If you use mailGroup, how do you login with the resource's
account into SOGo in order to set the ACL? Are group accounts
capable to login to SOGo in your environment?
BR
Irma
_______________________________________________________________
Am 31.10.2018 um 13:16 schrieb Michal Kminek ([email protected]):
Hi Irma,
we use LDAP for users and resources. Just to comment some
entries, Multiplebookings attribute works as expected the
resource can be booked only once if set to 1, free/busy is shown
correctly.
We use mailgroup class so that our resource can have its own
email address, the email address is fictitious. With mailgroup
class comes email attribute. Additionally our resource is located
in the same tree (ou=People,dc=example,dc=com) as the other
users. As a result when creating a new event with the resource as
a participant we get a hint (name of the resource) after writing
first three letters (Mee...). It's given by the fact that SOGo
offers hints only from the first configured LDAP resource in
sogo.conf. It works in SOGo web interface and in Thunderbird with
SOGo Integrator.
The calendar has set the following right "View Time and Date" for
"All Authenticated Users".
Here is our LDAP entry - LDIF:
dn: cn=Meeting Room,ou=People,dc=example,dc=com
Multiplebookings: 1
Kind: location
cn: Meeting Room
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: calendarresource
objectClass: calEntry
objectClass: account
objectClass: mailgroup
mail: [email protected]
sn: meetingrooom
uid: meetingrooom
userPassword:
parentid: 4
creatorsname: cn=directory manager
nsuniqueid: 741f2031-e1b221e6-81e6eeab-baae8424
entryid: 106
hassubordinates: FALSE
entrydn: cn=Meeting Room,ou=People,dc=example,dc=com
numsubordinates: 0
subschemasubentry: cn=schema
modifiersname: cn=directory manager
Kind Regards,
Michal
Dne 30.10.2018 v 14:37 Rene Schroth ([email protected])
napsal(a):
Approved that it is an LDAP issue:
- Removed objectClasses calEntry and CalendarResource from
Meetingroom's LDAP set.
- Result: Free/Busy times are being displayed during event
creation!
Again the question: Is there anybody with a working LDAP
resources setup who could provide a sample LDIF of a resource?
Thank you!
BR
Irma
########################################################################
My resources' Free/Busy times still won't work.
For normal users, Free/Busy times work fine!
Here's more detail about the configurations.
(1) Resource 'meetingroom' created in LDAP, resides in the same
OU as the normal users. Has same objectClasses and attributes as
normal user accounts PLUS objectClasses 'calEntry' and
'CalendarResource' with their attributes [values] 'Kind'
[location] and 'Multiplebookings' [1]. Meetingroom's full LDAP set:
#########################################################################
dn:
[email protected],ou=Users,domainName=mycompany.com,o=domains,dc=mycompany,dc=com
mail: [email protected]
mailQuota: 1048576
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: calEntry
objectClass: CalendarResource
storageBaseDirectory: /data/mboxes
enabledService: indexer-worker
enabledService: doveadm
enabledService: dsync
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
enabledService: mail
enabledService: forwarding
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: smtp
enabledService: smtpsecured
enabledService: imap
enabledService: imapsecured
enabledService: imaptls
enabledService: managesieve
enabledService: managesievesecured
enabledService: sogo
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
amavisLocal: TRUE
accountStatus: active
shadowLastChange: 0
mailHost: localhost
cn: Meetingroom
gidNumber: 2104
homeDirectory: /data/mboxes/vmail1/mycompany.com/meetingroom/
mailMessageStore: vmail1/mycompany.com/meetingroom/
loginShell: /sbin/nologin
sn: Meetingroom
uid: meetingroom
uidNumber: 2104
userPassword:
{CRYPT}$6$ncaXAOch$FuQ9weAfqMUvbKlsam2X/e13t0cIMrnvz/S7q/XqrWq4xyK
OigNGjMPYuvBvzVYrZRJPEUPatnFlHx5rhz74O1
displayName: Meetingroom
Multiplebookings: 1
Kind: location
###########################################################################
(2) ACL settings on Meetingroom's SOGo Personal Calendar:
Any Authenticated User:
- Public / View All
- Confidential / View All
- Private / View All
- This person can create objects in my calendar: NOT CHECKED
- This person can erase objects from my calendar: NOT CHECKED
(3) ACL settings on all Testusers' SOGo Personal Calendars:
Any Authenticated User:
- Public / View the Date & Time
- Confidential / View the Date & Time
- Private / View the Date & Time
- This person can create objects in my calendar: NOT CHECKED
- This person can erase objects from my calendar: NOT CHECKED
Scenario:
- Testuser [email protected] creates event1 on his SOGo
Personal Calendar, inviting testuser [email protected] and
[email protected].
- Meetingroom auto-accepts invitation and adds event to its SOGo
Personal Calendar.
- User2 gets invitation mail and event with dashed line in his
mailbox and SOGo Personal Calendar respectively.
- User2 accepts invitation (manual action). Event's line
continuous now.
- User1 gets confirmation mail and event status on all involved
calendars show that both Meetingroom and User2 have accepted
invitation.
- Testuser [email protected] creates event2 overlapping
event1's times, inviting User2, User4 and Meetingroom:
-- Free/Busy times of User2 show: BLOCKED
-- Free/Busy times of User4 show: FREE
-- Free/Busy times of Meetingroom: FREE
Conclusion: Everything works like expected, excepted
Meetingroom's Free/Busy times. It should show BLOCKED on the 2nd
event!
Does anybody have OpenLDAP resources work correctly on SOGo?
Thank you very much!
BR
Irma
--
[email protected]
https://inverse.ca/sogo/lists
