Last modified 11 months ago
Last modified on 07/12/12 11:25:11
Configuring Calendar Server for LDAP
By default, Calendar Server fetches users and groups from the configured directory service, and locations and resources from a local XML file. If you would like all four record types to come out of LDAP, modify the caldavd.plist as follows:
1) Disable the resource/location XML service by changing "ResourceService > Enabled" to false:
<key>ResourceService</key>
<dict>
<key>Enabled</key>
<false/>
2) Add a "recordTypes" array to the "DirectoryService > params" dictionary, as well as configuring the DN's and attributes your LDAP server uses. Each record type has an RDN (the dn relative to your base dn), and a mapping of calendar server record field names to LDAP attributes:
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>twistedcaldav.directory.ldapdirectory.LdapDirectoryService</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
<string>locations</string>
<string>resources</string>
</array>
<key>cacheTimeout</key>
<integer>10</integer>
<key>uri</key>
<string>ldap://ldapserver.example.com/</string> <!-- your ldap server url -->
<key>tls</key>
<false/>
<key>tlsCACertFile</key>
<string></string>
<key>tlsCACertDir</key>
<string></string>
<key>tlsRequireCert</key>
<string>never</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string>uid=admin,ou=people,o=example.com</string> <!-- dn to auth as -->
<key>password</key>
<string>PASSWORD</string> <!-- password to auth with -->
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>o=example.com</string> <!-- your base dn -->
<key>guidAttr</key>
<string>GUID</string> <!-- LDAP attribute used for GUIDs -->
<key>users</key>
<dict>
<key>rdn</key>
<string>ou=people</string> <!-- dn for users (relative to base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>uid</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string>givenName</string>
<key>lastName</key>
<string>sn</string>
</dict>
</dict>
<key>groups</key>
<dict>
<key>rdn</key>
<string>ou=groups</string> <!-- dn for groups (relative to base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
<string>mail</string>
<string>mailAlias</string>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>locations</key>
<dict>
<key>rdn</key>
<string>ou=locations</string> <!-- dn for locations (relative to base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
<key>resources</key>
<dict>
<key>rdn</key>
<string>ou=resources</string> <!-- dn for resources (relative to base dn) -->
<key>mapping</key>
<dict>
<key>recordName</key>
<string>cn</string>
<key>fullName</key>
<string>cn</string>
<key>emailAddresses</key>
<array>
</array>
<key>firstName</key>
<string></string>
<key>lastName</key>
<string></string>
</dict>
</dict>
</dict>
<key>groupSchema</key>
<dict>
<key>membersAttr</key>
<string>uniqueMember</string> <!-- LDAP attribute which indicates members of a group -->
<key>nestedGroupsAttr</key>
<string></string>
<key>memberIdAttr</key>
<string></string>
</dict>
<key>resourceSchema</key>
<dict>
<key>resourceInfoAttr</key>
<string></string>
<key>autoScheduleAttr</key>
<string></string>
<key>autoScheduleEnabledValue</key>
<string></string>
<key>proxyAttr</key>
<string></string>
<key>readOnlyProxyAttr</key>
<string></string>
</dict>
</dict>
</dict>