apple
problems about openldap
ldap can't use... when i open the openldap config in caldavd-test.plist, and copy to caldavd-dev.plist,there has errors in console.
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] done
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] server started
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] pg_ctl process ended with status=0
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#info] /opt/calendarserver/.develop/roots/PostgreSQL/bin/pg_ctl exited
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#critical] Can't start or connect to postgres: 'ConfigDict' object has no attribute 'loginAllowed'
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#info] Requesting postgres stop via: ['/opt/calendarserver/.develop/roots/PostgreSQL/bin/pg_ctl', 'stop', '--log=/opt/calendarserver/data/Logs/postgres.log']
2017-02-11T08:32:59+0800 [memcached-Default] Signal handled: Terminated.
2017-02-11T08:32:59+0800 [-] (UNIX Port ./data/Logs/state/caldavd.sock Closed)
2017-02-11T08:32:59+0800 [-] (TCP Port 62311 Closed)
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] waiting for server to shut down...
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] .
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] done
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] server stopped
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] pg_ctl process ended with status=0
2017-02-11T08:33:00+0800 [-] Main loop terminated.
2017-02-11T08:33:00+0800 [twisted.scripts._twistd_unix.UnixAppLogger#info] Server Shut Down.
Can't start or connect to postgres: 'ConfigDict' object has no attribute 'loginAllowed' ??
Yes it is terrible, how unclear everything is. Add this to mapping
<key>mapping</key>
<dict>
<key>loginAllowed</key>
<string>ldap-boolean-field</string>
This should be documented or at least included in the sample ldap config linked from the FAQ; thanks for the report. The suggestion from @f1-outsourcing is correct.
yes. openldap integration works. my ldap config:
<key>DirectoryService</key>
<dict>
<key>type</key>
<string>ldap</string>
<key>params</key>
<dict>
<key>recordTypes</key>
<array>
<string>users</string>
<string>groups</string>
</array>
<key>uri</key>
<string>ldap://*/</string>
<key>credentials</key>
<dict>
<key>dn</key>
<string>*</string>
<key>password</key>
<string>*</string>
</dict>
<key>rdnSchema</key>
<dict>
<key>base</key>
<string>*</string>
<key>users</key>
<string>cn=admin</string>
<key>groups</key>
<string>cn=admin</string>
<key>locations</key>
<string>cn=admin</string>
<key>resources</key>
<string>cn=admin</string>
<key>addresses</key>
<string>cn=admin</string>
</dict>
<key>mapping</key>
<dict>
<key>loginAllowed</key>
<string>ldap-boolean-field</string>
<key>uid</key>
<array>
<string>cn</string>
</array>
<key>guid</key>
<array>
<string>uidNumber</string>
</array>
<key>shortNames</key>
<array>
<string>uid</string>
</array>
<key>fullNames</key>
<array>
<string>sn</string>
</array>
<key>emailAddresses</key>
<array>
<string>mail</string>
</array>
</dict>
</dict>
</dict>
As of this commit, you don't have to include loginAllowed if you don't want to control whether a user can log in or not via an LDAP attribute:
https://github.com/apple/ccs-calendarserver/commit/a92d8a50669e834af2e4a93b812f0c298379ce1f
