problems about openldap

[gordanyang]

ldap can't use... when i open the openldap config in caldavd-test.plist, and copy to caldavd-dev.plist,there has errors in console.

2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info]  done
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] server started
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] pg_ctl process ended with status=0
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#info] /opt/calendarserver/.develop/roots/PostgreSQL/bin/pg_ctl exited
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#critical] Can't start or connect to postgres: 'ConfigDict' object has no attribute 'loginAllowed'
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres#info] Requesting postgres stop via: ['/opt/calendarserver/.develop/roots/PostgreSQL/bin/pg_ctl', 'stop', '--log=/opt/calendarserver/data/Logs/postgres.log']
2017-02-11T08:32:59+0800 [memcached-Default] Signal handled: Terminated.
2017-02-11T08:32:59+0800 [-] (UNIX Port ./data/Logs/state/caldavd.sock Closed)
2017-02-11T08:32:59+0800 [-] (TCP Port 62311 Closed)
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] waiting for server to shut down...
2017-02-11T08:32:59+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] .
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info]  done
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] server stopped
2017-02-11T08:33:00+0800 [txdav.base.datastore.subpostgres.PostgresMonitor#info] pg_ctl process ended with status=0
2017-02-11T08:33:00+0800 [-] Main loop terminated.
2017-02-11T08:33:00+0800 [twisted.scripts._twistd_unix.UnixAppLogger#info] Server Shut Down.

Can't start or connect to postgres: 'ConfigDict' object has no attribute 'loginAllowed' ??

[f1-outsourcing]

Yes it is terrible, how unclear everything is. Add this to mapping

    <key>mapping</key>
    <dict>
      <key>loginAllowed</key>
        <string>ldap-boolean-field</string>

[gordanyang]

thanks f1-outsourcing . It works.

[dreness]

This should be documented or at least included in the sample ldap config linked from the FAQ; thanks for the report. The suggestion from @f1-outsourcing is correct.

[gordanyang]

yes. openldap integration works. my ldap config:

<key>DirectoryService</key>
    <dict>
      <key>type</key>
      <string>ldap</string>

      <key>params</key>
      <dict>
        <key>recordTypes</key>
        <array>
           <string>users</string>
           <string>groups</string>
        </array>
        <key>uri</key>
        <string>ldap://*/</string>
        <key>credentials</key>
        <dict>
          <key>dn</key>
          <string>*</string>
          <key>password</key>
          <string>*</string>
        </dict>
        <key>rdnSchema</key>
        <dict>
          <key>base</key>
          <string>*</string>
          <key>users</key>
          <string>cn=admin</string>
          <key>groups</key>
          <string>cn=admin</string>
          <key>locations</key>
          <string>cn=admin</string>
          <key>resources</key>
          <string>cn=admin</string>
          <key>addresses</key>
          <string>cn=admin</string>
        </dict>
        <key>mapping</key>
        <dict>
          <key>loginAllowed</key>
          <string>ldap-boolean-field</string>
          <key>uid</key>
          <array>
            <string>cn</string>
          </array>
          <key>guid</key>
          <array>
            <string>uidNumber</string>
          </array>
          <key>shortNames</key>
          <array>
            <string>uid</string>
          </array>
          <key>fullNames</key>
          <array>
            <string>sn</string>
          </array>
          <key>emailAddresses</key>
          <array>
            <string>mail</string>
          </array>
        </dict>
      </dict>
    </dict>

[m0rgen]

As of this commit, you don't have to include loginAllowed if you don't want to control whether a user can log in or not via an LDAP attribute:

https://github.com/apple/ccs-calendarserver/commit/a92d8a50669e834af2e4a93b812f0c298379ce1f