[Calendarserver-maintainers] Bug#499963: Bug#499963: calendarserver: caldavd fails to authenticate and autocreate principal when running with NssDirectoryService
agx at sigxcpu.org
Thu Oct 2 07:31:30 UTC 2008
On Wed, Oct 01, 2008 at 04:24:58PM -0700, Ben Poliakoff wrote:
> Alright I see what's going on. The NssDirectoryService is required by
> the DirectoryService class to support three methods:
Thanks for debugging this! Now that we knew that the xml service works I
was about to let you add debug code that prints out the users found in
listRecords but you found out yourself already.
> My server is configured to use files and LDAP for NSS calls. We have
> several thousand users in our LDAP directory and implement the default
> limit of 500 search results. As a result 'getent passwd' returns
> a subset of all valid accounts (not including the 'benp' account).
Yes, the nss service is basically meant for smaller installations as a
quick means of not having double account maintenance, it's far to slow
for that many users (calendarsever itself will have problems with this
itlself - at least in 1.2).
This can be used if only a few users need a calendar: add an hasCalendar
attribute to every PosixAccount and filter in libnss-ldap by using the
(in case you use a separate machine for the calendar server). I'm doing
something similar to cut down on the number of groups being looked at.
> I think I might take a stab at writing a generic LDAPDirectoryService
> using your NssDirectoryService as an example.
There's already code in the calendarserver.org bugtracker for that. It
might be worth testing it out and reporting back.
> So in the end this isn't really a bug with NssDirectoryService; but it's
> probably worth noting in the documentation that NssDirectoryService will
> only work properly within an environment where *all* valid users can be
> retrieved via the equivalent of 'getent passwd'.
I'll add that, thanks.
> Sorry for the trouble, and thanks for your time!
Thanks for debugging this.
More information about the Calendarserver-maintainers