[Calendarserver-maintainers] Bug#499963: Bug#499963: calendarserver: caldavd fails to authenticate and autocreate principal when running with NssDirectoryService
Ben Poliakoff
benp at reed.edu
Thu Sep 25 18:36:44 UTC 2008
* Guido Günther <agx at sigxcpu.org> [20080924 00:19]:
> severity 499963 normal
>
> On Tue, Sep 23, 2008 at 04:31:56PM -0700, Ben Poliakoff wrote:
> > I'm trying to use calendarserver's NssDirectoryService. I've configured
> > the service in /etc/caldavd/caldavd.plist, following the comments in the
> > module '/usr/share/pyshared/twistedcaldav/directory/nss.py'. I've also
> > configured Kerberos and SSL in /etc/caldavd/caldavd.plist.
> Does this help:
> http://honk.sigxcpu.org/con/tags/groupware/
>
> > However Apple's iCal client fails to connect to the calendarserver using
> > Kerberos.
> Could you try with e.g. firefox to browse the tree directly (need to set
> network.negotiate-auth.trusted-uris for kerberos)? The strange part is
> that you don't even get a ticket, so theres a problem with your kerberos
> setup in caldavd - until then there's no need to look further.
> -- Guido
Thanks, I sorted out the kerberos issues (I can now connect via Firefox
and Thunderbird/Lightning using kerberos auth).
I should probably mention that 'getent' calls for passwd and group
entries are working just fine, so the nss side if things seems to be in
order.
But I'm still not seeing "auto-provisioning" of calendars or
principals. When I connect with iCal (using the bare host url
"https://host.name.here:8443" I see this error:
Account information not found
Calendar https://host.name.here:8443/principals/users/benp/ could
not be found.
And I see these log entries from the calendarserver:
==> access.log <==
134.10.120.42 - - [25/Sep/2008:11:34:23 -0700] "PROPFIND \
/principals/users/benp/ HTTP/1.1" 404 138 "-" "DAVKit/3.0.4 (652); \
CalendarStore/3.0.5 (841); iCal/3.0.5 (1270); Mac OS X/10.5.5 (9F33)" \
[184.4 ms]
==> error.log <==
2008-09-25 11:34:23-0700 [-] [caldav-8008] \
[HTTPChannel,2,134.10.120.42] 'No principal found for UID: benp' \
2008-09-25 11:34:23-0700 [-] [caldav-8008] \
[HTTPChannel,2,134.10.120.42] "Attempt to create clone \
'/var/spool/caldavd/principals/users/benp' of resource \
<DirectoryPrincipalTypeProvisioningResource: \
/var/spool/caldavd/principals/users>"
And /var/spool/caldavd/principals/users/benp is not created (even though
the caldavd user has full privs on the /var/spool/caladavd directory).
Trying with another caldav client Thunderbird/Lightning (using the url
"https://host.name.here:8443/calendars/users/benp/calendar/" since
Lightning doesn't support the /principals stuff yet) my calendar is
marked as unavailable. Here are access.log entries from calendarserver
as I try to an event (*nothing* shows up in the error.log):
134.10.15.21 - - [25/Sep/2008:11:13:02 -0700] "PUT \
/calendars/users/benp/calendar/36cd9363-ffe6-4afd-9de2-0998e3f4f6ed.ics \
HTTP/1.1" 404 186 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; \
rv:1.8.1.16) Gecko/20080707 Lightning/0.9 Thunderbird/2.0.0.16" [190.6 \
ms]
134.10.15.21 - - [25/Sep/2008:11:14:10 -0700] "PROPFIND
/calendars/users/benp/calendar/ HTTP/1.1" 404 146 "-" "Mozilla/5.0 (X11; \
U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080707 Lightning/0.9 Thund \
erbird/2.0.0.16" [196.0 ms]
134.10.15.21 - - [25/Sep/2008:11:14:11 -0700] "OPTIONS \
/calendars/users/benp/ HTTP/1.1" 404 137 "-" "Mozilla/5.0 (X11; U; Linux \
i686; en-US; rv:1.8.1.16) Gecko/20080707 Lightning/0.9 Thunderbird/2.0 \
.0.16" [232.1 ms]
The PROPFIND/OPTIONS lines go on continuously until I quit Thunderbird.
--
________________________________________________________________________
PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/calendarserver-maintainers/attachments/20080925/1dad540d/attachment.pgp
More information about the Calendarserver-maintainers
mailing list