Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. DAViCal>
  3. General
Problem with configuration of caldavzap (concerning PROPFIND)
sebastian.kotthoff at rz
Oct 7, 2015, 1:09 AM
Post #1 of 7 (2913 views)
Permalink
Hello dear Davical team,

I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .

It is quite special but I try to explain.
We configured an ressource in davical "polwiss3" with some calendars
- polwiss3/arbeitszeiten_hiwis
- polwiss3/konferenzen
- ...

There is also some davical-user "hiwipol3" which has Write (full) access to
"polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
In Thunderbird Lightning, everything is working fine, since there we enter the whole calender URL.

Caldavzap is configured like:

var globalNetworkCheckSettings={href: 'https://DAVICAL_SERVER/davical/caldav.php/', additionalResources: ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut: 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [], ignoreAlarms: true}

As I figured out, caldavzap is doing a PROPFIND to https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials of "hiwipol3".

The Problem is now:
1.
- if hiwipol3 has no "READ" access to the ressource "polwiss3", caldavzap is getting error:
"Error: [netFindResource: 'PROPFIND https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code: '403' status: 'error'"

(default privileges to polwiss3 I set to:
- Read Access Controls
- Read Current User's Access
- Read Free/Busy Information
- Scheduling: all the scheduling stuff enabled
)

2.
- if hiwipol3 has additionally read access to the ressource "polwiss3":
- I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap, but it is only READ_ABLE, not write-able like configurted
in davical
- If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access), caldavzap is hanging and is not loading any calendar

-> the second point may be a problem of caldavzap, I did not investigate this further
-> the first point I checked, it is coded at bottom of inc/caldav-PROPFIND.php
------------
/**
* Something that we can handle, at least roughly correctly.
*/
$responses = array();
if ( $request->IsProxyRequest() ) {
$response = add_proxy_response($request->proxy_type, $request->principal->dav_name() );
if ( isset($response) ) $responses[] = $response;
}
else {
$resource = new DAVResource($request->path);
if ( ! $resource->Exists() ) {
$request->PreconditionFailed( 404, 'must-exist', translate('That resource is not present on this server.') );
}
$resource->NeedPrivilege('DAV::read');
...
------------

Or is there a trick in configuration and I did something wrong?

Thanks,

Sebastian

--
Sebastian Kotthoff
Rechenzentrum
Universität Mannheim
B6, 23-29; Building B; Room 1.10
68159 Mannheim

Tel: +49 621 181 2516
Fax: +49 621 181 2682

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
jan.mate at inf-it
Oct 7, 2015, 2:09 AM
Post #2 of 7 (2897 views)
Permalink
Hi Sebastian,


in general CalDavZAP & InfCloud must work with shared calendars/addressbooks (without this feature we cannot work in our company).

Correct setup:

1.) fix your configuration
var globalNetworkCheckSettings={href: 'https://DAVICAL_SERVER/davical/caldav.php/', additionalResources: [], forceReadOnly: null, settingsAccount: true, timeOut: 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [], ignoreAlarms: true}

note: do not forget the execute ./cache_update.sh after the configuration change

2.) you must set at least read privilege for the principal (hiwipol3 must have at least read access to polwiss3) => without this privilege CalDavZAP & InfCloud cannot get the list of calendars, thus cannot process them

3.) you must set write privilege for the given calendar


Cheers,


JM



> On 07 Oct 2015, at 10:09, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
>
> Hello dear Davical team,
>
> I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .
>
> It is quite special but I try to explain.
> We configured an ressource in davical "polwiss3" with some calendars
> - polwiss3/arbeitszeiten_hiwis
> - polwiss3/konferenzen
> - ...
>
> There is also some davical-user "hiwipol3" which has Write (full) access to
> "polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
> In Thunderbird Lightning, everything is working fine, since there we enter the whole calender URL.
>
> Caldavzap is configured like:
>
> var globalNetworkCheckSettings={href: 'https://DAVICAL_SERVER/davical/caldav.php/', additionalResources: ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut: 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [], ignoreAlarms: true}
>
> As I figured out, caldavzap is doing a PROPFIND to https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials of "hiwipol3".
>
> The Problem is now:
> 1.
> - if hiwipol3 has no "READ" access to the ressource "polwiss3", caldavzap is getting error:
> "Error: [netFindResource: 'PROPFIND https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code: '403' status: 'error'"
>
> (default privileges to polwiss3 I set to:
> - Read Access Controls
> - Read Current User's Access
> - Read Free/Busy Information
> - Scheduling: all the scheduling stuff enabled
> )
>
> 2.
> - if hiwipol3 has additionally read access to the ressource "polwiss3":
> - I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap, but it is only READ_ABLE, not write-able like configurted
> in davical
> - If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access), caldavzap is hanging and is not loading any calendar
>
> -> the second point may be a problem of caldavzap, I did not investigate this further
> -> the first point I checked, it is coded at bottom of inc/caldav-PROPFIND.php
> ------------
> /**
> * Something that we can handle, at least roughly correctly.
> */
> $responses = array();
> if ( $request->IsProxyRequest() ) {
> $response = add_proxy_response($request->proxy_type, $request->principal->dav_name() );
> if ( isset($response) ) $responses[] = $response;
> }
> else {
> $resource = new DAVResource($request->path);
> if ( ! $resource->Exists() ) {
> $request->PreconditionFailed( 404, 'must-exist', translate('That resource is not present on this server.') );
> }
> $resource->NeedPrivilege('DAV::read');
> ...
> ------------
>
> Or is there a trick in configuration and I did something wrong?
>
> Thanks,
>
> Sebastian
>
> --
> Sebastian Kotthoff
> Rechenzentrum
> Universität Mannheim
> B6, 23-29; Building B; Room 1.10
> 68159 Mannheim
>
> Tel: +49 621 181 2516
> Fax: +49 621 181 2682
> ------------------------------------------------------------------------------
> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
> Physical-Virtual-Cloud Infrastructure monitoring from one console
> Real user monitoring with APM Insights and performance trend reports
> Learn More http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
sebastian.kotthoff at rz
Oct 7, 2015, 3:31 AM
Post #3 of 7 (2887 views)
Permalink
Hi Jan,

thanks for help!

You are right. Caldavzap finds the calendars even without "additionalResources" great!

But one problem still exist, polwiss3/arbeitszeiten_hiwis is not write-able in caldavzap
(in ligthning it is)

I configured for hiwipol3:
polwiss3: READ, Override a Lock, Read Access Controls, Read Current User's Access,
Create Events/Collections, Read Free/Busy Information and all the
schedule stuff

polwiss3/arbeitszeiten_hiwis:
Default Priviliges YES
ALL Priviliges activated



I think a workaround would be to configure two ressources
"polwiss3" + "polwiss3_hiwis" but this is not so nice.

Thanks Sebastian





On Wed, Oct 07, 2015 at 11:09:46AM +0200, Ján Máté wrote:
> Hi Sebastian,
> in general CalDavZAP & InfCloud must work with shared
> calendars/addressbooks (without this feature we cannot work in our
> company).
> Correct setup:
> 1.) fix your configuration
>
> var globalNetworkCheckSettings={href:
> '[1]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> [], forceReadOnly: null, settingsAccount: true, timeOut:
> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> ignoreAlarms: true}
>
> => there is NO reason (and it is completely illogical) to use
> additionalResources for servers that support delegation (e.g. DAViCal)
>
> note: do not forget the execute ./cache_update.sh after the
> configuration change
>
> 2.) you must set at least read privilege for the principal (hiwipol3 must
> have at least read access to polwiss3) => without this privilege CalDavZAP
> & InfCloud cannot get the list of calendars, thus cannot process them
> 3.) you must set write privilege for the given calendar
> Cheers,
> JM
>
> On 07 Oct 2015, at 10:09, skotthof
> <[2]sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> Hello dear Davical team,
>
> I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .
>
> It is quite special but I try to explain.
> We configured an ressource in davical "polwiss3" with some calendars
> - polwiss3/arbeitszeiten_hiwis
> - polwiss3/konferenzen
> - ...
>
> There is also some davical-user "hiwipol3" which has Write (full) access
> to
> "polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
> In Thunderbird Lightning, everything is working fine, since there we
> enter the whole calender URL.
>
> Caldavzap is configured like:
>
> var globalNetworkCheckSettings={href:
> '[3]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut:
> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> ignoreAlarms: true}
>
> As I figured out, caldavzap is doing a PROPFIND to
> [4]https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials
> of "hiwipol3".
>
> The Problem is now:
> 1.
> - if hiwipol3 has no "READ" access to the ressource "polwiss3",
> caldavzap is getting error:
>   "Error: [netFindResource: 'PROPFIND
> [5]https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code:
> '403' status: 'error'"
>
>   (default privileges to polwiss3 I set to:
>    - Read Access Controls
>    - Read Current User's Access
>    - Read Free/Busy Information
>    - Scheduling: all the scheduling stuff enabled
>   )
>
> 2.
> - if hiwipol3 has additionally read access to the ressource "polwiss3":
>   - I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap,
> but it is only READ_ABLE, not write-able like configurted
>     in davical
>   - If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access),
> caldavzap is hanging and is not loading any calendar
>
> -> the second point may be a problem of caldavzap, I did not investigate
> this further
> -> the first point I checked, it is coded at bottom of
> inc/caldav-PROPFIND.php
> ------------
> /**
> * Something that we can handle, at least roughly correctly.
> */
> $responses = array();
> if ( $request->IsProxyRequest() ) {
>  $response = add_proxy_response($request->proxy_type,
> $request->principal->dav_name() );
>  if ( isset($response) ) $responses[] = $response;
> }
> else {
>  $resource = new DAVResource($request->path);
>  if ( ! $resource->Exists() ) {
>    $request->PreconditionFailed( 404, 'must-exist', translate('That
> resource is not present on this server.') );
>  }
>  $resource->NeedPrivilege('DAV::read');
> ...
> ------------
>
> Or is there a trick in configuration and I did something wrong?
>
> Thanks,
>
> Sebastian
>
> --
> Sebastian Kotthoff
> Rechenzentrum
> Universit�t Mannheim
> B6, 23-29; Building B; Room 1.10
> 68159 Mannheim
>
> Tel: +49 621 181 2516
> Fax: +49 621 181 2682
> ------------------------------------------------------------------------------
> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
> Physical-Virtual-Cloud Infrastructure monitoring from one console
> Real user monitoring with APM Insights and performance trend reports
> Learn More
> [6]http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> Davical-general mailing list
> [7]Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general
>
> References
>
> Visible links
> 1. https://davical_server/davical/caldav.php/'
> 2. mailto:sebastian.kotthoff@rz.uni-mannheim.de
> 3. https://davical_server/davical/caldav.php/'
> 4. https://davical_server/davical/caldav.php/polwiss3
> 5. https://hiwipol3@davical_server/davical/caldav.php/polwiss3/']:
> 6. http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> 7. mailto:Davical-general@lists.sourceforge.net



--
Sebastian Kotthoff
Rechenzentrum
Universität Mannheim
B6, 23-29; Building B; Room 1.10
68159 Mannheim

Tel: +49 621 181 2516
Fax: +49 621 181 2682

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
jan.mate at inf-it
Oct 7, 2015, 3:51 AM
Post #4 of 7 (2881 views)
Permalink
Hi Sebastion,

this setup is WRONG. If you check the "Default privileges" checkbox, it means that the collection inherits privileges from principal (in your case inherits the read-only privilege).

You must:

1.) click to the collection you want to edit
2.) uncheck the "Default privileges" and CLICK TO "APPLY CHANGES"
3.) in the "Collection Grants" section select the user you want to grant privilege (in your case hiwipol3), then select the privileges from the list box (or click to "Read/Write" button which pre-selects the given privileges) and then CLICK TO "GRANT" (at the right)

Thanks all,


JM

> On 07 Oct 2015, at 12:31, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
>
>
> Hi Jan,
>
> thanks for help!
>
> You are right. Caldavzap finds the calendars even without "additionalResources" great!
>
> But one problem still exist, polwiss3/arbeitszeiten_hiwis is not write-able in caldavzap
> (in ligthning it is)
>
> I configured for hiwipol3:
> polwiss3: READ, Override a Lock, Read Access Controls, Read Current User's Access,
> Create Events/Collections, Read Free/Busy Information and all the
> schedule stuff
>
> polwiss3/arbeitszeiten_hiwis:
> Default Priviliges YES
> ALL Priviliges activated
>
>
>
> I think a workaround would be to configure two ressources
> "polwiss3" + "polwiss3_hiwis" but this is not so nice.
>
> Thanks Sebastian
>
>
>
>
>
> On Wed, Oct 07, 2015 at 11:09:46AM +0200, Ján Máté wrote:
>> Hi Sebastian,
>> in general CalDavZAP & InfCloud must work with shared
>> calendars/addressbooks (without this feature we cannot work in our
>> company).
>> Correct setup:
>> 1.) fix your configuration
>>
>> var globalNetworkCheckSettings={href:
>> '[1]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
>> [], forceReadOnly: null, settingsAccount: true, timeOut:
>> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
>> ignoreAlarms: true}
>>
>> => there is NO reason (and it is completely illogical) to use
>> additionalResources for servers that support delegation (e.g. DAViCal)
>>
>> note: do not forget the execute ./cache_update.sh after the
>> configuration change
>>
>> 2.) you must set at least read privilege for the principal (hiwipol3 must
>> have at least read access to polwiss3) => without this privilege CalDavZAP
>> & InfCloud cannot get the list of calendars, thus cannot process them
>> 3.) you must set write privilege for the given calendar
>> Cheers,
>> JM
>>
>> On 07 Oct 2015, at 10:09, skotthof
>> <[2]sebastian.kotthoff@rz.uni-mannheim.de> wrote:
>> Hello dear Davical team,
>>
>> I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .
>>
>> It is quite special but I try to explain.
>> We configured an ressource in davical "polwiss3" with some calendars
>> - polwiss3/arbeitszeiten_hiwis
>> - polwiss3/konferenzen
>> - ...
>>
>> There is also some davical-user "hiwipol3" which has Write (full) access
>> to
>> "polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
>> In Thunderbird Lightning, everything is working fine, since there we
>> enter the whole calender URL.
>>
>> Caldavzap is configured like:
>>
>> var globalNetworkCheckSettings={href:
>> '[3]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
>> ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut:
>> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
>> ignoreAlarms: true}
>>
>> As I figured out, caldavzap is doing a PROPFIND to
>> [4]https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials
>> of "hiwipol3".
>>
>> The Problem is now:
>> 1.
>> - if hiwipol3 has no "READ" access to the ressource "polwiss3",
>> caldavzap is getting error:
>> "Error: [netFindResource: 'PROPFIND
>> [5]https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code:
>> '403' status: 'error'"
>>
>> (default privileges to polwiss3 I set to:
>> - Read Access Controls
>> - Read Current User's Access
>> - Read Free/Busy Information
>> - Scheduling: all the scheduling stuff enabled
>> )
>>
>> 2.
>> - if hiwipol3 has additionally read access to the ressource "polwiss3":
>> - I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap,
>> but it is only READ_ABLE, not write-able like configurted
>> in davical
>> - If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access),
>> caldavzap is hanging and is not loading any calendar
>>
>> -> the second point may be a problem of caldavzap, I did not investigate
>> this further
>> -> the first point I checked, it is coded at bottom of
>> inc/caldav-PROPFIND.php
>> ------------
>> /**
>> * Something that we can handle, at least roughly correctly.
>> */
>> $responses = array();
>> if ( $request->IsProxyRequest() ) {
>> $response = add_proxy_response($request->proxy_type,
>> $request->principal->dav_name() );
>> if ( isset($response) ) $responses[] = $response;
>> }
>> else {
>> $resource = new DAVResource($request->path);
>> if ( ! $resource->Exists() ) {
>> $request->PreconditionFailed( 404, 'must-exist', translate('That
>> resource is not present on this server.') );
>> }
>> $resource->NeedPrivilege('DAV::read');
>> ...
>> ------------
>>
>> Or is there a trick in configuration and I did something wrong?
>>
>> Thanks,
>>
>> Sebastian
>>
>> --
>> Sebastian Kotthoff
>> Rechenzentrum
>> Universit�t Mannheim
>> B6, 23-29; Building B; Room 1.10
>> 68159 Mannheim
>>
>> Tel: +49 621 181 2516
>> Fax: +49 621 181 2682
>> ------------------------------------------------------------------------------
>> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
>> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
>> Physical-Virtual-Cloud Infrastructure monitoring from one console
>> Real user monitoring with APM Insights and performance trend reports
>> Learn More
>> [6]http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
>> Davical-general mailing list
>> [7]Davical-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/davical-general
>>
>> References
>>
>> Visible links
>> 1. https://davical_server/davical/caldav.php/'
>> 2. mailto:sebastian.kotthoff@rz.uni-mannheim.de
>> 3. https://davical_server/davical/caldav.php/'
>> 4. https://davical_server/davical/caldav.php/polwiss3
>> 5. https://hiwipol3@davical_server/davical/caldav.php/polwiss3/']:
>> 6. http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
>> 7. mailto:Davical-general@lists.sourceforge.net
>
>
>
> --
> Sebastian Kotthoff
> Rechenzentrum
> Universität Mannheim
> B6, 23-29; Building B; Room 1.10
> 68159 Mannheim
>
> Tel: +49 621 181 2516
> Fax: +49 621 181 2682

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
sebastian.kotthoff at rz
Oct 7, 2015, 8:42 AM
Post #5 of 7 (2875 views)
Permalink
Thanks Jan,

still have the problem, that the ressource must be also writeable if the collection should be writeable.
Is this correct?
In Lightning it is working also with simpel basic read free/busy support on the ressource (default privileges).
So I think this is some caldavzap issue.

Should I just add write-support to all ressources for the users need to write collections there
or is there a better way?
Because the users may be able to create new collection on the ressource.

Thank you for help,

Sebastian

:wq

On Wed, Oct 07, 2015 at 12:51:34PM +0200, Ján Máté wrote:
> Hi Sebastion,
>
> this setup is WRONG. If you check the "Default privileges" checkbox, it means that the collection inherits privileges from principal (in your case inherits the read-only privilege).
>
> You must:
>
> 1.) click to the collection you want to edit
> 2.) uncheck the "Default privileges" and CLICK TO "APPLY CHANGES"
> 3.) in the "Collection Grants" section select the user you want to grant privilege (in your case hiwipol3), then select the privileges from the list box (or click to "Read/Write" button which pre-selects the given privileges) and then CLICK TO "GRANT" (at the right)
>
> Thanks all,
>
>
> JM
>
> > On 07 Oct 2015, at 12:31, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> >
> >
> > Hi Jan,
> >
> > thanks for help!
> >
> > You are right. Caldavzap finds the calendars even without "additionalResources" great!
> >
> > But one problem still exist, polwiss3/arbeitszeiten_hiwis is not write-able in caldavzap
> > (in ligthning it is)
> >
> > I configured for hiwipol3:
> > polwiss3: READ, Override a Lock, Read Access Controls, Read Current User's Access,
> > Create Events/Collections, Read Free/Busy Information and all the
> > schedule stuff
> >
> > polwiss3/arbeitszeiten_hiwis:
> > Default Priviliges YES
> > ALL Priviliges activated
> >
> >
> >
> > I think a workaround would be to configure two ressources
> > "polwiss3" + "polwiss3_hiwis" but this is not so nice.
> >
> > Thanks Sebastian
> >
> >
> >
> >
> >
> > On Wed, Oct 07, 2015 at 11:09:46AM +0200, Ján Máté wrote:
> >> Hi Sebastian,
> >> in general CalDavZAP & InfCloud must work with shared
> >> calendars/addressbooks (without this feature we cannot work in our
> >> company).
> >> Correct setup:
> >> 1.) fix your configuration
> >>
> >> var globalNetworkCheckSettings={href:
> >> '[1]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> >> [], forceReadOnly: null, settingsAccount: true, timeOut:
> >> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> >> ignoreAlarms: true}
> >>
> >> => there is NO reason (and it is completely illogical) to use
> >> additionalResources for servers that support delegation (e.g. DAViCal)
> >>
> >> note: do not forget the execute ./cache_update.sh after the
> >> configuration change
> >>
> >> 2.) you must set at least read privilege for the principal (hiwipol3 must
> >> have at least read access to polwiss3) => without this privilege CalDavZAP
> >> & InfCloud cannot get the list of calendars, thus cannot process them
> >> 3.) you must set write privilege for the given calendar
> >> Cheers,
> >> JM
> >>
> >> On 07 Oct 2015, at 10:09, skotthof
> >> <[2]sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> >> Hello dear Davical team,
> >>
> >> I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .
> >>
> >> It is quite special but I try to explain.
> >> We configured an ressource in davical "polwiss3" with some calendars
> >> - polwiss3/arbeitszeiten_hiwis
> >> - polwiss3/konferenzen
> >> - ...
> >>
> >> There is also some davical-user "hiwipol3" which has Write (full) access
> >> to
> >> "polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
> >> In Thunderbird Lightning, everything is working fine, since there we
> >> enter the whole calender URL.
> >>
> >> Caldavzap is configured like:
> >>
> >> var globalNetworkCheckSettings={href:
> >> '[3]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> >> ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut:
> >> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> >> ignoreAlarms: true}
> >>
> >> As I figured out, caldavzap is doing a PROPFIND to
> >> [4]https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials
> >> of "hiwipol3".
> >>
> >> The Problem is now:
> >> 1.
> >> - if hiwipol3 has no "READ" access to the ressource "polwiss3",
> >> caldavzap is getting error:
> >> "Error: [netFindResource: 'PROPFIND
> >> [5]https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code:
> >> '403' status: 'error'"
> >>
> >> (default privileges to polwiss3 I set to:
> >> - Read Access Controls
> >> - Read Current User's Access
> >> - Read Free/Busy Information
> >> - Scheduling: all the scheduling stuff enabled
> >> )
> >>
> >> 2.
> >> - if hiwipol3 has additionally read access to the ressource "polwiss3":
> >> - I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap,
> >> but it is only READ_ABLE, not write-able like configurted
> >> in davical
> >> - If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access),
> >> caldavzap is hanging and is not loading any calendar
> >>
> >> -> the second point may be a problem of caldavzap, I did not investigate
> >> this further
> >> -> the first point I checked, it is coded at bottom of
> >> inc/caldav-PROPFIND.php
> >> ------------
> >> /**
> >> * Something that we can handle, at least roughly correctly.
> >> */
> >> $responses = array();
> >> if ( $request->IsProxyRequest() ) {
> >> $response = add_proxy_response($request->proxy_type,
> >> $request->principal->dav_name() );
> >> if ( isset($response) ) $responses[] = $response;
> >> }
> >> else {
> >> $resource = new DAVResource($request->path);
> >> if ( ! $resource->Exists() ) {
> >> $request->PreconditionFailed( 404, 'must-exist', translate('That
> >> resource is not present on this server.') );
> >> }
> >> $resource->NeedPrivilege('DAV::read');
> >> ...
> >> ------------
> >>
> >> Or is there a trick in configuration and I did something wrong?
> >>
> >> Thanks,
> >>
> >> Sebastian
> >>
> >> --
> >> Sebastian Kotthoff
> >> Rechenzentrum
> >> Universit�t Mannheim
> >> B6, 23-29; Building B; Room 1.10
> >> 68159 Mannheim
> >>
> >> Tel: +49 621 181 2516
> >> Fax: +49 621 181 2682
> >> ------------------------------------------------------------------------------
> >> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
> >> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
> >> Physical-Virtual-Cloud Infrastructure monitoring from one console
> >> Real user monitoring with APM Insights and performance trend reports
> >> Learn More
> >> [6]http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> >> Davical-general mailing list
> >> [7]Davical-general@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/davical-general
> >>
> >> References
> >>
> >> Visible links
> >> 1. https://davical_server/davical/caldav.php/'
> >> 2. mailto:sebastian.kotthoff@rz.uni-mannheim.de
> >> 3. https://davical_server/davical/caldav.php/'
> >> 4. https://davical_server/davical/caldav.php/polwiss3
> >> 5. https://hiwipol3@davical_server/davical/caldav.php/polwiss3/']:
> >> 6. http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> >> 7. mailto:Davical-general@lists.sourceforge.net
> >
> >
> >
> > --
> > Sebastian Kotthoff
> > Rechenzentrum
> > Universität Mannheim
> > B6, 23-29; Building B; Room 1.10
> > 68159 Mannheim
> >
> > Tel: +49 621 181 2516
> > Fax: +49 621 181 2682
>



--
Sebastian Kotthoff
Rechenzentrum
Universität Mannheim
B6, 23-29; Building B; Room 1.10
68159 Mannheim

Tel: +49 621 181 2516
Fax: +49 621 181 2682

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
sebastian.kotthoff at rz
Oct 9, 2015, 2:06 AM
Post #6 of 7 (2869 views)
Permalink
Hi Jan,

I got it.
Sorry, was my stupidness at all.

What is right is, that caldavzap is not able to detect the
priviliges of the collections in right way. (writing "!", or "Readonly-sign")

But this is only a cosmetic issue, because the server has to say the last word.
So If I try to add an event to an only readable calender, I got "permission denied"
in caldavzap - this is completely OK. (sorry never tested this really before,
I was blinded by the GUI)

Forbidden collections are printed only as "Busy" this is also fine.

A small issue I still have is:
If a user has access to a /resource but completly no access to the /resource/collection
(even no read-free/busy) and this collection is activated in caldavzap,
caldavzap shows only a white window with "unable to load resource" error.

Thanks,

Sebastian

On Wed, Oct 07, 2015 at 06:40:34PM +0200, Ján Máté wrote:
> Send me a screenshot of your principal + collection screens. Also note that if you use memcached then privileges are cached thus even if you change them the old privileges are used (DAViCal bug).
>
>
> JM
>
>
>
> > On 07 Oct 2015, at 14:13, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> >
> >
> > Hi Jan,
> >
> > thanks again!
> > This makes no difference for me.
> > If figured out, that if I make the whole ressource "polwiss3" write-able to hiwipol3,
> > than the callendar polwiss3/arbeitszeiten_hiwis is also write-able.
> >
> > Is this the right way? As I told, in thunderbird lightning everything is working fine
> > also with the earlier settings..
> >
> > Thanks
> >
> > Sebastian
> >
> > On Wed, Oct 07, 2015 at 12:51:34PM +0200, Ján Máté wrote:
> >> Hi Sebastion,
> >>
> >> this setup is WRONG. If you check the "Default privileges" checkbox, it means that the collection inherits privileges from principal (in your case inherits the read-only privilege).
> >>
> >> You must:
> >>
> >> 1.) click to the collection you want to edit
> >> 2.) uncheck the "Default privileges" and CLICK TO "APPLY CHANGES"
> >> 3.) in the "Collection Grants" section select the user you want to grant privilege (in your case hiwipol3), then select the privileges from the list box (or click to "Read/Write" button which pre-selects the given privileges) and then CLICK TO "GRANT" (at the right)
> >>
> >> Thanks all,
> >>
> >>
> >> JM
> >>
> >>> On 07 Oct 2015, at 12:31, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> >>>
> >>>
> >>> Hi Jan,
> >>>
> >>> thanks for help!
> >>>
> >>> You are right. Caldavzap finds the calendars even without "additionalResources" great!
> >>>
> >>> But one problem still exist, polwiss3/arbeitszeiten_hiwis is not write-able in caldavzap
> >>> (in ligthning it is)
> >>>
> >>> I configured for hiwipol3:
> >>> polwiss3: READ, Override a Lock, Read Access Controls, Read Current User's Access,
> >>> Create Events/Collections, Read Free/Busy Information and all the
> >>> schedule stuff
> >>>
> >>> polwiss3/arbeitszeiten_hiwis:
> >>> Default Priviliges YES
> >>> ALL Priviliges activated
> >>>
> >>>
> >>>
> >>> I think a workaround would be to configure two ressources
> >>> "polwiss3" + "polwiss3_hiwis" but this is not so nice.
> >>>
> >>> Thanks Sebastian
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, Oct 07, 2015 at 11:09:46AM +0200, Ján Máté wrote:
> >>>> Hi Sebastian,
> >>>> in general CalDavZAP & InfCloud must work with shared
> >>>> calendars/addressbooks (without this feature we cannot work in our
> >>>> company).
> >>>> Correct setup:
> >>>> 1.) fix your configuration
> >>>>
> >>>> var globalNetworkCheckSettings={href:
> >>>> '[1]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> >>>> [], forceReadOnly: null, settingsAccount: true, timeOut:
> >>>> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> >>>> ignoreAlarms: true}
> >>>>
> >>>> => there is NO reason (and it is completely illogical) to use
> >>>> additionalResources for servers that support delegation (e.g. DAViCal)
> >>>>
> >>>> note: do not forget the execute ./cache_update.sh after the
> >>>> configuration change
> >>>>
> >>>> 2.) you must set at least read privilege for the principal (hiwipol3 must
> >>>> have at least read access to polwiss3) => without this privilege CalDavZAP
> >>>> & InfCloud cannot get the list of calendars, thus cannot process them
> >>>> 3.) you must set write privilege for the given calendar
> >>>> Cheers,
> >>>> JM
> >>>>
> >>>> On 07 Oct 2015, at 10:09, skotthof
> >>>> <[2]sebastian.kotthoff@rz.uni-mannheim.de> wrote:
> >>>> Hello dear Davical team,
> >>>>
> >>>> I have some problem with Davical 1.1.3.1 and Caldavzap 0.13 .
> >>>>
> >>>> It is quite special but I try to explain.
> >>>> We configured an ressource in davical "polwiss3" with some calendars
> >>>> - polwiss3/arbeitszeiten_hiwis
> >>>> - polwiss3/konferenzen
> >>>> - ...
> >>>>
> >>>> There is also some davical-user "hiwipol3" which has Write (full) access
> >>>> to
> >>>> "polwiss3/arbeitszeiten_hiwis", but no access to the other calendars.
> >>>> In Thunderbird Lightning, everything is working fine, since there we
> >>>> enter the whole calender URL.
> >>>>
> >>>> Caldavzap is configured like:
> >>>>
> >>>> var globalNetworkCheckSettings={href:
> >>>> '[3]https://DAVICAL_SERVER/davical/caldav.php/', additionalResources:
> >>>> ['polwiss3', ... ], forceReadOnly: null, settingsAccount: true, timeOut:
> >>>> 30000, lockTimeOut: 10000, delegation: true, backgroundCalendars: [],
> >>>> ignoreAlarms: true}
> >>>>
> >>>> As I figured out, caldavzap is doing a PROPFIND to
> >>>> [4]https://DAVICAL_SERVER/davical/caldav.php/polwiss3 with credentials
> >>>> of "hiwipol3".
> >>>>
> >>>> The Problem is now:
> >>>> 1.
> >>>> - if hiwipol3 has no "READ" access to the ressource "polwiss3",
> >>>> caldavzap is getting error:
> >>>> "Error: [netFindResource: 'PROPFIND
> >>>> [5]https://hiwipol3@DAVICAL_SERVER/davical/caldav.php/polwiss3/']: code:
> >>>> '403' status: 'error'"
> >>>>
> >>>> (default privileges to polwiss3 I set to:
> >>>> - Read Access Controls
> >>>> - Read Current User's Access
> >>>> - Read Free/Busy Information
> >>>> - Scheduling: all the scheduling stuff enabled
> >>>> )
> >>>>
> >>>> 2.
> >>>> - if hiwipol3 has additionally read access to the ressource "polwiss3":
> >>>> - I can enable the calendar polwiss3/arbeitszeiten_hiwis in caldavzap,
> >>>> but it is only READ_ABLE, not write-able like configurted
> >>>> in davical
> >>>> - If I try to enable "polwiss3/konferenzen" (hiwipol3 has no access),
> >>>> caldavzap is hanging and is not loading any calendar
> >>>>
> >>>> -> the second point may be a problem of caldavzap, I did not investigate
> >>>> this further
> >>>> -> the first point I checked, it is coded at bottom of
> >>>> inc/caldav-PROPFIND.php
> >>>> ------------
> >>>> /**
> >>>> * Something that we can handle, at least roughly correctly.
> >>>> */
> >>>> $responses = array();
> >>>> if ( $request->IsProxyRequest() ) {
> >>>> $response = add_proxy_response($request->proxy_type,
> >>>> $request->principal->dav_name() );
> >>>> if ( isset($response) ) $responses[] = $response;
> >>>> }
> >>>> else {
> >>>> $resource = new DAVResource($request->path);
> >>>> if ( ! $resource->Exists() ) {
> >>>> $request->PreconditionFailed( 404, 'must-exist', translate('That
> >>>> resource is not present on this server.') );
> >>>> }
> >>>> $resource->NeedPrivilege('DAV::read');
> >>>> ...
> >>>> ------------
> >>>>
> >>>> Or is there a trick in configuration and I did something wrong?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Sebastian
> >>>>
> >>>> --
> >>>> Sebastian Kotthoff
> >>>> Rechenzentrum
> >>>> Universit�t Mannheim
> >>>> B6, 23-29; Building B; Room 1.10
> >>>> 68159 Mannheim
> >>>>
> >>>> Tel: +49 621 181 2516
> >>>> Fax: +49 621 181 2682
> >>>> ------------------------------------------------------------------------------
> >>>> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
> >>>> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
> >>>> Physical-Virtual-Cloud Infrastructure monitoring from one console
> >>>> Real user monitoring with APM Insights and performance trend reports
> >>>> Learn More
> >>>> [6]http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> >>>> Davical-general mailing list
> >>>> [7]Davical-general@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/davical-general
> >>>>
> >>>> References
> >>>>
> >>>> Visible links
> >>>> 1. https://davical_server/davical/caldav.php/'
> >>>> 2. mailto:sebastian.kotthoff@rz.uni-mannheim.de
> >>>> 3. https://davical_server/davical/caldav.php/'
> >>>> 4. https://davical_server/davical/caldav.php/polwiss3
> >>>> 5. https://hiwipol3@davical_server/davical/caldav.php/polwiss3/']:
> >>>> 6. http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140_______________________________________________
> >>>> 7. mailto:Davical-general@lists.sourceforge.net
> >>>
> >>>
> >>>
> >>> --
> >>> Sebastian Kotthoff
> >>> Rechenzentrum
> >>> Universität Mannheim
> >>> B6, 23-29; Building B; Room 1.10
> >>> 68159 Mannheim
> >>>
> >>> Tel: +49 621 181 2516
> >>> Fax: +49 621 181 2682
> >>
> >
> >
> >
> > --
> > Sebastian Kotthoff
> > Rechenzentrum
> > Universität Mannheim
> > B6, 23-29; Building B; Room 1.10
> > 68159 Mannheim
> >
> > Tel: +49 621 181 2516
> > Fax: +49 621 181 2682
>



--
Sebastian Kotthoff
Rechenzentrum
Universität Mannheim
B6, 23-29; Building B; Room 1.10
68159 Mannheim

Tel: +49 621 181 2516
Fax: +49 621 181 2682

Attached Files:

Re: Problem with configuration of caldavzap (concerning PROPFIND) [ In reply to ]
jan.mate at inf-it
Oct 9, 2015, 2:22 AM
Post #7 of 7 (2867 views)
Permalink
Hi Skotthof,

if you can create a demo installation/demo access (and send me a private e-mail with URL+credentials) I will check it.


JM


> On 09 Oct 2015, at 11:06, skotthof <sebastian.kotthoff@rz.uni-mannheim.de> wrote:
>
>
> Hi Jan,
>
> I got it.
> Sorry, was my stupidness at all.
>
> What is right is, that caldavzap is not able to detect the
> priviliges of the collections in right way. (writing "!", or "Readonly-sign")
>
> But this is only a cosmetic issue, because the server has to say the last word.
> So If I try to add an event to an only readable calender, I got "permission denied"
> in caldavzap - this is completely OK. (sorry never tested this really before,
> I was blinded by the GUI)
>
> Forbidden collections are printed only as "Busy" this is also fine.
>
> A small issue I still have is:
> If a user has access to a /resource but completly no access to the /resource/collection
> (even no read-free/busy) and this collection is activated in caldavzap,
> caldavzap shows only a white window with "unable to load resource" error.
>
> Thanks,
>
> Sebastian

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal