Mailing List Archive

Shared calendars with different permissions from LDAP
Dear list,

I went back until 2012 in the archives but didn’t find an answer.

I thought my wanted setup would be kind of standard. And maybe it is, hence no one ever asked. ;-)

Is it possible to get this done with davical and LDAP-Authentication?

Wanted setup:
Calendar1: Access R/W for User1 and User2
Calendar2: Acesss R/W for User1 and User2, only Read Access for User3, User4, User5 (and more to come)

LDAP config:
LDAPgroupWrite consists of User1 and User2.
LDAPgroupRead consists of User3 to UserZ.

I’ve successfully imported/synced LDAP users and groups.
I know it can be done with giving detailed access to _users_ inside of davical's admin pages.

But I would rather not do the double work and just change existing or add new users to the groups in LDAP (and not touching davical access rights).

Thanks for any hint!

Tino






_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Shared calendars with different permissions from LDAP [ In reply to ]
Hi Tino,

On Tue, Jun 18, 2019 at 01:37:11PM +0200, Tino Hendricks wrote:
>
> I went back until 2012 in the archives but didn’t find an answer.

have a look at the wiki:

http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP
http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP_groups

--
Regards,

Benny


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Shared calendars with different permissions from LDAP [ In reply to ]
Hi Benny,

thanks for your answer.

I was playing around with these examples and was successful with syncing groups and users.
But – from my example – member „User1“ doesn’t get access to Calendar of the Principal „group LDAPgroupWrite“.
I have to grant access in the davical admin page. Which I would like to avoid.

I have the impression that at least in my setup Davical doesn’t resolve LDAP group memberships.

„LDAPgroupWrite“ ist the name of the group.


Log:
[Tue Jun 18 17:08:27.726661 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :Response status 403 for PROPFIND /davical/caldav.php/LDAPgroupWrite/
[Tue Jun 18 17:08:27.726696 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :***************** Response Header ****************
[Tue Jun 18 17:08:27.726709 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->X-Powered-By: PHP/7.2.19
[Tue Jun 18 17:08:27.726713 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->Server: 1.1
[Tue Jun 18 17:08:27.726717 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
[Tue Jun 18 17:08:27.726720 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
[Tue Jun 18 17:08:27.726724 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->X-DAViCal-Version: DAViCal/1.1.8; DB/1.3.3
[Tue Jun 18 17:08:27.726727 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->Content-type: text/xml; charset="utf-8"
[Tue Jun 18 17:08:27.726731 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :******************** Response ********************
[Tue Jun 18 17:08:27.726753 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--><?xml version="1.0" encoding="utf-8" ?>
[Tue Jun 18 17:08:27.726763 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--><error xmlns="DAV:">
[Tue Jun 18 17:08:27.726769 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <need-privileges>
[Tue Jun 18 17:08:27.726777 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <resource>
[Tue Jun 18 17:08:27.726783 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <href>/davical/caldav.php/LDAPgroupWrite/</href>
[Tue Jun 18 17:08:27.726788 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <privilege>
[Tue Jun 18 17:08:27.726794 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <read/>
[Tue Jun 18 17:08:27.726799 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </privilege>
[Tue Jun 18 17:08:27.726804 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </resource>
[Tue Jun 18 17:08:27.726811 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </need-privileges>
[Tue Jun 18 17:08:27.726816 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--></error>
[Tue Jun 18 17:08:27.726823 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:-->


If you have any more ideas I’m more than happy to read! :-)

Thanks and all the best

Tino

> Am 18.06.2019 um 16:57 schrieb Benjamin Hagemann <benny@benny.de>:
>
> Hi Tino,
>
> On Tue, Jun 18, 2019 at 01:37:11PM +0200, Tino Hendricks wrote:
>>
>> I went back until 2012 in the archives but didn’t find an answer.
>
> have a look at the wiki:
>
> http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP
> http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP_groups
>
> --
> Regards,
>
> Benny



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Shared calendars with different permissions from LDAP [ In reply to ]
Oh, and output from LDAP

ldapsearch -b "dc=domain,dc=com" -s subtree "(cn=LDAPgroupWrite)" -Y EXTERNAL -H ldapi:///
dn: cn=LDAPgroupWrite,ou=accessgroups,dc=domain,dc=com
objectClass: groupOfNames
cn: LDAPgroupWrite
description: Calendar User1 User2
member: cn=User1,ou=master,dc=domain,dc=com
member: cn=User2,ou=master,dc=domain,dc=com



> Am 18.06.2019 um 17:15 schrieb Tino Hendricks <t.hendricks@interpool.de>:
>
> Hi Benny,
>
> thanks for your answer.
>
> I was playing around with these examples and was successful with syncing groups and users.
> But – from my example – member „User1“ doesn’t get access to Calendar of the Principal „group LDAPgroupWrite“.
> I have to grant access in the davical admin page. Which I would like to avoid.
>
> I have the impression that at least in my setup Davical doesn’t resolve LDAP group memberships.
>
> „LDAPgroupWrite“ ist the name of the group.
>
>
> Log:
> [Tue Jun 18 17:08:27.726661 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :Response status 403 for PROPFIND /davical/caldav.php/LDAPgroupWrite/
> [Tue Jun 18 17:08:27.726696 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :***************** Response Header ****************
> [Tue Jun 18 17:08:27.726709 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->X-Powered-By: PHP/7.2.19
> [Tue Jun 18 17:08:27.726713 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->Server: 1.1
> [Tue Jun 18 17:08:27.726717 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
> [Tue Jun 18 17:08:27.726720 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
> [Tue Jun 18 17:08:27.726724 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->X-DAViCal-Version: DAViCal/1.1.8; DB/1.3.3
> [Tue Jun 18 17:08:27.726727 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: headers:-->Content-type: text/xml; charset="utf-8"
> [Tue Jun 18 17:08:27.726731 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: :******************** Response ********************
> [Tue Jun 18 17:08:27.726753 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--><?xml version="1.0" encoding="utf-8" ?>
> [Tue Jun 18 17:08:27.726763 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--><error xmlns="DAV:">
> [Tue Jun 18 17:08:27.726769 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <need-privileges>
> [Tue Jun 18 17:08:27.726777 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <resource>
> [Tue Jun 18 17:08:27.726783 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <href>/davical/caldav.php/LDAPgroupWrite/</href>
> [Tue Jun 18 17:08:27.726788 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <privilege>
> [Tue Jun 18 17:08:27.726794 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> <read/>
> [Tue Jun 18 17:08:27.726799 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </privilege>
> [Tue Jun 18 17:08:27.726804 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </resource>
> [Tue Jun 18 17:08:27.726811 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--> </need-privileges>
> [Tue Jun 18 17:08:27.726816 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:--></error>
> [Tue Jun 18 17:08:27.726823 2019] [php7:notice] [pid 8165] [client XXX.XX.XXX.XXX:49386] davical: LOG: response:-->
>
>
> If you have any more ideas I’m more than happy to read! :-)
>
> Thanks and all the best
>
> Tino
>
>> Am 18.06.2019 um 16:57 schrieb Benjamin Hagemann <benny@benny.de>:
>>
>> Hi Tino,
>>
>> On Tue, Jun 18, 2019 at 01:37:11PM +0200, Tino Hendricks wrote:
>>>
>>> I went back until 2012 in the archives but didn’t find an answer.
>>
>> have a look at the wiki:
>>
>> http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP
>> http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP_groups
>>
>> --
>> Regards,
>>
>> Benny
>
>
>
> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Shared calendars with different permissions from LDAP [ In reply to ]
Hi Tino,

On Tue, Jun 18, 2019 at 05:15:34PM +0200, Tino Hendricks wrote:
>
> thanks for your answer.
>
> I was playing around with these examples and was successful with syncing groups and users.
> But – from my example – member „User1“ doesn’t get access to Calendar of the Principal „group LDAPgroupWrite“.
> I have to grant access in the davical admin page. Which I would like to avoid.
>
> I have the impression that at least in my setup Davical doesn’t resolve LDAP group memberships.
>
> „LDAPgroupWrite“ ist the name of the group.

without check old configs.
I have a weak memory, when you use ldap-auth you have to set the admin-flag in postgresql again...

https://www.davical.org/administration.php

--
Regards, Benny


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general