Configuring Calendar Server for LDAP

• To Configure Anonymous Access to LDAP

• To Configure LDAP Attendee Lookup

• To Configure Search Filters for LDAP Attendee Lookup

• To Configure LDAP Resource Lookup

• To Configure LDAP Mail-to-Calid Lookup

• To Configure Calendar Server to Use the User Preferences LDAP Directory

• To Configure User Preferences

• To Enable and Configure the LDAP Data Cache

• To Enable and Configure the LDAP SDK Cache

• To Set the Date Range for Free Busy Searches

• To Enable Wildcard LDAP Searches of Calendar Properties

• To Set the LDAP Root Suffix

To Configure Anonymous Access to LDAP

In general, anonymous access is allowed by default. If you want to restrict anonymous access, change the appropriate parameters.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the parameters in the following:

   Parameter	Description/Default
   calstore.anonymous.calid	Specifies the anonymous login calendar identifier (calid). The default is “anonymous”.
   service.http.allowanonymouslogin	Specifies whether or not anonymous access is allowed without a login. The default is “yes”. (Allows recipient of emailed calendar URL to access a free-busy version of the calendar without login in.)
   service.wcap.anonymous. allowpubliccalendarwrite	Specifies whether or not to allow anonymous users to write to a publicly writable calendar. The default is “yes”.
   service.wcap.userprefs.ldapproxyauth	Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure LDAP Attendee Lookup

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the parameters in the following table:

   Parameter	Description/Default
   local.lookupldap.search. minwildcardsize	Specifies the minimum string size for wildcard searches in an attendee lookup search. Zero (0) means always do a wildcard search.
   local.lookupldap.user.authfilter	Specifies the authentication filter for user lookup. The default is: “(uid=%s)”
   local.lookupldapbasedn	Specifies the DN for LDAP attendee lookup. If not specified, uses local.ugldapbsedn. No default value.
   local.lookupldapbinddn	Specifies the DN to bind to the host used for LDAP attendee lookup. If not specified (default is ““), anonymous bind assumed.
   local.lookupldapbindcred	Credentials (password) for user identified in local.lookupldapbinddn. No default value.
   local.lookupldaphost	The host name for LDAP attendee lookup. If not specified, uses local.ugldaphost.
   local.lookupldapmaxpool	Specifies the number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldapmaxpool. The default is “1024”.
   local.lookupldappoolsize	Specifies the minimum number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldappoolsize. The default is “1”.
   local.lookupldapport	Specifies the port to use for LDAP attendee lookup. If not specified, uses local.ugldapport.
   local.lookupldapsearchattr.calid	Specifies the calid attribute for attendee lookup. The default is icsCalendar.
   local.lookupldapsearchattr.mail	Specifies the mail attribute for attendee lookup. The default is mail.
   local.lookupldapsearchattr. mailalternateaddress	Specifies the alternate mail address attribute for attendee lookup. The default is mailalternateaddress.
   local.lookupldapsearchattr. mailequivalentaddres	Specifies the equivalent address mail attribute for attendee lookup. The default is mailequivalentaddress.
   local.lookupldapsearchattr. calendar	Specifies the calendar attribute for attendee lookup. The default is icsCalendar.
   local.lookupldapsearchattr.cn	Specifies the common name attribute for attendee lookup. The default is icsCalendar.
   local.lookupldapsearchattr. objectclass	Specifies the object class attribute for attendee lookup. The default is objectclass.
   local.lookupldapsearchattr. objectclass.caluser	Specifies the object class for calendar users. The default is icsCalendarUser.
   local.lookupldapsearchattr. objectclass.calresource	Specifies the object class for calendar resources. The default is icsCalendarResource.
   local.lookupldapsearchattr. objectclass.group	Specifies the object class for groups. The default is groupofuniquenames.
   local.lookupldapsearchattr. objectclass.person	Specifies the object class for persons. The default is person.
   local.lookupldapsearchattr. memberurl	Specifies the member URL attribute for attendee lookup. The default is memberurl.
   local.lookupldapsearchattr. uniquemember	Specifies the unique member attribute for attendee lookup. The default is uniquemember.
   local.lookupldapsearchattr. givenname	Specifies the given name attribute for attendee lookup. The default is givenname.
   local.lookupldapsearchattr.sn	Specifies the screen name attribute for attendee lookup. The default is sn.
   local.smtp.defaultdomain	Name of the default domain used to lookup an attendee’s calendar ID that corresponds to an email address. For example, jsmith resolves to jsmith@sesta.com if the value for this setting is "sesta.com".

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure Search Filters for LDAP Attendee Lookup

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the parameters in the following table:

   ---

   Tip –

   In all the parameter descriptions that follow, %s allows only a single attendee.

   ---

   Parameter	Description/Default
   local.lookupldap.calid.direct	The search filter for calid-search-type using direct lookup. The default is: "(icsCalendar=%s) %s–The attendee string.
   local.lookupldap.cn.direct	The search filter for cn-search-type in direct lookup. The default is:   "(&(cn=%s) (|(objectclass=groupofuniquenames) (objectclass=icsCalendarResource) (objectclass=person)))" %s – The attendee string.
   local.lookupldap.cn.search	The search filter for cn-search-type in search dialog lookup. The default is for a single attendee string (%s): "(&(cn=%s) (|(objectclass=groupofuniquenames) (objectclass=icsCalendarResource) (objectclass=person)))" For a wild card search (multiple search strings):  "(&(cn=%w) (|(objectclass=groupofuniquenames) (objectclass=icsCalendarResource) (objectclass=person)))" %w – Causes expansion to a list of attendee strings. For example: %w=”Mary Ann Smith” expands to: (& (cn=*Mary*) (cn=”*Ann”) (cn=*Smith*)
   local.lookupldap.gid	The search filter for gid search type. The default is: "(&(cn=%s) (objectclass=groupofuniquenames))" %s — A single attendee string.
   local.lookupldap.mailto.indomain	The search filter for mailto-search-type in the domain specified by local.smtp.defaultdomain. The default is: "(|(mail=%s)(mail=%h)(mail=*<%s\>*) (uid=%o))" %s – The attendee string. %o – The attendeeuid. %h – The query string without the domain part. For example: if %s=jdoe@sesta.com, %o=jdoe@sesta.com and %h=jdoe, then the value is: (|(mail=jdoe@varrius.com) (mail=jdoe) (mail=*<jdoe@varrius.com\>*) (uid=jdoe@varrius.com))
   local.lookupldap.mailto.outdomain	The search filter for mailto-search-type where the domain is not the one specified by local.smtp.defaultdomain. The default is: "(|(mail=%s)(uid=%s))" %s – The attendee string.
   local.lookupldap.res	The search filter for res search type (resource search). The default is: "(&(cn=%s) (objectclass=icsCalendarResource))" $s – The attendee string.
   local.lookupldap.res.ugldap	The search filter for res search type (resource search) only on the User/Group LDAP server. This is only set when local.lookupldap.resource.use.ugldap is set to “yes”. The default is: "(&(cn=%s) (objectclass=icsCalendarResource))" %s – The attendee string.
   local.lookupldap.uid.direct	The search filter for uid search type using direct lookup. The default is: "(|(uid=%s)(&(cn=%s) (|(objectclass=groupofuniquenames) (objectclass=icsCalendarResource) (objectclass=person))))" %s – The attendee string.
   local.lookupldap.uid.search	The search filter for uid search type lookup using a search dialog. The default is:   "(|(uid=%o)(&(cn=%w) (|(objectclass=groupofuniquenames) (objectclass=icsCalendarResource) (objectclass=person))))" %s – The attendee string. %w – The attendee string with wildcards. %o – The attendee string without wildcards.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure LDAP Resource Lookup

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit the parameter shown in the following table:

   Parameter	Description/Default
   local.lookupldap.resource.use.ugldap	Whether to use the User/Group LDAP server for resource lookup, or the Lookup server.  “yes” – Use the User/Group LDAP server. “no” – Use the Lookup server. The default is “no”.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure LDAP Mail-to-Calid Lookup

These parameters are used only for a non-hosted domain environment. If you have deployed a hosted domain environment, the maillookup parameters are ignored and the user and group LDAP values (ugldap) are used.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the parameters in the following table:

   Parameter	Description/Default
   local.lookupldap.mailtocalid.search	Specifies the mail attributes to use for mail-to-calid lookup. The default is "(|(mail=%s)(mailalternateaddress=%s))” You can substitute the attribute mailequivalentaddress in place of mailalternateaddress.
   local.maillookupldapbasedn	Specifies the base DN for mail-to-calid lookup. If not specified, uses local.ugldapbasedn.
   local.maillookupldapbinddn	Specifies the DN to bind to the host used for mail-to-calid lookup. If not specified (default is ““), anonymous bind assumed.
   local.maillookupldapbindcred	Specifies the password for the DN specified in local.maillookupldapbinddn. No default.
   local.maillookupldaphost	Specifies the LDAP host used for mail -to-calid lookup. If not specified, uses local.ugldaphost.
   local.maillookupldapmaxpool	Specifies the maximum number of client connections maintained for mail-to-calid lookup. If not specified, uses local.ugldapmaxpool. The default is “1024”.
   local.maillookupldappoolsize	Specifies the minimum number of client connections to maintain for mail-to-calid lookup. If not specified, uses local.ugldappoolsize. The default is “1”.
   local.maillookupldapport	Specifies the port for the LDAP mail-to-calid lookup. If not specified, uses local.ugldapport. No default.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure Calendar Server to Use the User Preferences LDAP Directory

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the parameters in the following table:

   Parameter	Description/Default
   local.enduseradmincred	Bind credentials (password) for LDAP user preferences authentication. No default.
   local.enduseradmindn	DN used to bind to LDAP user preferences host. Must be specified. If blank (" ") or not specified, assumes an anonymous bind.
   local.ugldappoolsize	Minimum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1”.
   local.ugldapmaxpool	Maximum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1024”.
   service.wcap.userprefs.ldapproxyauth	Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Configure User Preferences

You can restrict the preferences users are allowed to set by removing them from the default list.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit the list of user preferences in the parameter shown in the following table:

   Parameter	Default List of User Preferences	Description
   local. ugldapicsextendeduserprefs	"ceColorSet, ceFontFace, ceFontSizeDelta, ceDateOrder, ceDateSeparator, ceClock, ceDayHead, ceDayTail, ceInterval, ceToolText, ceToolImage, ceDefaultAlarmStart, ceSingleCalendarTZID, ceAllCalendarTZIDs, ceDefaultAlarmEmail, ceNotifyEmail, ceNotifyEnable, ceDefaultView, ceExcludeSatSun, ceGroupInviteAll"	User preference values are kept in LDAP. This parameter defines which user preferences are kept in LDAP in the icsExtendedUserPrefs attribute.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Enable and Configure the LDAP Data Cache

Before You Begin

For overview information about the LDAP Data Cache, see LDAP Data Cache Option.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Enable the LDAP data cache by editing the parameter as shown in the following table:

   Parameter	Description and Default Value
   local.ldap.cache.enable	Enable or disable the LDAP cache. If “yes”, the cache is enabled. If “no” the cache is disabled. The default is “no”.
   local.ldap.cache.checkpointinterval	Specifies the number of seconds for the checkpoint thread to sleep. The default time is 60 seconds.
   local.ldap.cache.circularlogging	Specifies whether or not to remove the database log files after they have been processed. The default is "yes" .
   local.ldap.cache.homedir.path	Specifies the physical location of LDAP data cache database. The default is:   cal_svr_base/var/opt/SUNWics5 /csdb/ldap_cache
   local.ldap.cache.logfilesizemb	Specifies the maximum size in megabytes of the checkpoint file. The default is 10 megabytes.
   local.ldap.cache.maxthreads	Specifies the maximum number of threads for the LDAP data cache database. The default is "1000" .
   local.ldap.cache.mempoolsizemb	Specifies the number of megabytes of shared memory. The default is "4" megabytes.
   local.ldap.cache.entryttl	Not currently implemented.  Specifies the time to live (TTL) in seconds for an LDAP data cache entry. The default is "3600" seconds (1 hour).
   local.ldap.cache.stat.enable	Specifies whether or not to log the access to the LDAP data cache and to print statistics in the log file. The default is no .   Note – This parameter applies only to debug mode.
   local.ldap.cache.stat.interval	Specifies the interval in seconds when each statistics report is written to the log file. The default is "1800" seconds (30 minutes).
   local.ldap.cache.cleanup.interval	Specifies the interval in seconds between each database cleanup. The default is "1800" seconds (30 minutes).

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

See Also

For information about tuning the LDAP data cache, see Improving Performance of the LDAP Data Cache.

If Calendar Server or the server where Calendar Server is running is not properly shut down, manually delete all files in the ldap_cache directory to avoid any database corruption that might cause problems during a subsequent restart.

To Enable and Configure the LDAP SDK Cache

The LDAP SDK cache is disabled by default.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Editing one or more of the parameters as shown in the following table:

   Parameter	Description and Default Value
   service.ldapmemcache	If "yes", enables LDAP SDK cache. The default is “no”.
   service.ldapmemcachettl	If service.ldapmemcache is "yes", this parameter is used to set the maximum number of seconds that an item can be cached. If “0”, there is no limit to the amount of time that an item can be cached. The default is “30”.
   service.ldapmemcachesize	If service.ldapmemcache is "yes", this parameter is used to set the maximum amount of memory in bytes that the cache will consume. If “0”, the cache has no size limit. The default is “131072”.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Set the Date Range for Free Busy Searches

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one or more of the following parameters as shown in the following table:

   Parameter	Description and Default Value
   service.wcap.freebusybegin	Specifies the offset from the current time in days for get_freebusy for beginning of the range. The default is “30”.
   service.wcap.freebusyend	Specifies the offset from the current time in days for get_freebusy for end of the range. The default is “30”.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Enable Wildcard LDAP Searches of Calendar Properties

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit the parameter as shown in the following table:

   Parameter

   Description and Default Value

   service.calendarsearch.ldap. primaryownersearchfilter

   The default search filter used for search_calprops searches for exact matches to the search string. To allow wildcard searches such that matches are found when the search string is merely contained within the property value, uncomment this parameter. This enables the system to use the following search filter: "(&(|(uid=*%s*)(cn=*%s*)) (objectclass=icsCalendarUser))" Enabling this search filter can negatively impact performance.

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal

To Set the LDAP Root Suffix

While it is possible to reset the root suffix for your LDAP organization tree (Schema 2), or domain component tree (Schema 1), this should be done with great care. It would be better to rerun the configuration program to do this.

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit one of the parameters as shown in the following table:

   Parameter	Description and Default Value
   service.dcroot	Root suffix of the DC tree in the directory. Required for hosted (virtual) domain mode support using Schema 1. The default is "o=internet". See also Setting up a Hosted Domain Environment.
   service.schema2root	Root suffix of the DIT (Organization Tree) for Schema 2. No default value.

5. Save the file as ics.conf.

6. Restart Calendar Server:

   cal_svr_base/SUNWics5/cal/sbin/start-cal