Shared Calendar LDAP Lookup Configuration

If Directory Server requires authentication for the Shared Calendar LDAP lookup then the service.wcap.userprefs.ldapproxyauth parameter must be set in the ics.conf file as follows:

• Anonymous binding: service.wcap.userprefs.ldapproxyauth = "no"

• Authenticated proxy binding: service.wcap.userprefs.ldapproxyauth = "yes"

If service.wcap.userprefs.ldapproxyauth is “yes”, you must also set the appropriate LDAP ACI for the calmaster entry. For example, to set the calmaster ACI for proxy authentication for the sesta.com domain, use the ldapmodify tool as follows:

dn:  o=usergroup
changetype: modify
add: aci
aci: (targetattr="icscalendar || cn || givenName || sn || uid ||
mail")(targetfilter=(objectClass=icscalendaruser))(version 3.0; acl
"Allow calendar administrators to proxy -
product=ics,class=admin,num=2,version=1"; allow (proxy) groupdn =
"ldap:///cn=Calendar Administrators,ou=Groups,o=usergroup";)

For the domain basedn node, the following example shows the correct ACI:

dn:  o=sesta.com,o=usergroup
changetype: modify
add: aci
aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail")
(targetfilter=(objectClass=icscalendaruser))(version 3.0; acl "Allow 
calendar users to read and search other users - 
product=ics,class=admin,num=3,version=1"; allow (search,read)
userdn = "ldap:///uid=*, ou=People, o=sesta.com, o=usergroup";)

If there is no domain, add this ACI to the root suffix itself by removing the o=sesta.com part on the dn: line.

The Calendar Server configuration program, csconfigurator.sh, adds these ACIs. If you are upgrading from Java Enterprise System Release 1, you must rerun the configuration program to get these updated ACIs.