This section contains instructions for configuring Calendar Server for LDAP.
This section contains the following topics:
To Configure Anonymous Access to LDAP for Calendar Server Version 6.3
To Configure LDAP Attendee Lookup for Calendar Server Version 6.3
To Configure Search Filters for LDAP Attendee Lookup for Calendar Server Version 6.3
To Configure LDAP Resource Lookup for Calendar Server Version 6.3
To Configure LDAP Mail-to-Calid Lookup for Calendar Server Version 6.3
To Configure the User Preferences LDAP Directory for Calendar Server Version 6.3
To Configure User Preferences for Calendar Server Version 6.3
To Enable and Configure the LDAP Data Cache for Calendar Server Version 6.3
To Enable and Configure the LDAP SDK Cache for Calendar Server Version 6.3
To Set the Date Range for Free Busy Searches for Calendar Server Version 6.3
To Enable Wildcard LDAP Searches of Calendar Properties for Calendar Server Version 6.3
In general, anonymous access is allowed by default. If you want to restrict anonymous access, change the appropriate parameters.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following:
Parameter |
Description/Default |
---|---|
calstore.anonymous.calid |
Specifies the anonymous login calendar identifier (calid). The default is "anonymous". |
service.http.allowanonymouslogin |
Specifies whether or not anonymous access is allowed without a login. The default is “yes”. (Allows recipient of emailed calendar URL to access a free-busy version of the calendar without login in.) |
service.wcap.anonymous. allowpubliccalendarwrite |
Specifies whether or not to allow anonymous users to write to a publicly writable calendar. The default is “yes”. |
service.wcap.userprefs.ldapproxyauth |
Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
minwildcardsize |
Specifies the minimum string size for wildcard searches in an attendee lookup search. Zero (0) means always do a wildcard search. |
sasl.default.ldap.searchfilter |
Specifies the authentication filter for user lookup. The default is: "(uid=%s)" |
local.lookupldapbasedn |
Specifies the DN for LDAP attendee lookup. If not specified, uses local.ugldapbsedn. No default value. |
local.lookupldapbinddn |
Specifies the DN to bind to the host used for LDAP attendee lookup. If not specified (default is ““), anonymous bind assumed. |
local.lookupldapbindcred |
Credentials (password) for user identified in local.lookupldapbinddn. No default value. |
local.lookupldaphost |
The host name for LDAP attendee lookup. If not specified, uses local.ugldaphost. |
local.lookupldapmaxpool |
Specifies the number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldapmaxpool. The default is “1024”. |
local.lookupldappoolsize |
Specifies the minimum number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldappoolsize. The default is “1”. |
local.lookupldapport |
Specifies the port to use for LDAP attendee lookup. If not specified, uses local.ugldapport. |
local.lookupldapsearchattr.calid |
Specifies the calid attribute for attendee lookup. The default is icsCalendar. |
local.lookupldapsearchattr.mail |
Specifies the mail attribute for attendee lookup. The default is mail. |
local.lookupldapsearchattr. mailalternateaddress |
Specifies the alternate mail address attribute for attendee lookup. The default is mailalternateaddress. |
local.lookupldapsearchattr. mailequivalentaddres |
Specifies the equivalent address mail attribute for attendee lookup. The default is mailequivalentaddress. |
local.lookupldapsearchattr. calendar |
Specifies the calendar attribute for attendee lookup. The default is icsCalendar. |
local.lookupldapsearchattr.cn |
Specifies the common name attribute for attendee lookup. The default is cn. |
local.lookupldapsearchattr. objectclass |
Specifies the object class attribute for attendee lookup. The default is objectclass. |
local.lookupldapsearchattr. objectclass.caluser |
Specifies the object class for calendar users. The default is icsCalendarUser. |
local.lookupldapsearchattr. objectclass.calresource |
Specifies the object class for calendar resources. The default is icsCalendarResource. |
local.lookupldapsearchattr. objectclass.group |
Specifies the object class for groups. The default is icsCalendarGroup. |
local.lookupldapsearchattr. objectclass.person |
Specifies the object class for persons. The default is person. |
local.lookupldapsearchattr. memberurl |
Specifies the member URL attribute for attendee lookup. The default is memberurl. |
local.lookupldapsearchattr. uniquemember |
Specifies the unique member attribute for attendee lookup. The default is uniquemember. |
local.lookupldapsearchattr. givenname |
Specifies the given name attribute for attendee lookup. The default is givenname. |
local.lookupldapsearchattr.sn |
Specifies the screen name attribute for attendee lookup. The default is sn. |
Name of the default domain used to lookup an attendee’s calendar ID that corresponds to an email address. For example, jsmith resolves to jsmith@sesta.com if the value for this setting is "sesta.com". |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
In all the parameter descriptions that follow, %s allows only a single attendee.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter shown in the following table:
Whether to use the User/Group LDAP server for resource lookup, or the Lookup server.
“yes” – Use the User/Group LDAP server.
“no” – Use the Lookup server. The default is “no”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
local.lookupldap.mailtocalid.search |
Specifies the mail attributes to use for mail-to-calid lookup. The default is "(|(mail=%s)(mailalternateaddress=%s))” You can substitute the attribute mailequivalentaddress in place of mailalternateaddress. |
local.ugldapbasedn |
Specifies the base DN for mail-to-calid lookup. |
local.authldapbinddn |
Specifies the DN to bind to the host used for mail-to-calid lookup. If not specified (default is ""), anonymous bind assumed. |
local.authldapbindcred |
Specifies the password for the DN specified in local.authldapbinddn. No default. |
local.ugldaphost |
Specifies the LDAP host used for mail -to-calid lookup. |
local.ugldapmaxpool |
Specifies the maximum number of client connections maintained for mail-to-calid lookup. The default is “1024”. |
local.ugldappoolsize |
Specifies the minimum number of client connections to maintain for mail-to-calid lookup. The default is “1”. |
local.ugldapport |
Specifies the port for the LDAP mail-to-calid lookup. No default. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
Bind credentials (password) for LDAP user preferences authentication. No default. |
|
DN used to bind to LDAP user preferences host. Must be specified. If blank (" ") or not specified, assumes an anonymous bind. |
|
Minimum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1”. |
|
Maximum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1024”. |
|
service.wcap.userprefs.ldapproxyauth |
Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
You can restrict the preferences users are allowed to set by removing them from the default list.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the list of user preferences in the parameter shown in the following table:
Parameter |
Default List of User Preferences |
Description |
---|---|---|
ugldapicsextendeduserprefs |
"ceColorSet, ceFontFace, ceFontSizeDelta, ceDateOrder, ceDateSeparator, ceClock, ceDayHead, ceDayTail, ceInterval, ceToolText, ceToolImage, ceDefaultAlarmStart, ceSingleCalendarTZID, ceAllCalendarTZIDs, ceDefaultAlarmEmail, ceNotifyEmail, ceNotifyEnable, ceDefaultView, ceExcludeSatSun, ceGroupInviteAll" |
User preference values are kept in LDAP. This parameter defines which user preferences are kept in LDAP in the icsExtendedUserPrefs attribute. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For overview information about the LDAP Data Cache, see 1.7 LDAP Data Cache Option for Calendar Server Version 6.3.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Enable the LDAP data cache by editing the parameter as shown in the following table:
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For information about tuning the LDAP data cache, see 21.5 Improving Performance of the LDAP Data Cache.
If Calendar Server or the server where Calendar Server is running is not properly shut down, manually delete all files in the ldap_cache directory to avoid any database corruption that might cause problems during a subsequent restart.
The LDAP SDK cache is disabled by default.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Editing one or more of the parameters as shown in the following table:
If "yes", enables LDAP SDK cache. The default is “no”.
If service.ldapmemcache is "yes", this parameter is used to set the maximum number of seconds that an item can be cached. If “0”, there is no limit to the amount of time that an item can be cached. The default is “30”.
If service.ldapmemcache is "yes", this parameter is used to set the maximum amount of memory in bytes that the cache will consume. If “0”, the cache has no size limit. The default is “131072”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following parameters as shown in the following table:
Specifies the offset from the current time in days for get_freebusy for beginning of the range. The default is “30”.
Specifies the offset from the current time in days for get_freebusy for end of the range. The default is “30”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter as shown in the following table:
The default search filter used for search_calprops searches for exact matches to the search string. To allow wildcard searches such that matches are found when the search string is merely contained within the property value, uncomment this parameter. This enables the system to use the following search filter:
"(&(|(uid=*%s*)(cn=*%s*)) (objectclass=icsCalendarUser))"
Enabling this search filter can negatively impact performance.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
While it is possible to reset the root suffix for your LDAP organization tree (Schema version 2), or domain component tree (Schema version 1), this should be done with great care. It would be better to rerun the configuration program to do this.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one of the parameters as shown in the following table:
Root suffix of the DC tree in the directory. Required for multiple domain support using Schema version 1, and Schema version 2 compatibility mode (1.5). The default is "o=internet".
See also 10.2 Setting up a Multiple Domain Environment for Calendar Server Version 6.3 for the First Time.
Root suffix of the DIT (Organization Tree) for Schema version 2. No default value.
Save the file as ics.conf.
Restart Calendar Server:
cal-svr-base/SUNWics5/cal/sbin/start-cal