test

Configuring Calendar Server for Connector for Microsoft Outlook

Configuring Calendar Server for Connector for Microsoft Outlook

This technical note describes specific configuration tasks and other considerations for Sun JavaTM System Calendar Server to work with Connector for Microsoft Outlook.

This technical note contain the following sections:

Technical Note Revision History

Version 

Date 

Description of Changes 

1.0 

February 2006 

Initial release of this technical note. 

2.0 

September 2006 

Updated to add Delete Log Database section. 

3.0 

June 2007 

Added information about limited directory browsing to the “Configuring Shared Calendar LDAP Lookup” section. 

Specifying the Required LDAP mail Attribute

Calendar Server 6 2004Q2 was the first release to require users to have the LDAP mail attribute for both user calendars and resource calendars.

For clients to use Microsoft Outlook to schedule resource calendars (for example, for meeting rooms or equipment such as a notebook computer or overhead projector), each resource must have an email address, even though email is not actually needed. The LDAP mail attribute specifies this email address.

You can add the LDAP mail attribute as follows:

If you are using Schema 1 and are creating new users or resources after installation, use the following utilities to specify an email address:

For related information about csattribute, csresource , and csuser, refer to theSun Java System Calendar Server 6 2005Q4 Administration Guide. For related information about the ldapmodify utility, refer to the Sun Java System Directory Server Resource Kit Tools Reference.

For Schema 2, Communications Services Delegated Administrator is the preferred tool for creating new users and resources after installation. See the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide for information about using Delegated Administrator.

ProcedureAdding the LDAP email Attribute to a Resource

The following example adds the LDAP mail attribute for a conference room named Room100 on the sesta.com server. This example configures Messaging Server. If you are using another email server, refer to that product’s documentation for the equivalent process.

  1. Add the mail attribute to the LDAP server using the csattribute utility:

    ./csattribute -a mail=Room100@sesta.com add Room100

  2. To check that the attribute has been set, use the csattribute list command with the -v (verbose) option:


    ./csattribute -v list Room100
...
cn=Room 100,ou=conferenceRooms,dc=sesta,dc=com has mail: Room100@sesta.com

ProcedureSetting the bitbucket Channel for Resource Email (Messaging Server)

The following example sets up the bitbucket channel for Messaging Server for the email generated for resource calendars. This example uses a resource named Room100 on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar.

  1. Ensure the bitbucket channel is defined in the Messaging Server's MTA configuration file (imta.cnf).

  2. To direct messages to the bitbucket channel, create the email address for the resource using the csresource utility:

    ./csattribute -a mail=Room100@bitbucket.sesta.com add Room100

    Note –

    To enable these changes, you might need to rebuild alias tables or configurations. Refer to the documentation for Messaging Server (or your email product) as well as your site's documentation and procedures regarding changes to mail services.

ProcedureSetting the bitbucket Channel for Resource Email (Sendmail)

The following example sets up the bitbucket channel for Sendmail for the email generated for resource calendars. This example uses a resource named Room100 on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar.

  1. In the /etc/aliases file on the appropriate host, add an entry such as:


    # Resource/Conference room aliases
Room100: /dev/null

  2. Add the email address for the resource to the LDAP directory using the csresource utility:

    ./csattribute -a mail=Room100@sesta.com add Room100

Setting Up an Alternate Email Address for a User

If you need to set up an email aliase for a calendar user, use the LDAP mailalternateaddress attribute. The LDAP mail attribute provides the primary email address. The LDAP mailalternateaddress attribute provides for alternate email addresses for a user. Both attributes map the mail addresses to the user’s ID.

For example, a user named John Smith has these values:

To add an email alias or alternate address for John Smith, enter these Calendar Server utility commands:


# ./csuser -g John -s Smith -y password -l en -m john.smith@sesta.com 
\ -c johnsmith create johnsmith
# ./csattribute -a mailalternateaddress=johns@sesta.com add johnsmith
# ./csattribute -a mailalternateaddress=jsmith@sesta.com add johnsmith

Indexing LDAP Attributes

In order for Connector for Microsoft Outlook to function correctly, the following LDAP attributes in the Sun Java System Directory Server should be indexed for at least presence and equality to improve the overall performance:

For more information on these attributes, see the Sun Java System Calendar Server 6 2005Q4 Administration Guide and the Sun Java System Messaging Server 6 2005Q4 Administration Guide.

Configuring Shared Calendar LDAP Lookup

If Directory Server requires authentication for the Shared Calendar LDAP lookup then the service.wcap.userprefs.ldapproxyauth parameter must be set in the ics.conf file as follows:

If service.wcap.userprefs.ldapproxyauth is yes, set the appropriate LDAP ACI for the calmaster entry. For example, to set the calmaster ACI for proxy authentication for the sesta.com domain, use the ldapmodify tool as follows:

dn:  o=usergroup

changetype: modify

add: aci

aci: (targetattr="icscalendar || cn || givenName || sn || uid || mail")
(targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource)))
(version 3.0; acl "Allow calendar administrators to proxy -
product=ics,class=admin,num=2,version=1"; allow (proxy) groupdn =
"ldap:///cn=Calendar Administrators,ou=Groups,o=usergroup";)

For the domain basedn node, the following example shows the correct ACI:

dn:  o=sesta.com,o=usergroup

changetype: modify

add: aci

aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail")
(targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource)))
(version 3.0; acl "Allow calendar users to read and search other users - 
product=ics,class=admin,num=3,version=1"; allow (search,read)
userdn = "ldap:///uid=*, ou=People, o=sesta.com, o=usergroup";)

If there is no domain, add this ACI to the root suffix itself by removing the o=sesta.com part on the dn: line.

The above ACI may pose a security issue if restricted user information is stored in certain attributes, for example, dn, givenName, sn, uid, or mail. To restrict the browsing of the directory to only people making the queries from a specific Calendar Server, change the above ACI to something like: 

aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail")
(targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource)))
(version 3.0; acl "Allow calendar users to read and search other users - 
product=ics,class=admin,num=3,version=1"; allow (search,read)
(ip="192.200.2.82,127.0.0.1,192.200.2.81")and
(userdn="ldap:///uid=*,ou=People,o=sesta.com,o=usergroup");)

The IP addresses listed in the above ACI example (192.200.2.82, 127.0.0.1, and 192.200.2.81) are the IP addresses from which the Calendar Server makes the queries.

The Calendar Server configuration program, csconfigurator.sh, adds these ACIs. If you are upgrading from Java Enterprise System 2003Q4, you must rerun the csconfigurator.sh configuration program to get these updated ACIs.

Enabling Outlook Free/Busy Lookup With Calendar Server

The Microsoft Outlook Free/Busy Lookup option is not supported for users who access Calendar Server in SSL mode. To use both SSL and non-SSL mode for the same Calendar Server instance, users must specify different port numbers, as follows:

For information about SSL, refer to Chapter 8, Configuring SSL, in Sun Java System Calendar Server 6 2005Q4 Administration Guide.

Configuring Recurring Events

In Outlook, recurring events can be created with no end date. Calendar Server accepts events with no end date internally, but creates only 60 occurrences by default. Also, free/busy information is only kept up to the number of occurrences kept in the Calendar Server. For example, if you create a daily recurring event at 10:00 am in Outlook and the Calendar Server only keeps up to 60 repeating events, on day 61 the event still appear on Outlook but the 10:00 am time appears as “free” when calculating availability.

The default can be changed to a greater value by editing the calstore.recurrence.bound parameter in the ics.conf file. See Configuring Calendar Server in Sun Java System Calendar Server 6 2005Q4 Administration Guide for information about this parameter.

Determining When to Purge the Delete Log Database

Calendar Server includes the Delete Log database (ics50deletelog.db ) to store deleted events and todos (tasks). Connector for Microsoft Outlook and other third-party clients make use of the Delete Log database when synchronizing with the Calendar Server. When a sync is performed, the Delete Log database provides Connector for Microsoft Outlook the list of deleted entries which are then deleted by Connector for Microsoft Outlook. Administrators have the option ( service.admin.purge.deletelog parameter) of setting up Calendar Server to automatically purge the entries in the Delete Log database. The caldb.berkeleydb.purge.deletelog.beforetime parameter specifies a time before which to purge entries in the Delete Log database. Problems may arise if, for example,service.admin.purge.deletelog is set to yes and caldb.berkeleydb.purge.deletelog.beforetime is set to the default of 518400 seconds (6 days), but a user takes a 14 day vacation. When the user returns from vacation and syncs Connector for Microsoft Outlook with Calendar Server, the Delete Log database contains deleted entries from the last 6 days. Outlook Connector will not delete those entries which have been purged from the Calendar Server since the previous Connector for Microsoft Outlook sync.

It is recommended that Calendar Server administrators change the parameter to 2592000 (30 days) if Connector for Microsoft Outlook is used as a clients. If a 30 day interval does not provide enough time, then administrators should change the parameter to a value that is more appropriate. For example, if employees commonly take 90 day vacations, the parameter should be changed according to the company model.

It is important to take into consideration the size to which the Delete Log database can grow within the time frame that the caldb.berkeleydb.purge.deletelog.beforetime is set. The size can be estimated based upon the number of users, average deleted events per day, and average size of a single Delete Log record. A simple formula of (users x events x record_size) can be used to estimate the size. For example, at a site with 1000 users, where the average number of events deleted per user per day is 20 and the average Delete Log record is 2 bytes, the size of the Delete Log database may potentially grow to 40000 (1000 x 20 x 2) bytes per day and 1200000 bytes in 30 days.

For details about the Delete Log database, see Chapter 18, Administering the Delete Log Database, in Sun Java System Calendar Server 6 2005Q4 Administration Guide.

Accessing Sun Resources Online

The following web sites provides information about the following additional resources:

Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note –

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the full document title and part number. The part number is a 7-digit or 9-digit number that can be found on the book's title page or in the document's URL. For example, the part number of this book is 819-5200-10.