Projects
Wiki     Timeline     Roadmap     Browse Source     View Tickets     New Ticket     Search

Directory Services

The Calendar Server needs to be able to obtain information about the users, groups and resources ("principals") which access and/or have a presence on the server.

About principals

All principals have a "principal resource" on the server which represents the principal in the form of an HTTP resource. This is useful for obtaining information about a principal, such as the location of the principal's calendar home, the principal's members and/or memberships, and so on. This information is exposed via WebDAV properties on the principal resource.

All principals can be used to configure access controls for resources on the server by granting or denying various privileges to the principal.

Principals are also given a calendar home collection on the server, in which the principal may have one or more calendar collections, as well as special collections which allow the principals to schedule meetings with each other, etc.

The role of a directory service

A "directory service" is simply an entity which the server can ask for a list of principal types, a list of principals for a given type, and various information about an individual principal. Directory services are interchangeable, allowing the server to obtain this information from a variety of data store, such as configuration files or network directory systems such as LDAP.

The directory service used by the server is configured in the caldavd.plist file by specifying the directory service implementation to use and it's options as a dictionary, provided as the value to the DirectoryService key: 

<key>DirectoryService</key>
<dict>
  <key>type</key>
  <string>ExampleService</string>

  <key>params</key>
  <dict>
    <key>option</key>
    <string>value</string>
  </dict>
</dict>

Available implementations

The following directory service implementations are presently available:

  • XMLDirectoryService: this service is configurable via an XML file that contains principal information.
  • OpenDirectoryService: this service uses OpenDirectory (which in turn uses LDAP, Active Directory, etc.) to obtain principal information.
  • BasicDirectoryService and DigestDirectoryService: these services are configurable using configuration files in the same formats as used by the Apache HTTP server, allowing you to use the same user/group setup as a separately-running Apache server.