krypted.com

Tiny Deathstars of Foulness

Configuring Calendar Server in macOS Server 5.4 (running on High Sierra) is a fairly simple and straight forward process. The Calendar Server is a CalDAV Server, leveraging HTTP and HTTPS, running on ports 8008 and 8443 respectively. To enable the Calendar service in macOS Server 5.4, first open the Server application and click on Calendar in the SERVICES section of the sidebar.

Once open, click on Enable invitations by email to enable email notifications of invitations in the Calendar Server. Provide the email address and then click on the Next button.

At the Configure Server Email Address screen, provide the type of incoming mail service in use, provide the address of the mail server and then the port number used, if not a standard port for HTTPS-based IMAP (or POP if you’d prefer), the user name and the valid password for the account. Then click on the Next button.

At the outgoing mail server screen, provide the Outgoing Mail Server address, the port, whether or not SSL is in use (it should be if possible), the password protocol, the user name and the password. Then click on the Next button.

At the Mail Account Summary screen, review the settings and if correct, click Finish. Back at the service configuration screen, click on the plus sign (“+”) and provide a type of location, an address, a delegate, a name for the location, whether or not invitations to the resource are accepted and then enter the account name for any accounts that can manage the location’s calendar (they will auto-complete, so there’s no need to remember users and groups exactly). Click Done to complete the setup. Use the Resource setting in type to configure a resource instead of a location. The two are the same, except the Type field.

There are a number of settings that can also be configured. But those are exposed only at the command line. To configure them, open the command line and then review the list of Calendar service settings using the list option of the serveradmin command:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings calendar

There are a number of settings for the Calendar service, including the following:

calendar:DefaultLogLevel = “info”
calendar:EnableAPNS = yes
calendar:EnableSSL = yes
calendar:DirectoryAddressBook:params:queryUserRecords = yes
calendar:DirectoryAddressBook:params:queryPeopleRecords = yes
calendar:EnableSearchAddressBook = yes
calendar:HTTPPort = 80
calendar:AccountingCategories:HTTP = no
calendar:AccountingCategories:Implicit Errors = no
calendar:AccountingCategories:iTIP = no
calendar:AccountingCategories:migration = no
calendar:AccountingCategories:AutoScheduling = no
calendar:AccountingCategories:iSchedule = no
calendar:AccountingCategories:iTIP-VFREEBUSY = no
calendar:Authentication:Digest:Enabled = yes
calendar:Authentication:Digest:AllowedOverWireUnencrypted = yes
calendar:Authentication:Kerberos:Enabled = yes
calendar:Authentication:Kerberos:AllowedOverWireUnencrypted = yes
calendar:Authentication:Wiki:Enabled = yes
calendar:Authentication:Basic:Enabled = yes
calendar:Authentication:Basic:AllowedOverWireUnencrypted = no
calendar:EnableCardDAV = no
calendar:Scheduling:iMIP:Sending:UseSSL = yes
calendar:Scheduling:iMIP:Sending:Server = “osxserver.krypted.com”
calendar:Scheduling:iMIP:Sending:Address = “com.apple.calendarserver@osxserver.krypted.com”
calendar:Scheduling:iMIP:Sending:Username = “com.apple.calendarserver”
calendar:Scheduling:iMIP:Sending:Password = “79PreYsZSFfZZC6v”
calendar:Scheduling:iMIP:Sending:Port = 587
calendar:Scheduling:iMIP:Enabled = yes
calendar:Scheduling:iMIP:Receiving:UseSSL = yes
calendar:Scheduling:iMIP:Receiving:Server = “osxserver.krypted.com”
calendar:Scheduling:iMIP:Receiving:Type = “imap”
calendar:Scheduling:iMIP:Receiving:Username = “com.apple.calendarserver”
calendar:Scheduling:iMIP:Receiving:Password = “79PreYsZSFfZZC6v”
calendar:Scheduling:iMIP:Receiving:Port = 993
calendar:SSLPrivateKey = “”
calendar:LogLevels = _empty_dictionary
calendar:DataRoot = “/Library/Server/Calendar and Contacts/Data”
calendar:ServerRoot = “/Library/Server/Calendar and Contacts”
calendar:SSLCertificate = “”
calendar:EnableCalDAV = no
calendar:Notifications:Services:APNS:Enabled = yes
calendar:SSLPort = 443
calendar:RedirectHTTPToHTTPS = yes
calendar:SSLAuthorityChain = “”
calendar:ServerHostName = “odr.krypted.com”

One of the more common settings to configure is the port number that CalDAV runs on. To configure HTTP:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings calendar:HTTPPort = 8008

For HTTPS:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings calendar:SSLPort = 8443

You can then start the service using the start option:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin start calendar

Or to stop it:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin stop calendar

Or to get the status:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin fullstatus calendar

Full status indicates that the three services are running:

calendar:readWriteSettingsVersion = 1 calendar:setStateVersion = 1 calendar:state = "RUNNING" calendar:contactsState = "RUNNING" calendar:calendarState = "RUNNING"

Once the Calendar server is configured, use the Calendar application to communicate with the server. Open the Calendar application and click on the Calendar menu and select Add Account. From the Add Account screen, click on Add CalDAV Account radio button and click Continue.



CalDAV from the Account Type menu and then enter the User Name and password configured on the server, and add the address of the server if you don’t have any service records pointing to the server. The User Name is usually the name provided in Server app, followed by @ and then the address of the server.

Once the server is configured it appears in the list of accounts in the sidebar of the Calendar app. Create calendars in the account and then to share a calendar, right-click on the calendar and click on Share Calendar…

screen-shot-2016-09-29-at-8-46-09-pm

At the Share Calendar screen, provide the name the calendar should appear as to others and anyone with whom you’d like to share your calendar with. Back at the Calendar Settings screen, use the settings to configure Availability and refresh rate of calendars, as seen above. Click on Server Settings to assign custom port numbers.

screen-shot-2016-09-29-at-8-49-16-pm

Click on the Delegation tab to view any accounts you’ve been given access to.

screen-shot-2016-09-29-at-8-49-34-pm

Use the Edit button to configure who has delegated access to calendars, as opposed to configuring subscriptions.

Overall, the Calendar service in Server 5.4 is one of the easiest to configure on High Sierra. Most of the work goes into settings configured on client systems. This, as with Exchange, dedistributes administration, often making administration more complicated than with many other tools, unless you’re leveraging profiles to push out settings, which is the expected workflow on the Apple side of things.

September 26th, 2017

Posted In: Mac OS X Server

Tags: , , , , , ,

Configuring Calendar Server in Yosemite Server is a fairly simple and straight forward process. The Calendar Server is a CalDAV Server, leveraging HTTP and HTTPS, running on ports 8008 and 8443 respectively. To enable the Calendar service in Yosemite Server, open the Server application and click on Calendar in the SERVICES section of the sidebar. Calendar1 Once open, click on Edit to enable email notifications of invitations in the Calendar Server. Provide the email address and then click on the Next button. Calendar2 At the Configure Server Email Address screen, provide the type of incoming mail service in use, provide the address of the mail server and then the port number used, if not a standard port for HTTPS-based IMAP (or POP if you’d prefer), the user name and the valid password for the account. Then click on the Next button. Calendar3 At the outgoing mail server screen, provide the Outgoing Mail Server address, the port, whether or not SSL is in use (it should be if possible), the password protocol, the user name and the password. Then click on the Next button. Calendar4 At the Mail Account Summary screen, review the settings and if correct, click Finish. Back at the service configuration screen, click on the plus sign (“+”) and provide a type of location, an address, a delegate, a name for the location, whether or not invitations to the resource are accepted and then enter the account name for any accounts that can manage the location’s calendar (they will auto-complete, so there’s no need to remember users and groups exactly). Click Done to complete the setup. Use the Resource setting in type to configure a resource instead of a location. The two are the same, except the Type field. Calendar5 There are a number of settings that can also be configured. But those are exposed only at the command line. To configure them, open the command line and then review the list of Calendar service settings using the list option of the serveradmin command: sudo serveradmin settings calendar There are a number of settings for the Calendar service, including the following: calendar:SSLCertificate = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.cert.pem" calendar:EnableCalDAV = yes calendar:Notifications:Services:APNS:CardDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.cert.pem" calendar:Notifications:Services:APNS:CardDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.key.pem" calendar:Notifications:Services:APNS:CardDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.chain.pem" calendar:Notifications:Services:APNS:CalDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.cert.pem" calendar:Notifications:Services:APNS:CalDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.key.pem" calendar:Notifications:Services:APNS:CalDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.chain.pem" calendar:Notifications:Services:APNS:Enabled = yes calendar:SSLAuthorityChain = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.chain.pem" calendar:DefaultLogLevel = "warn" calendar:Authentication:Digest:Enabled = yes calendar:Authentication:Digest:AllowedOverWireUnencrypted = yes calendar:Authentication:Kerberos:Enabled = yes calendar:Authentication:Kerberos:AllowedOverWireUnencrypted = yes calendar:Authentication:Wiki:Enabled = yes calendar:Authentication:Basic:Enabled = yes calendar:Authentication:Basic:AllowedOverWireUnencrypted = no calendar:ServerHostName = "mavserver.takecontrolbooks.com" calendar:Scheduling:iMIP:Sending:UseSSL = yes calendar:Scheduling:iMIP:Sending:Server = "mail.krypted.com" calendar:Scheduling:iMIP:Sending:Address = "com.apple.calendarserver@calendar.krypted.com" calendar:Scheduling:iMIP:Sending:Username = "admin" calendar:Scheduling:iMIP:Sending:Password = "Mitroae123" calendar:Scheduling:iMIP:Sending:Port = 465 calendar:Scheduling:iMIP:Enabled = yes calendar:Scheduling:iMIP:Receiving:UseSSL = yes calendar:Scheduling:iMIP:Receiving:Server = "mail.krypted.com" calendar:Scheduling:iMIP:Receiving:Type = "imap" calendar:Scheduling:iMIP:Receiving:Username = "krypted" calendar:Scheduling:iMIP:Receiving:Password = "Mitroae123" calendar:Scheduling:iMIP:Receiving:Port = 993 calendar:DataRoot = "/Library/Server/Calendar and Contacts/Data" calendar:EnableCardDAV = no calendar:SSLPort = 8443 calendar:LogLevels = _empty_dictionary calendar:DirectoryAddressBook:params:queryUserRecords = no calendar:DirectoryAddressBook:params:queryPeopleRecords = no calendar:SSLPrivateKey = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.key.pem" calendar:EnableSSL = yes calendar:RedirectHTTPToHTTPS = yes calendar:EnableAPNS = yes calendar:EnableSearchAddressBook = no calendar:HTTPPort = 8008 One of the more common settings to configure is the port number that CalDAV runs on. To configure HTTP: sudo serveradmin settings calendar:HTTPPort = 8008 For HTTPS: sudo serveradmin settings calendar:SSLPort = 8443 You can then start the service using the start option: sudo serveradmin start calendar Or to stop it: sudo serveradmin stop calendar Or to get the status: sudo serveradmin fullstatus calendar Full status indicates that the three services are running: calendar:readWriteSettingsVersion = 1
calendar:setStateVersion = 1
calendar:state = "RUNNING"
calendar:contactsState = "RUNNING"
calendar:calendarState = "RUNNING" Once the Calendar server is configured, use the Calendar application to communicate with the server. Open the Calendar application and click on the Calendar menu and select Preferences. From the Preferences screen, click on Accounts to bring up a list of accounts. Here, click on the plus sign (“+”) to bring up the “Add an Account” screen. Calendar6 At the “Add an Account” screen, select Add CalDAV Account. Calendar7 CalDAV from the Account Type menu and then enter the User Name and password configured on the server, and add the address of the server if you don’t have any service records pointing to the server. The User Name is usually the name provided in Server app, followed by @ and then the address of the server. Calendar8 Once the server is configured it appears in the list of accounts in the sidebar of the Calendar app. Create calendars in the account and then to share a calendar, right-click on the calendar and click on Share Calendar… Calendar9 At the Share Calendar screen, provide the name the calendar should appear as to others and click on the plus sign (“+”) and enter any accounts to delegate administration to. Calendar10 Back at the Calendar Settings screen, use the settings to configure Availability and refresh rate of calendars, as seen above. Click on Server Settings to assign custom port numbers. Calendar11 Click on the Delegation tab to view any accounts you’ve been given access to. Calendar12 Use the Edit button to configure who has delegated access to calendars, as opposed to configuring subscriptions. Overall, the Calendar service in Yosemite Server is one of the easiest to configure. Most of the work goes into settings configured on client systems. This, as with Exchange, dedistributes administration, often making administration more complicated than with many other tools. But that’s a good thing; no one wants to access other peoples accounts, for calendars or mail for that matter, without those users knowing that it was done, as will happen when resetting passwords…

October 16th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , ,

The 10.7.2 to 10.7.3 update for Lion Server has introduced a few issues in some environments that I’ve seen. It just so happens that the update corrects a lot of behavior with Lion Server while also introducing new features, so it’s something you’re gonna’ need to do eventually. Therefore, before I update, I would strongly recommend backing up all of your services, your service data and Open Directory. Once you’ve run the 10.7.3 update, there are a few things that I’ve seen happen. The first is that the web server won’t start. If this happens, reset the web server back to factory default: serveradmin command web:command=restoreFactorySettings Once it’s reset, you should be able to import any data that was backed up before and get things back to normal. The second is calendar data. On a few different systems I’ve seen users have to nuke iCal and then reimport data. To nuke and pave iCal, see this post: http://krypted.com/mac-os-x-server/nukepave-ical-server-in-lion-server. Once iCal Server has been restored to full working order (after the last step in that article) you can use psql to restore your data from the location of your backups (here called /backup/caldav.sql): psql -U _postgres -d caldav -f /backup/caldav.sql There’s also a script located in /usr/share/caldavd/lib/python/calendarserver/tools called fix calendardata.py that can be used to scan and possibly fix any issues with the data itself. If that doesn’t not work though, you may be starting over. The script does not give root execute permissions by default and so you will need to chmod it to provide execute and then run it. If you nuke CalDAV and you nuke OD and then restore them both, the GeneratedUIDs can be mismatched. Use the Directory Editor in the new Directory Utility to browse users and attach the GeneratedUID back to the correct entry in CalDAV. To locate all of the entries in CalDAV, run: psql -U _postgres caldav -c “select * from calendar_home" If Profile Manager won’t load it could be one of three issues (in the following order seemingly). The first is the web server, which the first command will fix. Another issue I’ve seen is that Open Directory gets a little messed up. The fix for this is to use Server Admin (not slapconfig) to burn OD down and set it back up. You can then promote replicas and finally restore the archive you did before upgrading the server. The third is to reset the Profile Manager database using wipeDB.sh: sudo /usr/share/devicemgr/backend/wipeDB.sh After wiping the data, you can re-run the setup in Server app for the Profile Manager service to restore an empty Profile Manager instance to working order. You can restore data into the empty Profile Manager database using the same commands I showed earlier for CalDAV, just use devicemgrd instead. Note: I am pretty sure you need sudo for most every command I use on this site, but more specifically you need it with this stuff. So sudo is assumed if not explicitly stated. Finally, be on the lookout for custom designs in the Wiki interface. OS updates are known to change things, but more specifically when things are not documented they can easily change. Hacking the pages nested within /usr/share/collabd is basically not supported any more. Each OS update to 10.7 has broken some of the hacks we’ve done to collabd, making me wonder whether it’s a good idea any more… Note2: I have had little issues running these updates in walled gardens. It’s production data that is the problem. It seems that most of the issues are data driven (the opposite of data driven design is not devops driven design).

March 6th, 2012

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , , , , ,