Configuring Calendar Server in Yosemite Server is a fairly simple and straight forward process. The Calendar Server is a CalDAV Server, leveraging HTTP and HTTPS, running on ports 8008 and 8443 respectively. To enable the Calendar service in Yosemite Server, open the Server application and click on Calendar in the SERVICES section of the sidebar.
Once open, click on Edit to enable email notifications of invitations in the Calendar Server. Provide the email address and then click on the Next button.
At the Configure Server Email Address screen, provide the type of incoming mail service in use, provide the address of the mail server and then the port number used, if not a standard port for HTTPS-based IMAP (or POP if you’d prefer), the user name and the valid password for the account. Then click on the Next button.
At the outgoing mail server screen, provide the Outgoing Mail Server address, the port, whether or not SSL is in use (it should be if possible), the password protocol, the user name and the password. Then click on the Next button.
At the Mail Account Summary screen, review the settings and if correct, click Finish. Back at the service configuration screen, click on the plus sign (“+”) and provide a type of location, an address, a delegate, a name for the location, whether or not invitations to the resource are accepted and then enter the account name for any accounts that can manage the location’s calendar (they will auto-complete, so there’s no need to remember users and groups exactly). Click Done to complete the setup. Use the Resource setting in type to configure a resource instead of a location. The two are the same, except the Type field.
There are a number of settings that can also be configured. But those are exposed only at the command line. To configure them, open the command line and then review the list of Calendar service settings using the list option of the serveradmin command:
sudo serveradmin settings calendar
There are a number of settings for the Calendar service, including the following:
calendar:SSLCertificate = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.cert.pem"
calendar:EnableCalDAV = yes
calendar:Notifications:Services:APNS:CardDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.cert.pem"
calendar:Notifications:Services:APNS:CardDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.key.pem"
calendar:Notifications:Services:APNS:CardDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.chain.pem"
calendar:Notifications:Services:APNS:CalDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.cert.pem"
calendar:Notifications:Services:APNS:CalDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.key.pem"
calendar:Notifications:Services:APNS:CalDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.chain.pem"
calendar:Notifications:Services:APNS:Enabled = yes
calendar:SSLAuthorityChain = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.chain.pem"
calendar:DefaultLogLevel = "warn"
calendar:Authentication:Digest:Enabled = yes
calendar:Authentication:Digest:AllowedOverWireUnencrypted = yes
calendar:Authentication:Kerberos:Enabled = yes
calendar:Authentication:Kerberos:AllowedOverWireUnencrypted = yes
calendar:Authentication:Wiki:Enabled = yes
calendar:Authentication:Basic:Enabled = yes
calendar:Authentication:Basic:AllowedOverWireUnencrypted = no
calendar:ServerHostName = "mavserver.takecontrolbooks.com"
calendar:Scheduling:iMIP:Sending:UseSSL = yes
calendar:Scheduling:iMIP:Sending:Server = "mail.krypted.com"
calendar:Scheduling:iMIP:Sending:Address = "email@example.com"
calendar:Scheduling:iMIP:Sending:Username = "admin"
calendar:Scheduling:iMIP:Sending:Password = "Mitroae123"
calendar:Scheduling:iMIP:Sending:Port = 465
calendar:Scheduling:iMIP:Enabled = yes
calendar:Scheduling:iMIP:Receiving:UseSSL = yes
calendar:Scheduling:iMIP:Receiving:Server = "mail.krypted.com"
calendar:Scheduling:iMIP:Receiving:Type = "imap"
calendar:Scheduling:iMIP:Receiving:Username = "krypted"
calendar:Scheduling:iMIP:Receiving:Password = "Mitroae123"
calendar:Scheduling:iMIP:Receiving:Port = 993
calendar:DataRoot = "/Library/Server/Calendar and Contacts/Data"
calendar:EnableCardDAV = no
calendar:SSLPort = 8443
calendar:LogLevels = _empty_dictionary
calendar:DirectoryAddressBook:params:queryUserRecords = no
calendar:DirectoryAddressBook:params:queryPeopleRecords = no
calendar:SSLPrivateKey = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.key.pem"
calendar:EnableSSL = yes
calendar:RedirectHTTPToHTTPS = yes
calendar:EnableAPNS = yes
calendar:EnableSearchAddressBook = no
calendar:HTTPPort = 8008
One of the more common settings to configure is the port number that CalDAV runs on. To configure HTTP:
sudo serveradmin settings calendar:HTTPPort = 8008
sudo serveradmin settings calendar:SSLPort = 8443
You can then start the service using the start option:
sudo serveradmin start calendar
Or to stop it:
sudo serveradmin stop calendar
Or to get the status:
sudo serveradmin fullstatus calendar
Full status indicates that the three services are running:
calendar:readWriteSettingsVersion = 1
calendar:setStateVersion = 1
calendar:state = "RUNNING"
calendar:contactsState = "RUNNING"
calendar:calendarState = "RUNNING"
Once the Calendar server is configured, use the Calendar application to communicate with the server. Open the Calendar application and click on the Calendar menu and select Preferences. From the Preferences screen, click on Accounts to bring up a list of accounts. Here, click on the plus sign (“+”) to bring up the “Add an Account” screen.
At the “Add an Account” screen, select Add CalDAV Account.
CalDAV from the Account Type menu and then enter the User Name and password configured on the server, and add the address of the server if you don’t have any service records pointing to the server. The User Name is usually the name provided in Server app, followed by @ and then the address of the server.
Once the server is configured it appears in the list of accounts in the sidebar of the Calendar app. Create calendars in the account and then to share a calendar, right-click on the calendar and click on Share Calendar…
At the Share Calendar screen, provide the name the calendar should appear as to others and click on the plus sign (“+”) and enter any accounts to delegate administration to.
Back at the Calendar Settings screen, use the settings to configure Availability and refresh rate of calendars, as seen above. Click on Server Settings to assign custom port numbers.
Click on the Delegation tab to view any accounts you’ve been given access to.
Use the Edit button to configure who has delegated access to calendars, as opposed to configuring subscriptions.
Overall, the Calendar service in Yosemite Server is one of the easiest to configure. Most of the work goes into settings configured on client systems. This, as with Exchange, dedistributes administration, often making administration more complicated than with many other tools. But that’s a good thing; no one wants to access other peoples accounts, for calendars or mail for that matter, without those users knowing that it was done, as will happen when resetting passwords…
krypted October 16th, 2014
Mountain Lion Server comes with a few new alerting options previously unavailable in versions of OS X. The alerts are sent to administrators via servermgrd and configured in the Server app. To configure alerts in Mountain Lion Server, open the Server app and then click on Alerts in the Server app sidebar. Next, click on the Delivery tab.
At the Delivery screen, click on the Edit button for Email Addresses and enter every email address that should receive alerts sent from the server. Then click on the Edit button for Push Notifications. Here, check the box for each administrator of the server. The email address on file for the user then receives push notifications of events from the server.
Click on OK when you’ve configured all of the appropriate administrators for alerting. Then, check the boxes for Email and Push for each of the alerts you want to receive (you don’t have to check both for each entry). Options include:
Some of these settings can be configured a little more granularly. For example, by default the disk space alert is sent when there is only 5% of the free space available on the server. To increase this to 10, edit the serveradmin settings to swap info:notifications:diskFull:freeSpaceThreshold with 10 rather than 5:
sudo serveradmin settings info:notifications:diskFull:freeSpaceThreshold = 10
To see a list of all notifications options run:
sudo serveradmin settings info:notifications
Which provides the following:
info:notifications:certificateExpiration:active = no
info:notifications:certificateExpiration:who = _empty_array
info:notifications:suAvailable:active = no
info:notifications:suAvailable:who = _empty_array
info:notifications:diskFull:active = no
info:notifications:diskFull:who = _empty_array
info:notifications:diskFull:freeSpaceThreshold = 5
Finally, as with previous versions of OS X Server, Mountain Lion Server has snmp built in. The configuration file for which is located in the /private/etc/snmp/snmpd.conf and the built-in LaunchDaemon is org.net-snmp.snmpd, where the actual binary being called is /usr/sbin/snmpd (and by default it’s called with a -f option). Once started, the default community name should be COMMUNITY (easily changed in the conf file) and to test, use the following command from a client (the client is 192.168.210.99 in the following example):
snmpwalk -On -v 1 -c COMMUNITY 192.168.210.99
krypted August 4th, 2012
In a constant search for achieving comment nirvana for the sites I manage, I was recently looking into integrating WordPress (and a couple of other CMS engines) with Facebook. The sites are setup to only allow authenticated users to comment and it just seemed like with all of the single-sign on technology out there that it just didn’t have to be so annoying. After installing the OpenID integration it seemed like there still had to be a better way to allow even more people to authentication. How about Facebook?
Facebook has done a lot of work on making their API one of the best in the social networking world. The initial implementation of FBML was a little clunky (a client was an early adopter) but it proved to be one of the things that set them apart from the competition. And the API doesn’t just allow for embedding objects into Facebook, it allows for extending Facebook out as well. One of the best examples of this is for authentication.
Which brings us to actually making it work. The first thing to do is go grab an API key. To do so, visithttp://www.facebook.com/developers/apps.php and click on Set Up New Application (orhttp://www.facebook.com/developers/createapp.php?version=new). Provide the domain name and any other required fields and out pops an API key and a secret. The API key will be exposed but the secret will act as a password of sorts, much the same way many other key exchanges function. Copy these and do not give them out.
Once you have your key, go to your WordPress site and log into the admin page. From there, click on Plugins and then click on Add New. Search for WP-FacebookConnect. Install the one from Adam Hupp and then locate it in your sidebar (it will say Facebook Connect). Click on it and then provide the API Key and Secret and click on Update Options.
Now that it the plugin is installed and configured it’s time to add it to your theme. This part is a little more tricky than most but it can be as simple as a single paste. Copy this into your clipboard:
<?php do_action(‘fbc_display_login_button’) ?>
Now click on Appearance back in the sidebar and then click on Editor. In the Editor scroll towards the bottom (usually) and locate the form that takes in the comments, which likely begins with:
Now paste it in immediately above or somewhere inside the form, which means somewhere below the first line but above the following:
Once done, open one of your pages and you should see the Connect with your Facebook Account icon so you can authenticate using Facebook. You can also move the text around in the box by moving between areas in the comments.php file (in the themes screen). If you don’t see the Facebook icon then try accessing the site from another browser as you might still be logged into your administrative portal.
Finally, consider the strategy that you use for managing comments. You can still hold comments for approval, you can still approve once and give users unbridled commenting love and you can still scan comments for spam using one of the filters for doing so. That is according to you. But you now have an easy-to-authenticate to solution where visitors don’t have to sign up and get an email back, etc. But they can if you want, given that there are still at least 4 or 5 people (I believe they are in deep freeze somewhere) who don’t use Facebook, and you wouldn’t want to alienate them!
krypted January 28th, 2010
Posted In: WordPress
I originally posted this at http://www.318.com/TechJournal
Ever get an email from yourself that you didnâ€™t send? Ever get spam from someone that you canâ€™t reply to? Using the settings of an email program, it is possible to pretend to be anyone that you would like. If you want to send email from firstname.lastname@example.org then that is entirely possible. Finding the address of who actually sent email is easy, but ensuring the identity of the sender is not part of standard email.
This is where the protocols for PGP, Pretty Good Privacy, and GPG, or GNU Privacy Guard, come into play. GPG and PGP are Open Source suites of applications allowing senders to digitally sign outgoing emails in such a way that it is highly unlikely that anyone else could have sent the message. In order to use their digital signature senders are required to enter a password to send the message.
It is also possible to use GPG to encrypt email using a shared password. This allows for forcing a password to both send and receive the message. Encrypting messages ensures both the identity of the sender and the identity of the receiver. Anyone that intercepts a message in transit or finds the message on either system at a later date can open the message without the password to do so.
GPG and PGP provide strong encryption measures to ensure privacy over public mediums of messaging. Email is not the only use for this. GPG can also be used to encrypt a file before using transferring it using other methods such as FTP or the web. The commercial version of PGP can also be set up to encrypt certain instant messaging traffic and an entire hard disk.
krypted July 2nd, 2006