On Wed, Oct 01, 2008 at 04:24:58PM -0700, Ben Poliakoff wrote: > Alright I see what's going on. The NssDirectoryService is required by > the DirectoryService class to support three methods: > > recordTypes() > listRecords() > recordWithShortName() Thanks for debugging this! Now that we knew that the xml service works I was about to let you add debug code that prints out the users found in listRecords but you found out yourself already.
> My server is configured to use files and LDAP for NSS calls. We have > several thousand users in our LDAP directory and implement the default > limit of 500 search results. As a result 'getent passwd' returns > a subset of all valid accounts (not including the 'benp' account). Yes, the nss service is basically meant for smaller installations as a quick means of not having double account maintenance, it's far to slow for that many users (calendarsever itself will have problems with this itlself - at least in 1.2). This can be used if only a few users need a calendar: add an hasCalendar attribute to every PosixAccount and filter in libnss-ldap by using the nss_base_passwd base?scope?hasCalendar=True (in case you use a separate machine for the calendar server). I'm doing something similar to cut down on the number of groups being looked at. > I think I might take a stab at writing a generic LDAPDirectoryService > using your NssDirectoryService as an example. There's already code in the calendarserver.org bugtracker for that. It might be worth testing it out and reporting back. > So in the end this isn't really a bug with NssDirectoryService; but it's > probably worth noting in the documentation that NssDirectoryService will > only work properly within an environment where *all* valid users can be > retrieved via the equivalent of 'getent passwd'. I'll add that, thanks. > Sorry for the trouble, and thanks for your time! Thanks for debugging this. -- Guido -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
