Oracle Calendar Server Administration
From Syscore
This page covers specific tasks required to administer the calendar server.
Contents |
Concepts
Server
The calendar server runs on cal4.core.umbc.edu. It has a secondary IP of cal1.umbc.edu that is DNS aliased to calendar.umbc.edu. The calendar server depends on an ldap server for account management and authentication. This server runs on ldap-master.umbc.edu on port 391, it has a standard base of dc=umbc,dc=edu.
The server is split between two major components, the calendar server itself and the associated web services (including the synch server and the web client).
Accounts
Shared Accounts
Resources
Public Groups
Tools
Calendar server accounts reside in two places. Name and authentication information is maintained in an ldap server hosted alongside the IDMS master server. The calendar data, along with a copy of the name and auth information is stored in the calendar server database. The calendar server tool uniuser is used for all administration of the calendar server database accounts. The tools lsearch and lmodify are used to administer ldap account information.
Uniuser
The uniuser command requires ORACLE_HOME be set. It is typically called as:
echo $CAL_PW | $ORACLE_HOME/ocal/bin/uniuser -n 12543 <commands>
Typical uniuser filters are:
- S=<last name>
- UID=<username>
- R=<resource name>
Lsearch
The lsearch command requires a ~/seclib/ldap_login.conf file. See the perldoc for more information. The calendar server login should be configured as Cal.
Lmodify
All of the lsearch notes apply to lmodify.
Tasks
Create a user account
Creating a calendar account should be done using the /oracle/scripts/create_calendar_account script. The script requires the environment variable CAL_PW be set. It also requires that an ldap login 'Cal' be configured in ~/seclib/ldap_login.conf.
The script creates an ldap entry in OID and calls uniuser to create an associated calendar account.
Rename a user account
Currently account username changes must still be done on the calendar server manually. Use lmodify to change the username. It's two separate changes, so that newline is important.
$ lmodify -l Cal dn: cn=OLD_USERNAME,ou=users,dc=umbc,dc=edu changetype: modify replace: uid uid: NEW_USERNAME dn: cn=OLD_USERNAME,ou=users,dc=umbc,dc=edu changetype: modrdn newrdn: cn=NEW_USERNAME
Delete a user account
A calendar account is deleted by simply calling uniuser:
$ORACLE_HOME/ocal/bin/uniuser -n 12543 -user -del "UID=<username>"
This deletes the calendar database account, all calendar entries, and the oid ldap user entry.
Create a resource
A resource is created by calling uniuser:
echo $CAL_PW | $ORACLE_HOME/ocal/bin/uniuser -n 12543 -resource -add "R=<resource name>/PSW=<resource password>"
If your resource name contains a '/', I don't think that there is any way to escape it. You can work around by omitting the '/PSW=...' and using lmodify to set the password.
Change a resource password
Passwords are changed using lmodify. Resource entries can be searched for using a cn=<resource name>.
$ lmodify -l Cal dn: cn=resource name,ou=Resources,dc=umbc,dc=edu changetype: modify replace: userpassword userpassword: newpassword
Passwords must be at least 8 characters long.
