Use Resources with SOGo
Since version 1.3.7 SOGo supports the management of resources like meeting rooms or beamers. A resource has, just like a person, a calendar, an email address and may be invited to events. The big difference is that resources auto accept invitations.
Configure resources with OpenLDAP
LDAP needs a new scheme for resources: calendarResource which is defined in this IETF draft. (It is not final right now) You also need the parent class for it calEntry which is defined in RFC 2739.
Martin Lehman contributed a calendarResource.schema file on the mailinglist (or use the attached version of calresource.schema). There is a modified schema for calEntry from openLDAP, which allows to use Unicode URLs instead of ASCII URLs only (or use the attached version of it calentry.schema). Configure your LDAP server to use these schema files. Then use your favorite LDAP tool to add some resources:
dn: uid=meetingroom,ou=resources,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: CalendarResource objectClass: calEntry cn: Big Meetingroom sn: Meetingroom displayName: Example Big Meetingroom givenName: Big Kind: location mail: meetingroom@example.com Multiplebookings: 1 uid: meetingroom
There are several things to note:
The object classes in use:
CalendarResource and calEntry for Multiplebookings and Kind
person, organisationalPerson and inetOrgPerson for cn, sn, givenName, displayName, mail and uid
required fields are uid, mail, Multiplebookings and Kind.
optional but recommended fields are:
for easier searching: cn, sn and givenName
for displaying in addressbook: displayName
when searching in addressbook, SOGo will search in mail, displayName, cn, sn and givenName where it will try to match strings from the beginning (ie 'me' will match 'meetingroom' but 'roo' won't match).
In case you are using the same LDAP container (e.g. ou=people,dc=example,dc=com) as for your users (which is recommended because Lightning may only use one of SOGo's address sources for auto completion) you do not need to change anything in your configuration as SOGo will automatically detect a resource by objectClass: CalendarResource.
specifying MultipleBookingsFieldName in GNUStepDefaults is required. Defining KindFieldName is optional. They must be placed under SOGoUserSources.
Be sure that the resource has set at MINIMUM "View Time and Date" for "All Authenticated Users" is set in ACL.
Configure resources with Active Directory / Samba ≥ 4
It is possible to put calendarResource objects into an Active Directory, since it is essentially just another LDAP server. On the SOGo Configuration side, all notes in the OpenLDAP section above apply to Active Directory. However, extending the LDAP schema to include the necessary object types works differently. The schema definitions from RFC 2739 and draft-cal-resource-schema-03 clash with the default Microsoft schema in more than just one way. Additionally, AD wants schema extensions in the form of LDIF files - so the OpenLDAP schema files are not very helpful.
Samba ≥ 4 testing has been minimal so far
If using Samba ≥ 4, please ensure you create a backup first. Once attributes and objectClasses are created, removing them is complex.
Before you start
If not using Samba, Make sure your "Domain Functional Level" and "Forest Functional Level" on your AD Domain Controller is set to at least "Windows 2003". The new calendar object definitions require dynamic auxilliary classes, which is not supported in earlier versions. How to check this.
- Test your changes on a virtual machine, and backup your domain controller before you deploy any schema extensions. AD is extremely picky about definitions and syntax, and Microsoft made it impossible to delete schema objects, so if you get it wrong the first time, you'll have a lot of fun patching your mistakes. Use the LDIF files in this article at your own risk.
Adding the calEntry schema
RFC2739 defines calendar attributes for vCard and LDAP. For unknown reasons, it uses OID values from the ISO USA Microsoft tree (1.2.840.113556) that clash with existing OIDs used within Active Directory. However there is a newer IETF draft that proposes a differend OID range which resolves the conflict.
This series of LDIF files (calentry-schema-1.ldif, calentry-schema-2.ldif) contains the necessary changes, all you need to do is fill in the correct root DN for your domain and import each file on the commandline using ldifde -i -j . -f /path/to/file.ldif if under Windows, or else ldbmodify -v -H /var/lib/samba/private/sam.ldb /path/to/file.ldif (assuming your SAM database lives under /var/lib/samba/private/; adjust to taste). You may have to restart samba after applying each file, if you are using ldifde (you will get errors about mayContain: if so).
Adding the CalendarResource schema
The Calendar Resource IETF Draft defines an Attribute called "Categories". Being a rather generic name, it's not surprising an attribute object by that name already exists in the AD schema. Since both are essentially text fields in different encoding formats, we could try and re-use Microsofts attribute - but since SoGo does not use this field anyways, we're on the safer side to either remove or rename it.
This series of LDIF files (calresource-schema-1.ldif, calresource-schema-2.ldif, calresource-schema-3.ldif) contains a Calendar Resource schema extension which has the "Categories" attribute renamed to "calCategories" to work around the conflict. This may cause incompatibilities with other tools, so use it with care. Again, all you need to do is fill in the correct root DN for your domain and import each file on the commandline using ldifde -i -j . -f /path/to/file.ldif if under Windows, or else ldbmodify -v -H /var/lib/samba/private/sam.ldb /path/to/file.ldif (assuming your SAM database lives under /var/lib/samba/private/; adjust to taste). You may have to restart samba after applying each file, if you are using ldifde (you will get errors about mayContain: if so).
Adding a new Resource
We should now be ready to add the resources we need now. This example ((add-resource.ldif) adds an extra organisational unit "Resources", and a meeting room. You can view Resources in the ADSI Editor, but you will only be able to view and edit the fields corresponding to the User class. If you want to edit the Resource-Specific attributes, you will have to use LDP or any other LDAP editor.
Configure resources with SQL databases
SOGo user source (in SOGo config) must be defined with KindFieldName and MultipleBookingsFieldName. Example:
su sogo defaults write sogod SOGoUserSources '({canAuthenticate = YES; displayName = "SOGo Users"; id = users; isAddressBook = YES; type = sql; userPasswordAlgorithm = md5; viewURL ="mysql://us:pw@127.0.0.1:3306/sogo/sogo_users"; KindFieldName = kind; MultipleBookingsFieldName = multiple_bookings; })' defaults write sogod SOGoCalendarDefaultRoles '("PublicDAndTViewer","ConfidentialDAndTViewer","PrivateDAndTViewer")'
The last line for SOGoCalendarDefaultRoles is not necessary, but if you do not configure it in SOGo config, you must configure explicit ACL for meeting room calendar:
- either as login as "meeting room" user and set ACL that everybody can see Date and Time (for meeting room calendar).
- either as SOGo admin user and set ACL (Administration section) that everybody can see Date and Time (for meeting room calendar).
Pay attention that you MUST configure minimum Date and Time Viewer ACL for meeting room calendar, otherwise resource will not work. You might receive the error: "cannot access resource ... " when you attempt to include meeting room as Invitee.
Example of DB SOGo users schema and inserting one resource:
CREATE TABLE sogo_users (c_uid VARCHAR(128) PRIMARY KEY, c_name VARCHAR(128), c_password VARCHAR(32), c_cn VARCHAR(128), mail VARCHAR(128), kind VARCHAR(100), multiple_bookings int); INSERT INTO sogo_users(c_uid, c_name, c_password, c_cn, mail, kind, multiple_bookings) VALUES ('room1', 'room1', MD5('room1'), 'Meeting room1', 'room1@example.com', 'location', 1);
Following bash script could be used for creating resources:
#!/bin/bash # this script adds a resource user to sogo read -p "Username: " username read -p "Password: " password read -p "Full name: " name read -p "E-mail: " email # create user in mysql: output=`mysql -uroot <<EOD use sogo; INSERT INTO sogo_users(c_uid, c_name, c_password, c_cn, mail, kind, multiple_bookings) VALUES ('$username','$username',MD5('$password'),'$name', '$email', 'location', 1); EOD`