OS X Server: Enabling Calendar service access for users of Active Directory or third-party LDAP servers
Learn about enabling Calendar service access for users of Active Directory or third-party LDAP servers.
Lion Server, Mac OS X Server 10.5, Mac OS X Server 10.6, OS X Server (Mountain Lion), Active Directory
The Calendar service in OS X Server uses the MD5 Digest authentication method by default. This does not allow users to log into the Calendar server using Active Directory credentials. Apple recommends that Kerberos be configured for Active Directory users.
For customers who require a non-Kerberos solution to support Active Directory users, cleartext authentication can be enabled for the Calendar service, as described below.
For customers who choose to use cleartext authentication, Apple strongly recommends the use of SSL to provide a more secure environment.
To enable cleartext authentication in the Calendar server, execute the following series of commands in the Terminal.
Note: In OS X Server (Mountain Lion) or Lion Server, changes made to the authentication methods in the Calendar or iCal service will also be applied to the Contacts or Address Book service.
- To enable cleartext authentication, use this command:
sudo serveradmin settings calendar:Authentication:Basic:Enabled = yes
- To disable digest authentication, use this command:
sudo serveradmin settings calendar:Authentication:Digest:Enabled = no
- Restart the iCal server:
sudo serveradmin stop calendar sudo serveradmin start calendar
- If using OS X Server (Mountain Lion) or Lion Server, restart the Address Book server:
sudo serveradmin stop addressbook sudo serveradmin start addressbook
After restarting both the Calendar service and the Contacts service, support for cleartext and Kerberos authentication methods will take effect.