Enabling iCal Server access for users of Active Directory or third-party LDAP servers

Summary

In Mac OS X Server v10.5, 10.6, and Lion Server, the iCal server uses the MD5 Digest authentication method by default. This does not allow Active directory users to log into the iCal server using their Active Directory credentials. It is strongly recommended that Kerberos be configured for Active Directory users.

Products Affected

Lion Server, Mac OS X Server 10.5, Mac OS X Server 10.6, iCal server, Active Directory

For customers who require a non-Kerberos solution to support Active Directory users, cleartext authentication can be enabled for the iCal service, as described below.

For customers who choose to use cleartext authentication, Apple strongly recommends the use of SSL to provide a more secure environment.

To enable cleartext authentication in the iCal server, execute the following series of commands in the Terminal.

Note: In Lion Server, changes made to the authentication methods in the iCal server will also be applied to the Address Book server.
 

  1. To enable cleartext authentication, use this command:

        sudo serveradmin settings calendar:Authentication:Basic:Enabled = yes

  2. To disable digest authentication, use this command:

        sudo serveradmin settings calendar:Authentication:Digest:Enabled = no
     
  3. Restart the iCal server:

        serveradmin stop calendar
        serveradmin start calendar

  4. If using Lion Server, restart the Address Book server:

        serveradmin stop addressbook
        serveradmin start addressbook

After restarting both the iCal Server and the Address Book Server, support for cleartext and Kerberos authentication methods will take effect.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem