By joesciallo on Jun 27, 2007
The technical note titled "Configuring Calendar Server for Connector for Microsoft Outlook" has been re-released to include new information about limiting directory browsing. The document is available at the following location:
The following information was added to the section titled Configuring Shared Calendar LDAP Lookup:
The above ACI may pose a security issue if restricted user information is stored in certain attributes, for example, dn, givenName, sn, uid, or mail. To restrict the browsing of the directory to only people making the queries from a specific Calendar Server, change the above ACI to something like:
aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail") (targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource))) (version 3.0; acl "Allow calendar users to read and search other users - product=ics,class=admin,num=3,version=1"; allow (search,read) (ip="220.127.116.11,127.0.0.1,18.104.22.168")and (userdn="ladp:///uid=\*,ou=People,o=sesta.com,o=usergroup");)
The IP addresses listed in the above ACI example (22.214.171.124, 127.0.0.1, and 126.96.36.199) are the IP addresses from which the Calendar Server makes the queries.