The Adventures of Systems Boy!

Confessions of a Mac SysAdmin...

Publishing iCal Calendars via Mac OS X Server

So a lot of people are familiar with my articles on publishing iCal calendars to the 'net with box.net. But it turns out that I also have to provide iCal publishing for staff on our internal network, and I do this using a Mac OS X server. Recently, after rebuilding my server, I had some problems with it and had to set it all up again after not having done it in quite some time. It's pretty easy, but there's one snag I got hung up on. We'll get to that in a minute. But first let's run through the steps to set this up.

First and foremost, setting up iCal publishing on Mac OS X Server requires the web server to be running. This can easily be done with the flick of a switch in the Server Admin application. But before we start the service, let's make all our settings. The first thing we need to do is set the root folder for our site. Now in my situation I'm not actually doing any web serving. All I'm doing is calendar serving, and only on our internal network, and that's all I'll describe here. The standard site root folder in Mac OS X Server is /Library/WebServer/Documents. To make things a bit cleaner and easier I'll put all my calendars in a subfolder of this called "calendar," and since that's all I'm serving I'll make that my site root: /Library/WebServer/Documents/calendar. I've given my site a name — systemsboy.com — and manually set the IP address. Otherwise I've left everything alone.


Server Admin: General Web Settings
(click image for larger view)

Next up we want to set some options. WebDAV is, of course, key to all this. Without it the calendars can't be served in a form we like. So turn on WebDAV. I've also left Performance Caching on and turned everything else off. Again, this is just for serving calendars.


Server Admin: Web Options
(click image for larger view)


Finally, we need to set up our "realm" which is a place where WebDAV/calendar users can share files. To do this, first add a realm to the first box on the left there by clicking the big plus sign beneath it. Give the realm a name, and give it the path to the calendar folder we set as our site root. I am just using "Basic" authentication as this is only going on our internal network and security isn't a big concern in this instance. Once your realm is set up, save the changes and then add some users or a group to the boxes to the right of the realm box. In my setup I added a group called "icalusers" which contains all the users who need to and are permitted to share calendars. I've set the group to be allowed to browse and author. This is necessary for users to read from and publish to the server respectively. You can do the same with individual users in the upper box. Once you've got that set up, save your changes and start the web service.

Server Admin: Realms
(click image for larger view)


That's pretty much it, except for one crucial thing: permissions. I always seem to forget this, but permissions on the calendar folder must be properly set. Since WebDAV permissions are handled by the web server, the proper way to set this up is to give the user that runs the web server ownership and read/write access to the calendar folder. In most cases that user is called www. It's probably a good idea to give group ownership over to the www user as well. So before this will work you need to run:

sudo chown www:www /Library/WebServer/Documents/calendar

To set the ownership to www, and:

sudo chmod 770 /Library/WebServer/Documents/calendar

To give said user full access to the folder.
[Updated to reflect user comments. See note at end of article for details. -systemsboy]

Once that's done, just start the web service in the Server Admin application by selecting the "Web" service in the far left-hand column and pressing the big green "Start Service" button in the app's toolbar. You should now be able to publish and subscribe to calendars on your Mac OS X Server from iCal. The publishing URL for my example would look something like this:
http://systemsboy.com

And subscribing to the calendar, where "Birthdays" is the calendar name, would look like:
http://systemsboy.com/Birthdays.ics

Simple, right? Yeah, I thought so too. Just watch those permissions! Bites me every time.

NOTE:
I had originally reported that permissions for the calendar folder should be set to 777. A couple readers pointed out in the comments section that this is not the case. I have edited this article to reflect their suggestions which are a much better solution than my original one.

Thanks, guys, for pointing that out! Really good to know!

Labels: , , , ,

« Home | Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »

12:38 AM

You don't need to open up permissions like that.

You just need to make sure that the user the web server runs as (www) has read/write access, as all WebDAV permissions go through the web server.

The easiest way to do this is to set up a filesystem ACL for the calendars folder and give www full access.

Now if you want to stop users browsing the calendar folders via AFP.... then you need to remove permissions for that directory from the users themselves. This is actually a good idea, as it stops users deleting their calendars and then wondering why other people can't see them...

I tend to make calendars folders owned by 'www', group 'www', and give them permissions of 770.    



2:50 AM

As the only reader of this blog, ;) I'd like to agree with Nigel. Well except about the ACLs, I hate ACLs.. he he.... Ya, anyway, i love the iCal server feature! ever since they introduced it into 10.3 Panther server. Back then working in a large pc/mac school it kinda worked, but everyone pined for some magic group calendar function which we might finally get with leopard. Finally, www, fer sure, is the rightful owner of all those tiny ics files... Hmm. I sound really drunk, but it must be the sleeplessness from being a sysadmin and the father of a newborn. Finally, something harder to figure out and more complicated to explain than a crazy computer, a screaming baby girl... He he... Gotta love it when she smiles, then wants a new nappy. :P    



2:55 AM

Okay fellas. Will try it in the morning and append or update the article if it works (which I'm sure it will, it being the one thing I don't think I tried).

Thanks for the info.

And matx, congratulations on the baby!

-systemsboy    



12:46 PM

Nigel/Matx,

Tried this and it worked! Thanks!

I will update the article to reflect this new info.

-systemsboy    



3:17 PM

I have done everything as described, but it just won't work:-(

I have setup the site, turned on WebDAV, created the realm and set the permissions for www to 770.

But when I try to publish from iCal i get an error message like this:

"Server is currently unreachable or its name(xxx.xxxxxx.xx) is invalid"

Any ideas?    



3:53 PM

Anonymous,

Well, I notice that I don't really include the step to actually turn on the web service at the end of my tutorial (though I do mention it towards the beginning). Probably should stick that in there 'round the end as a reminder.

So, have you turned on the web service? To do so, select the "Web" service from the left-hand pane of the Server Admin window, then click the "Start Service" button in the toolbar at the top of the window.

If that's not your problem, you might try connecting via the IP address of the server. If you can connect via IP, but not via name, you most likely have a DNS problem. Make sure DNS is functioning correctly on your network.

This all assumes that your server is actually on the network. Make sure, of course, that you can connect to your server over your network in other ways as well. Can you ping it, etc.? If not, check the network connections and whatnot.

Also, be sure there's at least one user (the one you're connecting as) that has been granted authoring permissions for the realm (as per instructions in the article).

Finally, if things just won't work, sometimes a reboot helps, if you're able to do so, though I've never personally needed to reboot to get calendar sharing working. Still, always worth a shot.

Let me know if any of that gets things working for you.

-systemsboy    



3:55 PM

I've updated the article with an explicit instruction to actually start the web service.

-systemsboy    



4:13 PM

Thank you for the quick reply:-)

Yes, web service is on. Connecting through the IP didn't help. I can ping it without any problems.

My users has the right permissions for the realm and I have even trying rebooting.

But nothing helps...

I added the site in my DNS settings, which by the way isn't managed through the Max OS X server, but another server. Should I make any changes to DNS on the Mac OS X Server?

Thanks again    



4:39 PM

A couple other things to try:
• Make sure the firewall is either off or set to allow calendar publishing (port 80 must be open) on BOTH the client and the server.
• Check to be sure that the needed web modules are on (the default set always worked for me, and I don't remember the exact ones, but they're fairly self-explanatory) on the web server.
• Check to be sure you're not using any sort of authentication for your realm except "Basic" (this setting found by double-clicking the realm in the "realms" tab).
• Check the web server logs for hints at the problem.
• You can also try connecting to the server via a browser and/or via the Finder to troubleshoot, like so, I beleive:
http://your.server

That's all I can think of right now. I'm not in front of a server 'til next week, but I'll take a closer look when I get back to the office, if you haven't figured this out yet.

Good luck.

-systemsboy    



4:41 PM

Oh, and no, DNS does NOT have to be active on the Mac OS X Server itself. But it does need to be properly set up on the network.

-systemsboy    



5:40 PM

Now it WORKS:-)

I think it was the DNS server, that just had to update with my new iCal domain.

Thanks you so much for all your help!    



12:57 AM

Excellent! No problem.

-systemsboy    



3:45 PM

THanks for such a concise tutorial. However, I'm still having problems. I'm using Mac OS X Server 10.3.9. After following your instructions, iCal gives me the following error when I try to post a calendard:

"http://'username@address here'/'calendar name' is not a valid location for this request."

I've set the permissions as you said, but I still cannot post. What am I doing wrong?    



2:30 PM

Not sure what the problem is. I've never gotten that error before, but it sounds like you may be entering the path to the calendar share location incorrectly. I can't tell without looking at or getting more detail about your setup. And I'm off work and away from any servers right now. You might try some of the advice listed in the previous comments, though.

Let me know what you discover.

-systemsboy    



5:49 AM

I've tried everything you explained but I keep getting this message: "http://'username@address here'/'calendar name' is not a valid location for this request."

When I try to open the website wich I placed in the same folder everything works.

When I try to connect in the finder via http://the ip of my server I can't get a connection.

Software OS X server 10.4.8    



1:48 PM

Huh! That's very strange. Other people appear to be having a similar issue. Unfortunately, as I'm not able to reproduce the error, I'm not much help. I would suggest reading and trying the other suggestions in this thread. If none of them work for you, you might head over to Apple's discussions forums:
http://discussions.apple.com/index.jspa

There are also a few other good sites that might be of some help, particularly AFP548:
http://www.afp548.com/

Sorry I can't figure this out. If someone finds the solution, I'd really appreciate it if they'd post it here.

Thanks!

-systemsboy    



11:25 PM

I setup our OSX Server's (10.4.x) WebDav using your instructions ... MANY THANX! All worked great ... well almost.

We have a static IP at our office and I had our hosting company (totalchoicehosting) create a subdomain for that IP address. However, we are unable to publish to our server via the subdomain outside of our LAN. We can publish internally to it (after setting up our internal DNS w/ the subdomain name), and we can subscribe both internally and externally via the subdomain. The only external publishing we can do is using our static IP.

When we try to publish externally w/ the subdomain name we get this error: Publish failed for calender "Test" Calendar http://-username-@-subdomain-/Test.ics could not be found.    



11:47 PM

Hmmm... It's like stump the sysadmin week.

This is almost definitely a DNS issue. If you can publish via IP address, but not via name, it almost has to be DNS. Either something is wrong with the DNS setup on the external network, or DNS simply hasn't propagated to the whole of the internet yet. This can take a few days on the web, but, of course, is immediate on your LAN, which would explain why you can publish from the LAN but not outside it.

The other possibility is that whatever client machine you're trying to publish from needs its DNS cache flushed. The easiest way to do this is to reboot. If you want to be geeky-cool, the command is:
sudo lookupd -flushcache

Hope this helps.

-systemsboy    



12:47 AM

(blog name was ron, just changed my account prefs to MacHead) A few more tidbits of info: It seems like the DNS changes have propagated enough for that not to be the problem; typing the domain into Safari gets me to the right place.

As for my client machine, I rebooted it, but it didn't seem to help.

I'll keep investigating and will keep you posted if anything develops ... and let me know if you have any more ideas.    



9:48 PM

test
I've posted before and nothing apeared    



9:52 PM

I did everything but cannot connect to the server.

I get permissions error every time.

The name "systemboy.com" and IP in the article, where do they come from?

There is some information missing somewhere.

Jacques    



11:44 AM

The name "systemsboy.com" is the domain name I've assigned to my iCal server. It's pretty arbitrary in this case. It could really be anything, but it will be the domain name that the server uses to broadcast the iCal service. If you're at a loss, I suggest using your server name, like so:
myserver.com

And when people tune into your iCal server, they do so at that domain:
http://myserver.com/mycalendar.ics

The IP address is, of course, the IP address of the iCal server. The IP address of the server you are configuring right now.

Hope that helps. If you're having permissions problems, be sure permissions are set properly for you calendar folder as per the section on permissions in the article.

-systemsboy    



10:43 AM

On my server it turns out the PHP module "dav_module" was unchecked in the Modules tab. Turning this on fixed the "not a valid location" problem. Hope that helps someone save 30 minutes of fiddling around!    



2:07 PM

Hey, thanks for that info. Could potentially be very useful.

(But wouldn't it be nice if, when setting the iCal server up, the Server Admin app automatically enabled the necessary modules? Yeah, it would. Oh well.)

-systemsboy    



9:22 PM

in case anyone else is looking for answer to the dns...on a local net without dns configed I got to it after turning on the dav_module by using http://server.local/xxx.com

worked like a breeze then.    



10:03 AM

Shweet! Thanks!    



11:53 AM

I was having a lot of trouble publishing from iCal to my Mac OS X server so I uplodad an ics file manually and tried to subscribe.

An attempt to subscribe to this calendar:

http://myserver.com/Library/CalendarServices/Documents/UK_Holidays.ics

Fails with a 'file not found' type message. On the server, web error log shows this:

[Thu Nov 22 16:46:20 2007] File does not exist: /Library/WebServer/Documents/Library

... suggesting that the web server is re-routing all incoming http requests to /Library/WebServer despite my explicit path given in the subscription.

Any idea how to sort this? (Mac OS X Server 10.5)

Benet    



9:30 PM

Benet,

Yes, the server is routing requests to the site root folder. That's normal. The problem is, in fact, that explicit path you've got going on. You can't call the calendar using the full path to the file. The Calendar Server expects the URL to the calendar file, which does not include the path to the site root. (This is true on web servers as well.) So you should call the calendar like this:
http://myserver.com/calendar.ics

As per the instructions in my article.

Mind you, I have not tried Leopard Server, and there could be changes I'm not aware of, but that is the standard behavior.

Let me know if this works out or if you find a solution.

-systemsboy    



4:23 PM

New reader here . . . and your instructions helped me publish to my server, thanks!
One problem: When I go to my webpage and navigate to the calendar, it errors: Error from server: Error processing calendar data (210).
Can anyone help on this? Much appreciation.    



2:10 PM

Has anyone solved that issue where when trying to publish it has the "http://user@server.com/file.ics is not a valid location for this request" error?

I can go into safari and type in the server.com address and it brings up the index.html file I stuck in for testing. If I enter the wrong password when trying to publish it will say that authentication failed so it is checking accounts.

Everything seems to be working fine, except publishing iCal... I'm not really a computer tech person, I know more than the average user, so, trying to figure this out and likely missing something somewhere. I am running OSX Server 10.4.11. Thanks    



6:24 AM

This comment has been removed by the author.    



6:53 AM

Hi all!
Just followed this great guide and everything WORKS! Great job, systemsboy!
On the way I've encountered the "..is not a valid location for this request" error when sharing icalendar, so few things to consider:
- check the permissions, as explained in this guide
- be sure you check "Enable" the Site you've created in the Server Admin
- be sure where your document root is
- domain name will work only when DNS is set up correctly. Using IP address when on internal network always works :)
Good luck!
Martin    



» Post a Comment