Apparently A fatal error has occurred Bind failed: Server is unwilling to perform is horde/LDAP’s way to tell me the password is wrong… great. So I re-entered the password that I have not changed in DAVdroid and it works now. Hope this helps anyone else who is lost like me.
Synology CalDAV reports write permissions for read-only calendars
-
Hi,
I have a calendar on my NAS that syncs just fine with Davdroid. But if I give read-only access (let’s say for my girlfriend) it fails to sync on android. Not even read works. iPhone can handle this.
Thanks in advance
Michael
-
Hello,
Thanks for this information. Or is there a question? If there is one, the actual question and further details would be useful.
-
@rfc2822 Sorry for being unclear.
The easy question is: How can I add a read-only calendar? Sync currently fails due to “write access denied”.
Samsung S5. Android 4.4 root. Synology NAS with CalDav.
If permission to calendar is set to r/w everything works fine.
Thank you.
-
When you set up the account, read-only calendars should be marked as read-only in the setup dialog.
Did you delete and add the calendar (= the account) again after changing the permissions?
-
@rfc2822 But I can’t find an option to tell DavDroid it’s a read-only calendar. Where is it?
Yes. I changed permission prior to account setup.
-
DAVdroid detects read-only calendars and flags them as read-only, so that you can’t insert/update its events.
Maybe you can provide detailed steps to reproduce? Did you already search the Synology forums for this?
-
@rfc2822 Maybe it detects them. But it doesn’t update them (not even reads them) saying “Sync error” and displays a comprehensive error message then. Access denied (of course).
-
@zoulhh Is there a “read-only” icon in the setup process next to the read-only calendars?
Also, I don’t know why, but I somehow think the error message could be useful.
Did you already search the Synology forums for this?
-
@rfc2822 No. I did not search the synology forum for a DavDroid issue. Also, I don’t know why, I think I posted the error message already. But for you, here it is again: Access denied.
Anyways, I think the problem can not be solved by you. You’re more in the putting-people-down stuff. So lets forget about it.
-
@zoulhh said:
@rfc2822 No. I did not search the synology forum for a DavDroid issue. Also, I don’t know why, I think I posted the error message already. But for you, here it is again: Access denied.
Please post the whole debug info – see [Please read before posting] What’s required to diagnose a problem. A two-word error message is not very helpful.
Anyways, I think the problem can not be solved by you. You’re more in the putting-people-down stuff. So lets forget about it.
It was not my intention to put anybody down, so if you feel like that, I’m sorry. Please understand that we get “bug reports” every day which don’t contain useful steps to reproduce, debug info, etc. Then I put effort into collecting all required information, and in most (of course not all) cases, it’s a configuration or server problem, so hours and hours of my time are wasted just because people don’t think it’s worth the time to make a useful bug report (not against you, but in general).
-
@rfc2822 I’m sorry too. I admit, I was pissed and unfair.
Ok, here’s what I did for testing:
I set up a calendar (named “Mick”) on the Synology NAS. It is located in a folder where user “Marion” has read-only access. User “Mick” has rw access.
I now added to accounts to my Samsung S5 mini using Davdroid. Both accounts point to calender “Mick”. The first account is user “Mick” and that works well. The second is “Marion” and it doesn’t sync. By the way, it is NOT marked as read only by DavDroid when adding it with the “Marion” account. The error occurs after user “Marion” edited a calendar entry made by user “Mick” (and DavDroid tries to sync it, which is not allowed of course).
And here comes the error message (after failed sync):
SYNCHRONIZATION INFO Synchronization phase: 4 Account name: MickCal Authority: com.android.calendar HTTP REQUEST: PUT https://zoulhh.ddns.net:5006/web/calendar/Mick/Mick/679b1103-c90c-4bd8-8ca3-2e467ff2b191.ics Content-Length: 3291 Content-Type: text/calendar;charset=utf-8 If-Match: "525d90c4f10a8" BEGIN:VCALENDAR[CR][LF] VERSION:2.0[CR][LF] PRODID:+//IDN bitfire.at//DAVdroid/0.9.1.2 ical4android ical4j/2.x[CR][LF] BEGIN:VEVENT[CR][LF] DTSTAMP:20151201T170224Z[CR][LF] UID:679b1103-c90c-4bd8-8ca3-2e467ff2b191[CR][LF] SEQUENCE:1[CR][LF] DTSTART;TZID=Europe/Berlin:20151201T174524[CR][LF] DTEND;TZID=Europe/Berlin:20151201T174524[CR][LF] SUMMARY:Testio[CR][LF] STATUS:CONFIRMED[CR][LF] ORGANIZER:mailto:MickCAL[CR][LF] BEGIN:VALARM[CR][LF] TRIGGER:-PT30M[CR][LF] ACTION:DISPLAY[CR][LF] DESCRIPTION:Testio[CR][LF] END:VALARM[CR][LF] END:VEVENT[CR][LF] BEGIN:VTIMEZONE[CR][LF] TZID:Europe/Berlin[CR][LF] TZURL:http://tzurl.org/zoneinfo/Europe/Berlin[CR][LF] X-LIC-LOCATION:Europe/Berlin[CR][LF] BEGIN:DAYLIGHT[CR][LF] TZOFFSETFROM:+0100[CR][LF] TZOFFSETTO:+0200[CR][LF] TZNAME:CEST[CR][LF] DTSTART:19810329T020000[CR][LF] RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU[CR][LF] END:DAYLIGHT[CR][LF] BEGIN:STANDARD[CR][LF] TZOFFSETFROM:+0200[CR][LF] TZOFFSETTO:+0100[CR][LF] TZNAME:CET[CR][LF] DTSTART:19961027T030000[CR][LF] RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU[CR][LF] END:STANDARD[CR][LF] BEGIN:STANDARD[CR][LF] TZOFFSETFROM:+5328[CR][LF] TZOFFSETTO:+0100[CR][LF] TZNAME:CET[CR][LF] DTSTART:18930401T000000[CR][LF] RDATE;VALUE=DATE-TIME:18930401T000000[CR][LF] END:STANDARD[CR][LF] BEGIN:DAYLIGHT[CR][LF] TZOFFSETFROM:+0100[CR][LF] TZOFFSETTO:+0200[CR][LF] TZNAME:CEST[CR][LF] DTSTART:19160501T000000[CR][LF] RDATE;VALUE=DATE-TIME:19160501T000000[CR][LF] RDATE;VALUE=DATE-TIME:19170416T030000[CR][LF] RDATE;VALUE=DATE-TIME:19180415T030000[CR][LF] RDATE;VALUE=DATE-TIME:19400401T030000[CR][LF] RDATE;VALUE=DATE-TIME:19430329T030000[CR][LF] RDATE;VALUE=DATE-TIME:19440403T030000[CR][LF] RDATE;VALUE=DATE-TIME:19450402T030000[CR][LF] RDATE;VALUE=DATE-TIME:19460414T030000[CR][LF] RDATE;VALUE=DATE-TIME:19470406T040000[CR][LF] RDATE;VALUE=DATE-TIME:19480418T030000[CR][LF] RDATE;VALUE=DATE-TIME:19490410T030000[CR][LF] RDATE;VALUE=DATE-TIME:19800406T020000[CR][LF] END:DAYLIGHT[CR][LF] BEGIN:STANDARD[CR][LF] TZOFFSETFROM:+0200[CR][LF] TZOFFSETTO:+0100[CR][LF] TZNAME:CET[CR][LF] DTSTART:19161001T010000[CR][LF] RDATE;VALUE=DATE-TIME:19161001T010000[CR][LF] RDATE;VALUE=DATE-TIME:19170917T030000[CR][LF] RDATE;VALUE=DATE-TIME:19180916T030000[CR][LF] RDATE;VALUE=DATE-TIME:19421102T030000[CR][LF] RDATE;VALUE=DATE-TIME:19431004T030000[CR][LF] RDATE;VALUE=DATE-TIME:19441002T030000[CR][LF] RDATE;VALUE=DATE-TIME:19451118T030000[CR][LF] RDATE;VALUE=DATE-TIME:19461007T030000[CR][LF] RDATE;VALUE=DATE-TIME:19471005T030000[CR][LF] RDATE;VALUE=DATE-TIME:19481003T030000[CR][LF] RDATE;VALUE=DATE-TIME:19491002T030000[CR][LF] RDATE;VALUE=DATE-TIME:19800928T030000[CR][LF] RDATE;VALUE=DATE-TIME:19810927T030000[CR][LF] RDATE;VALUE=DATE-TIME:19820926T030000[CR][LF] RDATE;VALUE=DATE-TIME:19830925T030000[CR][LF] RDATE;VALUE=DATE-TIME:19840930T030000[CR][LF] RDATE;VALUE=DATE-TIME:19850929T030000[CR][LF] RDATE;VALUE=DATE-TIME:19860928T030000[CR][LF] RDATE;VALUE=DATE-TIME:19870927T030000[CR][LF] RDATE;VALUE=DATE-TIME:19880925T030000[CR][LF] RDATE;VALUE=DATE-TIME:19890924T030000[CR][LF] RDATE;VALUE=DATE-TIME:19900930T030000[CR][LF] RDATE;VALUE=DATE-TIME:19910929T030000[CR][LF] RDATE;VALUE=DATE-TIME:19920927T030000[CR][LF] RDATE;VALUE=DATE-TIME:19930926T030000[CR][LF] RDATE;VALUE=DATE-TIME:19940925T030000[CR][LF] RDATE;VALUE=DATE-TIME:19950924T030000[CR][LF] END:STANDARD[CR][LF] BEGIN:DAYLIGHT[CR][LF] TZOFFSETFROM:+0200[CR][LF] TZOFFSETTO:+0300[CR][LF] TZNAME:CEMT[CR][LF] DTSTART:19450524T020000[CR][LF] RDATE;VALUE=DATE-TIME:19450524T020000[CR][LF] RDATE;VALUE=DATE-TIME:19470511T030000[CR][LF] END:DAYLIGHT[CR][LF] BEGIN:DAYLIGHT[CR][LF] TZOFFSETFROM:+0300[CR][LF] TZOFFSETTO:+0200[CR][LF] TZNAME:CEST[CR][LF] DTSTART:19450924T030000[CR][LF] RDATE;VALUE=DATE-TIME:19450924T030000[CR][LF] RDATE;VALUE=DATE-TIME:19470629T030000[CR][LF] END:DAYLIGHT[CR][LF] BEGIN:STANDARD[CR][LF] TZOFFSETFROM:+0100[CR][LF] TZOFFSETTO:+0100[CR][LF] TZNAME:CET[CR][LF] DTSTART:19460101T000000[CR][LF] RDATE;VALUE=DATE-TIME:19460101T000000[CR][LF] RDATE;VALUE=DATE-TIME:19800101T000000[CR][LF] END:STANDARD[CR][LF] END:VTIMEZONE[CR][LF] END:VCALENDAR[CR][LF] HTTP RESPONSE: http/1.1 403 Forbidden Connection: Keep-Alive Content-Length: 265 Content-Type: text/html; charset=iso-8859-1 Date: Tue, 01 Dec 2015 17:02:25 GMT Keep-Alive: timeout=5, max=99 OkHttp-Received-Millis: 1448989345076 OkHttp-Selected-Protocol: http/1.1 OkHttp-Sent-Millis: 1448989345023 Server: Apache <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">[LF] <html><head>[LF] <title>403 Forbidden</title>[LF] </head><body>[LF] <h1>Forbidden</h1>[LF] <p>You don't have permission to access /web/calendar/Mick/Mick/679b1103-c90c-4bd8-8ca3-2e467ff2b191.ics[LF] on this server.</p>[LF] </body></html>[LF] STACK TRACE: at.bitfire.dav4android.exception.HttpException: 403 Forbidden at.bitfire.dav4android.exception.HttpException: 403 Forbidden at at.bitfire.dav4android.DavResource.checkStatus(DavResource.java:281) at at.bitfire.dav4android.DavResource.checkStatus(DavResource.java:286) at at.bitfire.dav4android.DavResource.put(DavResource.java:181) at at.bitfire.davdroid.syncadapter.SyncManager.uploadDirty(SyncManager.java:338) at at.bitfire.davdroid.syncadapter.SyncManager.performSync(SyncManager.java:159) at at.bitfire.davdroid.syncadapter.CalendarsSyncAdapterService$SyncAdapter.onPerformSync(CalendarsSyncAdapterService.java:58) at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259) SOFTWARE INFORMATION DAVdroid version: 0.9.1.2 (86) Tue Dec 01 17:59:34 MEZ 2015 Installed from: com.android.vending JB Workaround installed: no CONFIGURATION System-wide synchronization: automatically Account: MarionCal Address book sync. interval: — Calendar sync. interval: 1440 min OpenTasks sync. interval: — Account: MarionContacts Address book sync. interval: 1440 min Calendar sync. interval: — OpenTasks sync. interval: — Account: MickCal Address book sync. interval: — Calendar sync. interval: 1440 min OpenTasks sync. interval: — SYSTEM INFORMATION Android version: 4.4.2 (KOT49H.G800FXXU1AOG2) Device: Samsung SM-G800F (kminilte) -
@zoulhh I’ll try it on our Synology DSM (but it may take some time). Which DSM version and which software on your DSM do you use? Default CalDAV or an extra package like Baikal or Owncloud?
-
@rfc2822 Hi. It’s DSM 5.2-5644 Update 1 and default CalDAV.
-
@zoulhh I have reproduced your setup and can confirm that there is a problem:
- Create a folder
folderwhereuser1has r/w access anduser2has r/o access. - Create a calendar
calendarinfolder. - Accessing
folder/calendarasuser1works as expected. - When accessing
folder/calendarasuser2, the server reports r/w privileges althoughuser2has only read access. This resuls in your HTTP Forbidden error as soon as you make changes to the Android calendar and DAVdroid tries to synchronize these changes to the server.
When querying the folder as read-only user (!):
--> PROPFIND /folder1/test/ HTTP/1.1 Depth: 1 Content-Type: application/xml; charset=utf-8 Content-Length: 384 Host: diskstation.lan:5005 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: DAVdroid/0.9.1.2 (2015/12/06; dav4android) Android/4.4.2 <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:par\ ams:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><CAL:supported-c\ alendar-component-set /><resourcetype /><displayname /><current-user-privilege-set />\ <n0:calendar-color xmlns:n0="http://apple.com/ns/ical/" /><CAL:calendar-description /\ ><CAL:calendar-timezone /></prop></propfind> --> END PROPFIND (384-byte body) <-- HTTP/1.1 207 Multi-Status (24ms) Date: Sun, 06 Dec 2015 12:08:31 GMT Server: Apache Content-Length: 1339 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: application/xml; charset="utf-8" OkHttp-Selected-Protocol: http/1.1 OkHttp-Sent-Millis: 1449403494370 OkHttp-Received-Millis: 1449403494394 <?xml version="1.0" encoding="utf-8"?> <D:multistatus xmlns:D="DAV:" xmlns:ns3="http://apple.com/ns/ical/" xmlns:ns2="urn:ie\ tf:params:xml:ns:caldav" xmlns:ns1="urn:ietf:params:xml:ns:carddav" xmlns:ns0="DAV:"> <D:response xmlns:lp1="DAV:" xmlns:g0="urn:ietf:params:xml:ns:caldav" xmlns:g1="DAV:"\ xmlns:g2="http://apple.com/ns/ical/"> <D:href>/folder1/test/</D:href> <D:propstat> <D:prop> <lp1:resourcetype><x:calendar xmlns:x="urn:ietf:params:xml:ns:caldav"/><D:collection/\ ></lp1:resourcetype> <lp1:current-user-privilege-set><D:privilege><D:all/></D:privilege> <D:privilege><D:read-acl/></D:privilege> <D:privilege><D:read/></D:privilege> <D:privilege><D:read-current-user-privilege-set/></D:privilege> <D:privilege><D:write-acl/></D:privilege> <D:privilege><D:unlock/></D:privilege> <D:privilege><D:write/></D:privilege> <D:privilege><D:write-content/></D:privilege> <D:privilege><D:write-properties/></D:privilege> <D:privilege><D:bind/></D:privilege> <D:privilege><D:unbind/></D:privilege> </lp1:current-user-privilege-set> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> <D:propstat> <D:prop> <g0:supported-calendar-component-set/> <g1:displayname/> <g2:calendar-color/> <g0:calendar-description/> <g0:calendar-timezone/> </D:prop> <D:status>HTTP/1.1 404 Not Found</D:status> </D:propstat> </D:response> </D:multistatus>The pretty-printed response is:
<?xml version="1.0" encoding="utf-8"?> <D:multistatus xmlns:D="DAV:" xmlns:ns3="http://apple.com/ns/ical/" xmlns:ns2="urn:ietf:params:xml:ns:caldav" xmlns:ns1="urn:ietf:params:xml:ns:carddav" xmlns:ns0="DAV:"> <D:response xmlns:lp1="DAV:" xmlns:g0="urn:ietf:params:xml:ns:caldav" xmlns:g1="DAV:" xmlns:g2="http://apple.com/ns/ical/"> <D:href>/folder1/test/</D:href> <D:propstat> <D:prop> <lp1:resourcetype> <x:calendar xmlns:x="urn:ietf:params:xml:ns:caldav"/> <D:collection/> </lp1:resourcetype> <lp1:current-user-privilege-set> <D:privilege> <D:all/> </D:privilege> <D:privilege> <D:read-acl/> </D:privilege> <D:privilege> <D:read/> </D:privilege> <D:privilege> <D:read-current-user-privilege-set/> </D:privilege> <D:privilege> <D:write-acl/> </D:privilege> <D:privilege> <D:unlock/> </D:privilege> <D:privilege> <D:write/> </D:privilege> <D:privilege> <D:write-content/> </D:privilege> <D:privilege> <D:write-properties/> </D:privilege> <D:privilege> <D:bind/> </D:privilege> <D:privilege> <D:unbind/> </D:privilege> </lp1:current-user-privilege-set> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> <D:propstat> <D:prop> <g0:supported-calendar-component-set/> <g1:displayname/> <g2:calendar-color/> <g0:calendar-description/> <g0:calendar-timezone/> </D:prop> <D:status>HTTP/1.1 404 Not Found</D:status> </D:propstat> </D:response> </D:multistatus>As you can see, the server reports the
allandwritepermissions for the current user (which is the read-only user!).I have reported this error to Synology (ticket #712664).
- Create a folder
-
Synology have responded to the ticket (German):
eine explizite Rechtevergabe ist derzeit nicht möglich.
Ich werde die Anfragen gerne an unser Entwicklungsteam weitergeben!
Schließlich versuchen wir unsere Kundenwünsche zu erfüllen.
Wann oder Ob die gewünschten Funktionen umgesetzt werden, weiß ich zu diesem Zeitpunkt natürlich nicht.So, to summarize, the Synology software doesn’t support shared calendars with read-only permissions at the moment.
@zoulhh I’m sorry that I can’t offer a solution, but as you can see, this is not a DAVdroid problem.
-
@rfc2822 Thanks for your kind support anyways.
