From fec7370c09b55b9983eb5adf08c2be501b3f7aaa Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 10:26:55 +0200
Subject: [PATCH 01/19] moving from submodules to fork

---
 .dockerignore                 |   23 +
 Dockerfile                    |   46 +
 docker/README.md              |    9 +
 docker/caldavd.plist.template | 2264 +++++++++++++++++++++++++++++++++
 docker/docker_cmd.sh          |   19 +
 5 files changed, 2361 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 Dockerfile
 create mode 100644 docker/README.md
 create mode 100644 docker/caldavd.plist.template
 create mode 100755 docker/docker_cmd.sh

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..ea12c04f0
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,23 @@
+*.egg-info/
+*.o
+*.py[co]
+*.so
+_trial_temp*/
+build/
+dropin.cache
+*~
+*.lock
+.git
+.gitignore
+.gitmodules
+*.pyc
+.develop/
+data/
+bin/calendarserver_*
+calendarserver/version.py
+conf/caldavd-dev.plist
+subprojects/
+_run/
+
+# Otherwise any change to the Dockerfile itself means a complete rebuild
+Dockerfile
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..4553f92ab
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,46 @@
+FROM ubuntu:16.04
+
+LABEL maintainer            "giorgio.azzinnaro@gmail.com"
+LABEL io.openshift.tags     caldavd,ccs
+LABEL io.openshift.wants    memcached,postgres
+LABEL io.k8s.description    "Calendar and Contacts Server is a CalDAV implementation"
+
+# Straight from CCS GitHub install guide
+# except for gettext-base, which we need for "envsubst"
+RUN apt-get update &&                                       \
+    apt-get -y install build-essential                      \
+        python-setuptools python-pip python-dev             \
+        git curl gettext-base                               \
+        libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
+        libldap2-dev libsasl2-dev zlib1g-dev
+
+# All of the source code is in here
+ADD . /home/ccs
+
+WORKDIR /home/ccs
+
+# Dependencies are retrieved and CCS installed in /usr/local
+RUN pip install -r requirements-default.txt
+
+# TODO Check if everything is in this dir
+VOLUME [ "/var/db/caldavd" ]
+
+# This can be edited in docker/caldavd.plist.template > HTTPPort
+EXPOSE 8080
+
+# Some sensible defaults for config
+ENV POSTGRES_HOST   tcp:postgres:5432
+ENV POSTGRES_DB     postgres
+ENV POSTGRES_USER   postgres
+ENV POSTGRES_PASS   password
+
+ENV MEMCACHED_HOST  memcached
+ENV MEMCACHED_PORT  11211
+
+# To avoid errors with OpenShift
+#USER 1000
+
+# This entry point simply creates /etc/caldavd/caldavd.plist,
+# using the given ENV as placeholders,
+# and then runs `caldavd -X -L`
+CMD [ "/home/ccs/docker/docker_cmd.sh" ]
\ No newline at end of file
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 000000000..cdfb99eef
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,9 @@
+# CCS dockerised
+
+This container of [Calendar and Contacts Server](https://github.com/apple/ccs-calendarserver/)
+is thought to be run in production (in Kubernetes or OpenShift).
+
+It uses `setup.py` and expects external __Postgres__ and __Memcached__.
+
+__Postgres__ schema must be manually defined during the first run,
+using [current.sql](https://github.com/apple/ccs-calendarserver/blob/master/txdav/common/datastore/sql_schema/current.sql).
\ No newline at end of file
diff --git a/docker/caldavd.plist.template b/docker/caldavd.plist.template
new file mode 100644
index 000000000..ed19ded8c
--- /dev/null
+++ b/docker/caldavd.plist.template
@@ -0,0 +1,2264 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+
+<!--
+    Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+  -->
+
+<plist version="1.0">
+<dict>
+	<!-- Public network address information
+
+	     This is the server's public network address, which is provided to clients
+	     in URLs and the like.  It may or may not be the network address that the
+	     server is listening to directly, though it is by default.  For example, it
+	     may be the address of a load balancer or proxy which forwards connections
+	     to the server. -->
+
+	<!-- Network host name. -->
+	<key>ServerHostName</key>
+	<string></string>
+
+	<!-- Docker: Must be above 1024 for OpenShift -->
+	<!-- HTTP port (0 to disable HTTP) -->
+	<key>HTTPPort</key>
+	<integer>8080</integer>
+		
+	<!-- SSL port (0 to disable HTTPS) -->
+	<key>SSLPort</key>
+	<integer>0</integer>
+
+	<!-- Whether to listen on SSL port(s) -->
+	<key>EnableSSL</key>
+	<false/>
+
+	<!-- Whether the service is offloading TLS duty to a proxy -->
+	<key>BehindTLSProxy</key>
+	<false/>
+
+	<!-- If True, all nonSSL requests redirected to an SSL Port -->
+	<key>RedirectHTTPToHTTPS</key>
+	<false/>
+
+	<!-- SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD -->
+	<key>SSLMethod</key>
+	<string>SSLv23_METHOD</string>
+
+	<key>SSLCiphers</key>
+	<string>RC4-SHA:HIGH:!ADH</string>
+
+	<!-- Max-age value for Strict-Transport-Security header; set to 0 to disable
+	     header. -->
+	<key>StrictTransportSecuritySeconds</key>
+	<integer>604800</integer>
+
+	<!-- Network address configuration information.
+
+	     This configures the actual network address that the server binds to. -->
+
+	<key>SocketFiles</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Socket file to listen for secure requests on -->
+		<key>Secured</key>
+		<string>secured.sock</string>
+
+		<!-- Socket file to listen for insecure requests on -->
+		<key>Unsecured</key>
+		<string>unsecured.sock</string>
+
+		<key>Owner</key>
+		<string></string>
+
+		<key>Group</key>
+		<string></string>
+
+		<key>Permissions</key>
+		<integer>504</integer>
+	</dict>
+
+	<key>SocketRoot</key>
+	<string>/tmp/calendarserver</string>
+
+	<!-- List of IP addresses to bind to [empty = all] -->
+	<key>BindAddresses</key>
+	<array>
+	</array>
+
+	<!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
+	<key>BindHTTPPorts</key>
+	<array>
+	</array>
+
+	<!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
+	<key>BindSSLPorts</key>
+	<array>
+	</array>
+
+	<!-- File descriptors to inherit for HTTP requests [empty = don't inherit] -->
+	<key>InheritFDs</key>
+	<array>
+	</array>
+
+	<!-- File descriptors to inherit for HTTPS requests [empty = don't inherit] -->
+	<key>InheritSSLFDs</key>
+	<array>
+	</array>
+
+	<!-- Use a 'meta' FD, i.e. an FD to transmit other FDs to slave processes. -->
+	<key>UseMetaFD</key>
+	<true/>
+
+	<!-- Inherited file descriptor to call recvmsg() on to receive sockets (none =
+	     don't inherit) -->
+	<key>MetaFD</key>
+	<integer>0</integer>
+
+	<!-- Database configuration information.
+
+	     Defines what kind of database to use: file (deprecated) or SQL. File-based
+	     DB is only supported for migration purposes - it cannot be used for a real
+	     service.
+
+	     For an SQL-based DB, configuration of connection parameters and various
+	     timeouts is provided. -->
+
+	<!-- True: database; False: files (deprecated) -->
+	<key>UseDatabase</key>
+	<true/>
+
+	<!-- Possible values: empty, meaning 'spawn postgres yourself', or 'postgres'
+	     or 'oracle', meaning 'connect to a postgres or Oracle database as
+	     specified by the 'DSN' configuration key. -->
+	<key>DBType</key>
+	<string>postgres</string>
+
+	<!-- Features supported by the database
+
+	     'skip-locked': SKIP LOCKED available with SELECT (remove if using postgres
+	     &lt; v9.5) -->
+	<key>DBFeatures</key>
+	<array>
+		<string>skip-locked</string>
+	</array>
+
+	<!-- The username to use when DBType is empty -->
+	<!-- <key>SpawnedDBUser</key>
+	<string>caldav</string> -->
+
+	<!-- Used to connect to an external database if DBType is non-empty -->
+	<key>DatabaseConnection</key>
+	<dict>
+		<!-- Database connection endpoint -->
+		<key>endpoint</key>
+		<string>$POSTGRES_HOST</string>
+		<!-- <string>tcp:postgres:5432</string> -->
+
+		<!-- Name of database or Oracle SID -->
+		<key>database</key>
+		<string>$POSTGRES_DB</string>
+		<!-- <string>postgres</string> -->
+
+		<!-- User name to connect as -->
+		<key>user</key>
+		<string>$POSTGRES_USER</string>
+		<!-- <string>postgres</string> -->
+
+		<!-- Password to use -->
+		<key>password</key>
+		<string>$POSTGRES_PASS</string>
+		<!-- <string>password</string> -->
+
+		<!-- Set to True to require SSL (pg8000 only). -->
+		<key>ssl</key>
+		<false/>
+	</dict>
+
+	<!-- Use a shared database connection pool in the master process, rather than
+	     having each client make its connections directly. -->
+	<key>SharedConnectionPool</key>
+	<false/>
+
+	<!-- Internally used by database to tell slave processes to inherit a file
+	     descriptor and use it as an AMP connection over a UNIX socket; see
+	     twext.enterprise.adbapi2.ConnectionPoolConnection -->
+	<key>DBAMPFD</key>
+	<integer>0</integer>
+
+	<!-- Set to True to prevent the server or utility tools from running if the
+	     database needs a schema upgrade. -->
+	<key>FailIfUpgradeNeeded</key>
+	<true/>
+
+	<!-- Set to True to check the current database schema against the schema file
+	     matching the database schema version. -->
+	<key>CheckExistingSchema</key>
+	<false/>
+
+	<!-- When upgrading, only upgrade homes where the owner UID starts with the
+	     specified prefix. The upgrade will only be partial and only apply to
+	     upgrade pieces that affect entire homes. The upgrade will need to be run
+	     again without this prefix set to complete the overall upgrade. -->
+	<key>UpgradeHomePrefix</key>
+	<string></string>
+
+	<!-- Timeout transactions that take longer than the specified number of
+	     seconds. Zero means no timeouts. 5 minute default. -->
+	<key>TransactionTimeoutSeconds</key>
+	<integer>300</integer>
+
+	<!-- When a transactions times out tell HTTP clients clients to retry after
+	     this amount of time -->
+	<key>TransactionHTTPRetrySeconds</key>
+	<integer>300</integer>
+
+	<!-- Work queue configuration information -->
+
+	<key>WorkQueue</key>
+	<dict>
+		<!-- Interval in seconds for job queue polling -->
+		<key>queuePollInterval</key>
+		<real>0.1</real>
+
+		<!-- Number of seconds before an assigned job is considered overdue -->
+		<key>queueOverdueTimeout</key>
+		<integer>300</integer>
+
+		<!-- Array of array that describe the threshold and new polling interval for
+		     job queue polling back off -->
+		<key>queuePollingBackoff</key>
+		<array>
+			<array>
+				<integer>60</integer>
+				<integer>60</integer>
+			</array>
+			<array>
+				<integer>5</integer>
+				<integer>1</integer>
+			</array>
+		</array>
+
+		<!-- Queue capacity (percentage) which causes job processing to halt -->
+		<key>overloadLevel</key>
+		<integer>95</integer>
+
+		<!-- Queue capacity (percentage) at which only high priority items are run -->
+		<key>highPriorityLevel</key>
+		<integer>80</integer>
+
+		<!-- Queue capacity (percentage) at which only high/medium priority items are
+		     run -->
+		<key>mediumPriorityLevel</key>
+		<integer>50</integer>
+
+		<!-- This is used to help with concurrency problems when the underlying DB
+		     does not support a proper "LIMIT" term with the query (Oracle). It should
+		     be set to no more than 1 plus the number of app-servers in use. For a
+		     single app-server, always use 1. -->
+		<key>rowLimit</key>
+		<integer>1</integer>
+
+		<!-- When a job fails, reschedule it this number of seconds in the future -->
+		<key>failureRescheduleInterval</key>
+		<integer>60</integer>
+
+		<!-- When a job can't run because of a lock, reschedule it this number of
+		     seconds in the future -->
+		<key>lockRescheduleInterval</key>
+		<integer>60</integer>
+
+		<!-- dict of work table name's, whose values are dicts containing "priority"
+		     and "weight" items to use for newly created work. -->
+		<key>workParameters</key>
+		<dict>
+		</dict>
+	</dict>
+
+	<!-- Types of service provided -->
+
+	<!-- Enable CalDAV service -->
+	<key>EnableCalDAV</key>
+	<true/>
+
+	<!-- Enable CardDAV service -->
+	<key>EnableCardDAV</key>
+	<true/>
+
+	<!-- When True override all other services and set the server into podding-only
+	     mode -->
+	<key>MigrationOnly</key>
+	<false/>
+
+	<!-- Data store -->
+
+	<!-- The top level directory, contains (by default) ConfigRoot and DataRoot -->
+	<key>ServerRoot</key>
+	<string>/var/db/caldavd</string>
+
+	<!-- Data directory, parent to DatabaseRoot, AttachmentsRoot, and others -->
+	<key>DataRoot</key>
+	<string>Data</string>
+
+	<!-- Database directory, contains PostgreSQL cluster -->
+	<key>DatabaseRoot</key>
+	<string>Database</string>
+
+	<!-- Attachments directory, where file attachments are stored -->
+	<key>AttachmentsRoot</key>
+	<string>Attachments</string>
+
+	<!-- Documents directory, contains files to be served as HTTP resources at the
+	     root level -->
+	<key>DocumentRoot</key>
+	<string>Documents</string>
+
+	<!-- Config directory, contains additional config files -->
+	<key>ConfigRoot</key>
+	<string>Config</string>
+
+	<!-- Log directory, contains access.log, error.log and others -->
+	<key>LogRoot</key>
+	<string>/var/log/caldavd</string>
+
+	<!-- Run-time directory, contains PID files and UNIX socket files -->
+	<key>RunRoot</key>
+	<string>/var/run/caldavd</string>
+
+	<!-- WebCal directory, contains HTML implementing the web calendar -->
+	<key>WebCalendarRoot</key>
+	<string>/Applications/Server.app/Contents/ServerRoot/usr/share/collabd/webcal/public</string>
+
+	<!-- Quotas -->
+
+	<!-- Attachments -->
+	<!-- User attachment quota (in bytes - default 100MB) -->
+	<key>UserQuota</key>
+	<integer>104857600</integer>
+
+	<!-- Maximum size for a single attachment (in bytes - default 10MB) -->
+	<key>MaximumAttachmentSize</key>
+	<integer>10485760</integer>
+
+	<!-- Maximum number of attachments per instance -->
+	<key>MaximumAttachmentsPerInstance</key>
+	<integer>5</integer>
+
+	<!-- Resource data -->
+	<!-- Maximum number of calendars/address books allowed in a home -->
+	<key>MaxCollectionsPerHome</key>
+	<integer>50</integer>
+
+	<!-- Maximum number of resources in a calendar/address book -->
+	<key>MaxResourcesPerCollection</key>
+	<integer>10000</integer>
+
+	<!-- Maximum resource size (in bytes) -->
+	<key>MaxResourceSize</key>
+	<integer>1048576</integer>
+
+	<!-- Maximum number of unique attendees -->
+	<key>MaxAttendeesPerInstance</key>
+	<integer>100</integer>
+
+	<!-- Maximum number of instances the server will index -->
+	<key>MaxAllowedInstances</key>
+	<integer>3000</integer>
+
+	<!-- Set to URL path of wiki authentication service, e.g. "/auth", in order to
+	     use javascript authentication dialog.  Empty string indicates standard
+	     browser authentication dialog should be used. -->
+	<key>WebCalendarAuthPath</key>
+	<string></string>
+
+	<!-- Define mappings of URLs to file system objects (directories or files) -->
+	<key>Aliases</key>
+	<array>
+	</array>
+
+	<!-- Directory service
+
+	     A directory service provides information about principals (e.g. users,
+	     groups, locations and resources) to the server. -->
+
+	<key>DirectoryService</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>type</key>
+		<string>xml</string>
+
+		<key>params</key>
+		<dict>
+			<key>recordTypes</key>
+			<array>
+				<string>users</string>
+				<string>groups</string>
+			</array>
+
+			<key>xmlFile</key>
+			<string>accounts.xml</string>
+		</dict>
+	</dict>
+
+	<key>DirectoryRealmName</key>
+	<string></string>
+
+	<!-- Apply an additional filter for attendee lookups where names must start
+	     with the search tokens rather than just contain them. -->
+	<key>DirectoryFilterStartsWith</key>
+	<false/>
+
+	<!-- Locations and Resources service
+
+	     Supplements the directory service with information about locations and
+	     resources. -->
+
+	<key>ResourceService</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>type</key>
+		<string>xml</string>
+
+		<key>params</key>
+		<dict>
+			<key>recordTypes</key>
+			<array>
+				<string>locations</string>
+				<string>resources</string>
+				<string>addresses</string>
+			</array>
+
+			<key>xmlFile</key>
+			<string>resources.xml</string>
+		</dict>
+	</dict>
+
+	<!-- Augment service
+
+	     Augments for the directory service records to add calendar specific
+	     attributes. -->
+
+	<key>AugmentService</key>
+	<dict>
+		<key>type</key>
+		<string>xml</string>
+
+		<key>params</key>
+		<dict>
+			<key>xmlFiles</key>
+			<array>
+			</array>
+
+			<key>statSeconds</key>
+			<integer>15</integer>
+		</dict>
+	</dict>
+
+	<!-- Proxies -->
+
+	<!-- Allows for initialization of the proxy database from an XML file -->
+	<key>ProxyLoadFromFile</key>
+	<string></string>
+
+	<!-- Special principals -->
+
+	<!-- Principals with "DAV:all" access (relative URLs) -->
+	<key>AdminPrincipals</key>
+	<array>
+	</array>
+
+	<!-- Principals with "DAV:read" access (relative URLs) -->
+	<key>ReadPrincipals</key>
+	<array>
+	</array>
+
+	<!-- Create "proxy access" principals -->
+	<key>EnableProxyPrincipals</key>
+	<true/>
+
+	<!-- Permissions -->
+
+	<!-- Allow unauthenticated read access to / -->
+	<key>EnableAnonymousReadRoot</key>
+	<true/>
+
+	<!-- Allow unauthenticated read access to hierarchy -->
+	<key>EnableAnonymousReadNav</key>
+	<false/>
+
+	<!-- Allow listing of principal collections -->
+	<key>EnablePrincipalListings</key>
+	<true/>
+
+	<!-- Render calendar collections as a monolithic iCalendar object -->
+	<key>EnableMonolithicCalendars</key>
+	<true/>
+
+	<!-- Client controls -->
+
+	<!-- List of regexes for clients to disallow -->
+	<key>RejectClients</key>
+	<array>
+	</array>
+
+	<!-- Authentication -->
+
+	<key>Authentication</key>
+	<dict>
+		<!-- Clear text; best avoided -->
+		<key>Basic</key>
+		<dict>
+			<key>Enabled</key>
+			<true/>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<false/>
+		</dict>
+
+		<!-- Digest challenge/response -->
+		<key>Digest</key>
+		<dict>
+			<key>Enabled</key>
+			<true/>
+
+			<key>Algorithm</key>
+			<string>md5</string>
+
+			<key>Qop</key>
+			<string></string>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+		</dict>
+
+		<!-- Kerberos/SPNEGO -->
+		<key>Kerberos</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>ServicePrincipal</key>
+			<string></string>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+		</dict>
+
+		<!-- TLS Client Certificate -->
+		<key>ClientCertificate</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+
+			<!-- Always require a client cert -->
+			<key>Required</key>
+			<true/>
+
+			<!-- Array of acceptable client cert CA file names -->
+			<key>CAFiles</key>
+			<array>
+			</array>
+
+			<!-- Send the list of acceptable CAs to the client -->
+			<key>SendCAsToClient</key>
+			<true/>
+		</dict>
+
+		<key>Wiki</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>Cookie</key>
+			<string>cc.collabd_session_guid</string>
+
+			<key>EndpointDescriptor</key>
+			<string>unix:path=/var/run/collabd</string>
+		</dict>
+	</dict>
+
+	<!-- Logging -->
+
+	<!-- Apache-style access log -->
+	<key>AccessLogFile</key>
+	<string>access.log</string>
+
+	<!-- Server activity log (the verbosity is controlled by DefaultLogLevel and
+	     LogLevels keys) -->
+	<key>ErrorLogFile</key>
+	<string>error.log</string>
+
+	<!-- Agent activity log (only applies to Server.app edition) -->
+	<key>AgentLogFile</key>
+	<string>agent.log</string>
+
+	<!-- Utility log (used for command line utilities; the name will be dynamically
+	     changed to that of the utility being run) -->
+	<key>UtilityLogFile</key>
+	<string>utility.log</string>
+
+	<!-- True = use log file, False = stdout -->
+	<key>ErrorLogEnabled</key>
+	<true/>
+
+	<!-- Rotate error log after so many megabytes -->
+	<key>ErrorLogRotateMB</key>
+	<integer>10</integer>
+
+	<!-- Retain this many error log files -->
+	<key>ErrorLogMaxRotatedFiles</key>
+	<integer>5</integer>
+
+	<!-- Rotate error log when service starts -->
+	<key>ErrorLogRotateOnStart</key>
+	<false/>
+
+	<key>PIDFile</key>
+	<string>caldavd.pid</string>
+
+	<key>RotateAccessLog</key>
+	<false/>
+
+	<key>EnableExtendedAccessLog</key>
+	<true/>
+
+	<key>EnableExtendedTimingAccessLog</key>
+	<false/>
+
+	<!-- Controls the verbosity of ErrorLogFile (valid values are error, warn,
+	     info, debug; default is info) -->
+	<key>DefaultLogLevel</key>
+	<string></string>
+
+	<!-- Allows overriding log levels on a per-package, per-module, or even per-
+	     class basis -->
+	<key>LogLevels</key>
+	<dict>
+	</dict>
+
+	<!-- Used internally to track which worker process is logging a message -->
+	<key>LogID</key>
+	<string></string>
+
+	<key>AccountingCategories</key>
+	<dict>
+		<!-- Log regular HTTP requests -->
+		<key>HTTP</key>
+		<false/>
+
+		<!-- Log non-freebusy iTIP details -->
+		<key>iTIP</key>
+		<false/>
+
+		<!-- Log freebusy iTIP details -->
+		<key>iTIP-VFREEBUSY</key>
+		<false/>
+
+		<!-- Log extra details about implicit scheduling errors -->
+		<key>Implicit Errors</key>
+		<false/>
+
+		<!-- Log extra details about auto-accept iTIP processing -->
+		<key>AutoScheduling</key>
+		<false/>
+
+		<!-- Log iSchedule HTTP requests (including cross-pod) -->
+		<key>iSchedule</key>
+		<false/>
+
+		<!-- Log cross-pod conduit HTTP requests -->
+		<key>xPod</key>
+		<false/>
+
+		<!-- Log invalid recurrence instance details -->
+		<key>Invalid Instance</key>
+		<false/>
+
+		<!-- Log cross-pod migration details -->
+		<key>migration</key>
+		<false/>
+	</dict>
+
+	<key>AccountingPrincipals</key>
+	<array>
+	</array>
+
+	<!-- The parent directory for accounting log directories (by default, relative
+	     to LogRoot) -->
+	<key>AccountingLogRoot</key>
+	<string>accounting</string>
+
+	<key>Stats</key>
+	<dict>
+		<key>EnableUnixStatsSocket</key>
+		<false/>
+
+		<key>UnixStatsSocket</key>
+		<string>caldavd-stats.sock</string>
+
+		<key>EnableTCPStatsSocket</key>
+		<false/>
+
+		<key>TCPStatsPort</key>
+		<integer>8100</integer>
+	</dict>
+
+	<key>LogDatabase</key>
+	<dict>
+		<key>LabelsInSQL</key>
+		<false/>
+
+		<key>Statistics</key>
+		<false/>
+
+		<key>StatisticsLogFile</key>
+		<string>sqlstats.log</string>
+
+		<key>SQLStatements</key>
+		<false/>
+
+		<key>TransactionWaitSeconds</key>
+		<integer>0</integer>
+	</dict>
+
+	<!-- SSL/TLS -->
+
+	<!-- Public key -->
+	<key>SSLCertificate</key>
+	<string></string>
+
+	<!-- Private key -->
+	<key>SSLPrivateKey</key>
+	<string></string>
+
+	<!-- Certificate Authority Chain -->
+	<key>SSLAuthorityChain</key>
+	<string></string>
+
+	<key>SSLPassPhraseDialog</key>
+	<string>/etc/apache2/getsslpassphrase</string>
+
+	<key>SSLCertAdmin</key>
+	<string>/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin</string>
+
+	<!-- Keychain identity to use in place of cert files -->
+	<key>SSLKeychainIdentity</key>
+	<string></string>
+
+	<!-- Process management -->
+
+	<!-- Username and Groupname to drop privileges to, if empty privileges will not
+	     be dropped. -->
+	<key>UserName</key>
+	<string></string>
+
+	<key>GroupName</key>
+	<string></string>
+
+	<!-- Multi-process -->
+	<key>ProcessType</key>
+	<string>Combined</string>
+
+	<key>MultiProcess</key>
+	<dict>
+		<key>ProcessCount</key>
+		<integer>0</integer>
+
+		<key>MinProcessCount</key>
+		<integer>2</integer>
+
+		<key>PerCPU</key>
+		<integer>1</integer>
+
+		<key>PerGB</key>
+		<integer>1</integer>
+
+		<key>StaggeredStartup</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>Interval</key>
+			<integer>15</integer>
+		</dict>
+	</dict>
+
+	<!-- How large a spawned process is allowed to get before it's stopped -->
+	<key>MemoryLimiter</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- How often to check memory sizes (in seconds) -->
+		<key>Seconds</key>
+		<integer>60</integer>
+
+		<!-- Memory limit (RSS in bytes) -->
+		<key>Bytes</key>
+		<integer>2147483648</integer>
+
+		<!-- True: only take into account resident memory; False: include virtual
+		     memory -->
+		<key>ResidentOnly</key>
+		<true/>
+	</dict>
+
+	<!-- If enabled, will honor macOS Server ACLs to control access -->
+	<key>EnableSACLs</key>
+	<false/>
+
+	<!-- Make all data read-only -->
+	<key>EnableReadOnlyServer</key>
+	<false/>
+
+	<!-- Standard (or draft) WebDAV extensions -->
+
+	<!-- POST ;add-member extension -->
+	<key>EnableAddMember</key>
+	<true/>
+
+	<!-- REPORT collection-sync -->
+	<key>EnableSyncReport</key>
+	<true/>
+
+	<!-- REPORT collection-sync on home collections -->
+	<key>EnableSyncReportHome</key>
+	<true/>
+
+	<!-- Sync token includes config component -->
+	<key>EnableConfigSyncToken</key>
+	<true/>
+
+	<!-- /.well-known resource -->
+	<key>EnableWellKnown</key>
+	<true/>
+
+	<!-- Extended calendar-query REPORT -->
+	<key>EnableCalendarQueryExtended</key>
+	<true/>
+
+	<!-- Support Managed Attachments -->
+	<key>EnableManagedAttachments</key>
+	<false/>
+
+	<!-- server-info document -->
+	<key>EnableServerInfo</key>
+	<false/>
+
+	<!-- Generic CalDAV/CardDAV extensions -->
+
+	<!-- Allow clients to send/receive JSON jCal and jCard format data -->
+	<key>EnableJSONData</key>
+	<true/>
+
+	<!-- Non-standard CalDAV extensions -->
+
+	<!-- Calendar Drop Box -->
+	<key>EnableDropBox</key>
+	<false/>
+
+	<!-- Private Events -->
+	<key>EnablePrivateEvents</key>
+	<false/>
+
+	<!-- Old Timezone service -->
+	<key>EnableTimezoneService</key>
+	<false/>
+
+	<!-- New standard timezone service -->
+	<key>TimezoneService</key>
+	<dict>
+		<!-- Overall on/off switch -->
+		<key>Enabled</key>
+		<true/>
+
+		<!-- URI where service is hosted -->
+		<key>URI</key>
+		<string>/stdtimezones</string>
+
+		<!-- Can be "primary" or "secondary" -->
+		<key>Mode</key>
+		<string>primary</string>
+
+		<!-- Path to directory containing a zoneinfo - if None use default package
+		     path secondary service MUST define its own writable path -->
+		<key>BasePath</key>
+		<string></string>
+
+		<!-- Path to db cache info - if None use default package path secondary
+		     service MUST define its own writable path if not None -->
+		<key>XMLInfoPath</key>
+		<string></string>
+
+		<!-- User friendly JSON output -->
+		<key>PrettyPrintJSON</key>
+		<true/>
+
+		<key>SecondaryService</key>
+		<dict>
+			<!-- Only one of these should be used when a secondary service is used -->
+			<!-- Domain/IP of secondary service to discover -->
+			<key>Host</key>
+			<string></string>
+
+			<!-- HTTP(s) URI to secondary service -->
+			<key>URI</key>
+			<string></string>
+
+			<key>UpdateIntervalMinutes</key>
+			<integer>1440</integer>
+		</dict>
+	</dict>
+
+	<!-- Strip out VTIMEZONES that are known -->
+	<key>EnableTimezonesByReference</key>
+	<true/>
+
+	<!-- Use timezone data from twistedcaldav.zoneinfo - don't copy to Data
+	     directory -->
+	<key>UsePackageTimezones</key>
+	<false/>
+
+	<!-- POST batch uploads -->
+	<key>EnableBatchUpload</key>
+	<true/>
+
+	<!-- Maximum number of resources in a batch POST -->
+	<key>MaxResourcesBatchUpload</key>
+	<integer>100</integer>
+
+	<!-- Maximum size of a batch POST (10 MB) -->
+	<key>MaxBytesBatchUpload</key>
+	<integer>10485760</integer>
+
+	<key>Sharing</key>
+	<dict>
+		<!-- Overall on/off switch -->
+		<key>Enabled</key>
+		<true/>
+
+		<!-- External (non-principal) sharees allowed -->
+		<key>AllowExternalUsers</key>
+		<false/>
+
+		<key>Calendars</key>
+		<dict>
+			<!-- Calendar on/off switch -->
+			<key>Enabled</key>
+			<true/>
+
+			<key>IgnorePerUserProperties</key>
+			<array>
+				<string>X-APPLE-STRUCTURED-LOCATION</string>
+			</array>
+
+			<key>CollectionProperties</key>
+			<dict>
+				<key>Shadowable</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:caldav}calendar-description</string>
+				</array>
+
+				<key>ProxyOverride</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:caldav}calendar-description</string>
+					<string>{com.apple.ical:}calendarcolor</string>
+					<string>{http://apple.com/ns/ical/}calendar-color</string>
+					<string>{http://apple.com/ns/ical/}calendar-order</string>
+				</array>
+
+				<key>Global</key>
+				<array>
+				</array>
+			</dict>
+
+			<key>Groups</key>
+			<dict>
+				<!-- Calendar sharing to groups on/off switch -->
+				<key>Enabled</key>
+				<true/>
+
+				<key>ReconciliationDelaySeconds</key>
+				<integer>5</integer>
+			</dict>
+		</dict>
+
+		<key>AddressBooks</key>
+		<dict>
+			<!-- Address Book sharing on/off switch -->
+			<key>Enabled</key>
+			<false/>
+
+			<key>CollectionProperties</key>
+			<dict>
+				<key>Shadowable</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:carddav}addressbook-description</string>
+				</array>
+
+				<key>ProxyOverride</key>
+				<array>
+				</array>
+
+				<key>Global</key>
+				<array>
+				</array>
+			</dict>
+
+			<key>Groups</key>
+			<dict>
+				<!-- Address Book Group sharing on/off switch -->
+				<key>Enabled</key>
+				<false/>
+			</dict>
+		</dict>
+	</dict>
+
+	<!-- Only allow calendars to be created with a single component type If this is
+	     on, it will also trigger an upgrade behavior that will split existing
+	     calendars into multiples based on component type. If on, it will also
+	     cause new accounts to provision with separate calendars for events and
+	     tasks. -->
+	<key>RestrictCalendarsToOneComponentType</key>
+	<true/>
+
+	<!-- Set of supported iCalendar components -->
+	<key>SupportedComponents</key>
+	<array>
+		<string>VEVENT</string>
+		<string>VTODO</string>
+	</array>
+
+	<!-- Enable Trash Collection -->
+	<key>EnableTrashCollection</key>
+	<false/>
+
+	<!-- Expose Trash Collection as a resource -->
+	<key>ExposeTrashCollection</key>
+	<false/>
+
+	<!-- Perform upgrades - currently only the database to filesystem migration -
+	     but in the future, hopefully all relevant upgrades - in parallel in
+	     subprocesses. -->
+	<key>ParallelUpgrades</key>
+	<false/>
+
+	<!-- During the upgrade phase of startup, rather than skipping homes found both
+	     on the filesystem and in the database, merge the data from the filesystem
+	     into the database homes. -->
+	<key>MergeUpgrades</key>
+	<false/>
+
+	<!-- Support for default alarms generated by the server -->
+	<key>EnableDefaultAlarms</key>
+	<true/>
+
+	<!-- Remove duplicate alarms on PUT -->
+	<key>RemoveDuplicateAlarms</key>
+	<true/>
+
+	<!-- Remove duplicate private comments on PUT -->
+	<key>RemoveDuplicatePrivateComments</key>
+	<false/>
+
+	<key>HostedStatus</key>
+	<dict>
+		<!-- Decorate ATTENDEEs with the following parameter to indicate where the
+		     ATTENDEE is hosted, locally or externally.  It's configurable and
+		     extensible in case we want to add more values.  A value of empty string
+		     means no decoration. -->
+		<key>Enabled</key>
+		<false/>
+
+		<key>Parameter</key>
+		<string>X-APPLE-HOSTED-STATUS</string>
+
+		<key>Values</key>
+		<dict>
+			<key>local</key>
+			<string></string>
+
+			<key>external</key>
+			<string>EXTERNAL</string>
+		</dict>
+	</dict>
+
+	<key>RevisionCleanup</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- Number of days that a client sync report token is valid -->
+		<key>SyncTokenLifetimeDays</key>
+		<real>14.0</real>
+
+		<!-- Number of days between revision cleanups -->
+		<key>CleanupPeriodDays</key>
+		<real>2.0</real>
+	</dict>
+
+	<key>InboxCleanup</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- Number of days before deleting a new inbox item -->
+		<key>ItemLifetimeDays</key>
+		<real>14.0</real>
+
+		<!-- Number of days between inbox cleanups -->
+		<key>CleanupPeriodDays</key>
+		<real>2.0</real>
+
+		<!-- Number of seconds before CleanupOneInboxWork starts after
+		     InboxCleanupWork -->
+		<key>StartDelaySeconds</key>
+		<integer>300</integer>
+
+		<!-- Number of seconds between each CleanupOneInboxWork (fractional) -->
+		<key>StaggerSeconds</key>
+		<real>0.5</real>
+
+		<!-- Number of items above which inbox removals will be deferred to a work
+		     item -->
+		<key>InboxRemoveWorkThreshold</key>
+		<integer>5</integer>
+
+		<!-- Number of seconds between each InboxRemoveWork -->
+		<key>RemovalStaggerSeconds</key>
+		<real>0.5</real>
+	</dict>
+
+	<!-- CardDAV Features -->
+	<key>DirectoryAddressBook</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>type</key>
+		<string>opendirectory</string>
+
+		<key>params</key>
+		<dict>
+			<key>queryPeopleRecords</key>
+			<true/>
+
+			<key>peopleNode</key>
+			<string>/Search/Contacts</string>
+
+			<key>queryUserRecords</key>
+			<true/>
+
+			<key>userNode</key>
+			<string>/Search/Contacts</string>
+
+			<key>maxDSQueryRecords</key>
+			<integer>0</integer>
+
+			<key>queryDSLocal</key>
+			<false/>
+
+			<key>ignoreSystemRecords</key>
+			<true/>
+
+			<key>dsLocalCacheTimeout</key>
+			<integer>30</integer>
+
+			<key>liveQuery</key>
+			<true/>
+
+			<key>fakeETag</key>
+			<true/>
+
+			<key>cacheQuery</key>
+			<false/>
+
+			<key>cacheTimeout</key>
+			<integer>30</integer>
+
+			<key>standardizeSyntheticUIDs</key>
+			<false/>
+
+			<key>addDSAttrXProperties</key>
+			<false/>
+
+			<key>appleInternalServer</key>
+			<false/>
+
+			<key>additionalAttributes</key>
+			<array>
+			</array>
+
+			<key>allowedAttributes</key>
+			<array>
+			</array>
+		</dict>
+
+		<key>name</key>
+		<string>directory</string>
+
+		<key>MaxQueryResults</key>
+		<integer>1000</integer>
+	</dict>
+
+	<!-- /directory resource exists -->
+	<key>EnableSearchAddressBook</key>
+	<false/>
+
+	<!-- Anonymous users may access directory address book -->
+	<key>AnonymousDirectoryAddressBookAccess</key>
+	<false/>
+
+	<!-- /XXX CardDAV -->
+
+	<!-- Web-based administration -->
+	<key>EnableWebAdmin</key>
+	<true/>
+
+	<!-- JSON control API - only for testing -->
+	<key>EnableControlAPI</key>
+	<false/>
+
+	<!-- Scheduling related options -->
+
+	<key>Scheduling</key>
+	<dict>
+		<key>CalDAV</key>
+		<dict>
+			<!-- Domain for mailto calendar user addresses on this server -->
+			<key>EmailDomain</key>
+			<string></string>
+
+			<!-- Domain for http calendar user addresses on this server -->
+			<key>HTTPDomain</key>
+			<string></string>
+
+			<!-- Regex patterns to match local calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- Whether to maintain compatibility with non-implicit mode -->
+			<key>OldDraftCompatibility</key>
+			<true/>
+
+			<!-- Whether to support older clients that do not use Schedule-Tag feature -->
+			<key>ScheduleTagCompatibility</key>
+			<true/>
+
+			<!-- Private comments from attendees to organizer -->
+			<key>EnablePrivateComments</key>
+			<true/>
+
+			<!-- Names of iCalendar properties that are preserved when an Attendee does
+			     an invite PUT -->
+			<key>PerAttendeeProperties</key>
+			<array>
+				<string>X-APPLE-NEEDS-REPLY</string>
+				<string>X-APPLE-TRAVEL-DURATION</string>
+				<string>X-APPLE-TRAVEL-START</string>
+				<string>X-APPLE-TRAVEL-RETURN-DURATION</string>
+				<string>X-APPLE-TRAVEL-RETURN</string>
+			</array>
+
+			<!-- Names of X- iCalendar properties that are sent from ORGANIZER to
+			     ATTENDEE -->
+			<key>OrganizerPublicProperties</key>
+			<array>
+				<string>X-APPLE-DROPBOX</string>
+				<string>X-APPLE-STRUCTURED-LOCATION</string>
+			</array>
+
+			<!-- Names of X- iCalendar parameters that are sent from ORGANIZER to
+			     ATTENDEE -->
+			<key>OrganizerPublicParameters</key>
+			<array>
+			</array>
+
+			<!-- Names of X- iCalendar properties that are sent from ATTENDEE to
+			     ORGANIZER These are also implicitly added to OrganizerPublicProperties -->
+			<key>AttendeePublicProperties</key>
+			<array>
+			</array>
+
+			<!-- Names of X- iCalendar parameters that are sent from ATTENDEE to
+			     ORGANIZER These are also implicitly added to OrganizerPublicParameters -->
+			<key>AttendeePublicParameters</key>
+			<array>
+			</array>
+		</dict>
+
+		<key>iSchedule</key>
+		<dict>
+			<!-- iSchedule protocol -->
+			<key>Enabled</key>
+			<false/>
+
+			<!-- Reg-ex patterns to match iSchedule-able calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- iSchedule server configurations -->
+			<key>RemoteServers</key>
+			<string>remoteservers.xml</string>
+
+			<!-- Capabilities serial number -->
+			<key>SerialNumber</key>
+			<integer>1</integer>
+
+			<!-- File where a fake Bind zone exists for creating fake DNS results -->
+			<key>DNSDebug</key>
+			<string></string>
+
+			<!-- DKIM options -->
+			<key>DKIM</key>
+			<dict>
+				<!-- DKIM signing/verification enabled -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Domain for DKIM (defaults to ServerHostName) -->
+				<key>Domain</key>
+				<string></string>
+
+				<!-- Selector for public key -->
+				<key>KeySelector</key>
+				<string>ischedule</string>
+
+				<!-- Signature algorithm (one of rsa-sha1 or rsa-sha256) -->
+				<key>SignatureAlgorithm</key>
+				<string>rsa-sha256</string>
+
+				<!-- This server's public key stored in DNS -->
+				<key>UseDNSKey</key>
+				<true/>
+
+				<!-- This server's public key stored in HTTP /.well-known -->
+				<key>UseHTTPKey</key>
+				<true/>
+
+				<!-- This server's public key manually exchanged with others -->
+				<key>UsePrivateExchangeKey</key>
+				<true/>
+
+				<!-- Expiration time for signature verification -->
+				<key>ExpireSeconds</key>
+				<integer>3600</integer>
+
+				<!-- File where private key is stored -->
+				<key>PrivateKeyFile</key>
+				<string></string>
+
+				<!-- File where public key is stored -->
+				<key>PublicKeyFile</key>
+				<string></string>
+
+				<!-- Directory where private exchange public keys are stored -->
+				<key>PrivateExchanges</key>
+				<string></string>
+
+				<!-- Turn on protocol level debugging to return detailed information to the
+				     requestor -->
+				<key>ProtocolDebug</key>
+				<false/>
+			</dict>
+		</dict>
+
+		<key>iMIP</key>
+		<dict>
+			<!-- Server-to-iMIP protocol -->
+			<key>Enabled</key>
+			<false/>
+
+			<key>Sending</key>
+			<dict>
+				<!-- SMTP server to relay messages through -->
+				<key>Server</key>
+				<string></string>
+
+				<!-- SMTP server port to relay messages through -->
+				<key>Port</key>
+				<integer>587</integer>
+
+				<!-- 'From' address for server -->
+				<key>Address</key>
+				<string></string>
+
+				<key>UseSSL</key>
+				<true/>
+
+				<!-- For account sending mail -->
+				<key>Username</key>
+				<string></string>
+
+				<!-- For account sending mail -->
+				<key>Password</key>
+				<string></string>
+
+				<!-- Messages for events older than this may days are not sent -->
+				<key>SuppressionDays</key>
+				<integer>7</integer>
+			</dict>
+
+			<key>Receiving</key>
+			<dict>
+				<!-- Server to retrieve email messages from -->
+				<key>Server</key>
+				<string></string>
+
+				<!-- Server port to retrieve email messages from -->
+				<key>Port</key>
+				<integer>0</integer>
+
+				<key>UseSSL</key>
+				<true/>
+
+				<!-- Type of message access server: 'pop' or 'imap' -->
+				<key>Type</key>
+				<string></string>
+
+				<!-- How often to fetch mail -->
+				<key>PollingSeconds</key>
+				<integer>30</integer>
+
+				<!-- For account receiving mail -->
+				<key>Username</key>
+				<string></string>
+
+				<!-- For account receiving mail -->
+				<key>Password</key>
+				<string></string>
+			</dict>
+
+			<!-- Regex patterns to match iMIP-able calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- Directory containing HTML templates for email invitations (invite.html,
+			     cancel.html) -->
+			<key>MailTemplatesDirectory</key>
+			<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/email_templates</string>
+
+			<!-- Directory containing language-specific subdirectories containing date-
+			     specific icons for email invitations -->
+			<key>MailIconsDirectory</key>
+			<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/date_icons</string>
+
+			<!-- How many days invitations are valid -->
+			<key>InvitationDaysToLive</key>
+			<integer>90</integer>
+		</dict>
+
+		<key>Options</key>
+		<dict>
+			<!-- Allow groups to be Organizers -->
+			<key>AllowGroupAsOrganizer</key>
+			<false/>
+
+			<!-- Allow locations to be Organizers -->
+			<key>AllowLocationAsOrganizer</key>
+			<false/>
+
+			<!-- Allow resources to be Organizers -->
+			<key>AllowResourceAsOrganizer</key>
+			<false/>
+
+			<!-- Allow locations to have events without an Organizer -->
+			<key>AllowLocationWithoutOrganizer</key>
+			<true/>
+
+			<!-- Allow resources to have events without an Organizer -->
+			<key>AllowResourceWithoutOrganizer</key>
+			<true/>
+
+			<!-- Track who the last modifier of an unscheduled location event is -->
+			<key>TrackUnscheduledLocationData</key>
+			<true/>
+
+			<!-- Track who the last modifier of an unscheduled resource event is -->
+			<key>TrackUnscheduledResourceData</key>
+			<true/>
+
+			<!-- Add fake email addresses to work around client bug -->
+			<key>FakeResourceLocationEmail</key>
+			<false/>
+
+			<!-- Maximum number of attendees to request freebusy for -->
+			<key>LimitFreeBusyAttendees</key>
+			<integer>30</integer>
+
+			<!-- Number of attendees to do batched refreshes: 0 - no batching -->
+			<key>AttendeeRefreshBatch</key>
+			<integer>5</integer>
+
+			<!-- Number of attendees above which attendee refreshes are suppressed: 0 -
+			     no limit -->
+			<key>AttendeeRefreshCountLimit</key>
+			<integer>50</integer>
+
+			<!-- Time for implicit UID lock timeout -->
+			<key>UIDLockTimeoutSeconds</key>
+			<integer>60</integer>
+
+			<!-- Expiration time for UID lock, -->
+			<key>UIDLockExpirySeconds</key>
+			<integer>300</integer>
+
+			<!-- Host names matched in http(s) CUAs -->
+			<key>PrincipalHostAliases</key>
+			<array>
+			</array>
+
+			<!-- Add a time stamp when an Attendee changes their PARTSTAT -->
+			<key>TimestampAttendeePartStatChanges</key>
+			<true/>
+
+			<!-- Delegates can get extra info in a freebusy request -->
+			<key>DelegeteRichFreeBusy</key>
+			<true/>
+
+			<!-- Any user can get extra info for rooms/resources in a freebusy request -->
+			<key>RoomResourceRichFreeBusy</key>
+			<true/>
+
+			<key>AutoSchedule</key>
+			<dict>
+				<!-- Auto-scheduling will never occur if set to False -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Override augments setting and always auto-schedule -->
+				<key>Always</key>
+				<false/>
+
+				<!-- Allow auto-schedule for users -->
+				<key>AllowUsers</key>
+				<false/>
+
+				<!-- Default mode for auto-schedule processing, one of: "none"            -
+				     no auto-scheduling "accept-always"   - always accept, ignore busy time
+				     "decline-always"  - always decline, ignore free time "accept-if-free"
+				     - accept if free, do nothing if busy "decline-if-busy" - decline if
+				     busy, do nothing if free "automatic"       - accept if free, decline if
+				     busy -->
+				<key>DefaultMode</key>
+				<string>automatic</string>
+
+				<!-- How far into the future to check for booking conflicts -->
+				<key>FutureFreeBusyDays</key>
+				<integer>1095</integer>
+			</dict>
+
+			<key>WorkQueues</key>
+			<dict>
+				<!-- Work queues for scheduling enabled -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Number of seconds delay for a queued scheduling request/cancel -->
+				<key>RequestDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Number of seconds delay for a queued scheduling reply -->
+				<key>ReplyDelaySeconds</key>
+				<integer>1</integer>
+
+				<!-- Time delay for sending an auto reply iTIP message -->
+				<key>AutoReplyDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Time after an iTIP REPLY for first batched attendee refresh -->
+				<key>AttendeeRefreshBatchDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Time between attendee batch refreshes -->
+				<key>AttendeeRefreshBatchIntervalSeconds</key>
+				<integer>5</integer>
+
+				<!-- Delay in seconds before a work item is executed again after a temp
+				     failure -->
+				<key>TemporaryFailureDelay</key>
+				<integer>60</integer>
+
+				<!-- Max number of temp failure retries before treating as a permanent
+				     failure -->
+				<key>MaxTemporaryFailures</key>
+				<integer>10</integer>
+			</dict>
+
+			<!-- This controls automatic splitting of large recurring events by the
+			     server. The ability for clients to split events using POST ?action=split
+			     is always enabled -->
+
+			<key>Splitting</key>
+			<dict>
+				<!-- False for now whilst we experiment with this -->
+				<key>Enabled</key>
+				<false/>
+
+				<!-- Consider splitting when greater than 100KB -->
+				<key>Size</key>
+				<integer>102400</integer>
+
+				<!-- Number of days in the past where the split will occur -->
+				<key>PastDays</key>
+				<integer>14</integer>
+
+				<!-- How many seconds to delay the split work item -->
+				<key>Delay</key>
+				<integer>60</integer>
+			</dict>
+		</dict>
+	</dict>
+
+	<key>FreeBusyURL</key>
+	<dict>
+		<!-- Per-user free-busy-url protocol -->
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Number of days into the future to generate f-b data if no explicit time-
+		     range is specified -->
+		<key>TimePeriod</key>
+		<integer>14</integer>
+
+		<!-- Allow anonymous read access to free-busy URL -->
+		<key>AnonymousAccess</key>
+		<false/>
+	</dict>
+
+	<!-- Notifications -->
+
+	<key>Notifications</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>CoalesceSeconds</key>
+		<integer>3</integer>
+
+		<key>Services</key>
+		<dict>
+			<key>APNS</key>
+			<dict>
+				<key>Enabled</key>
+				<false/>
+
+				<key>SubscriptionURL</key>
+				<string>apns</string>
+
+				<!-- How often the client should re-register (2 days) -->
+				<key>SubscriptionRefreshIntervalSeconds</key>
+				<integer>172800</integer>
+
+				<!-- How often a purge is done (12 hours) -->
+				<key>SubscriptionPurgeIntervalSeconds</key>
+				<integer>43200</integer>
+
+				<!-- How old a subscription must be before it's purged (14 days) -->
+				<key>SubscriptionPurgeSeconds</key>
+				<integer>1209600</integer>
+
+				<key>ProviderHost</key>
+				<string>gateway.push.apple.com</string>
+
+				<key>ProviderPort</key>
+				<integer>2195</integer>
+
+				<key>FeedbackHost</key>
+				<string>feedback.push.apple.com</string>
+
+				<key>FeedbackPort</key>
+				<integer>2196</integer>
+
+				<!-- 8 hours -->
+				<key>FeedbackUpdateSeconds</key>
+				<integer>28800</integer>
+
+				<key>Environment</key>
+				<string>PRODUCTION</string>
+
+				<key>EnableStaggering</key>
+				<false/>
+
+				<key>StaggerSeconds</key>
+				<integer>3</integer>
+
+				<key>CalDAV</key>
+				<dict>
+					<key>Enabled</key>
+					<false/>
+
+					<key>CertificatePath</key>
+					<string>Certificates/apns:com.apple.calendar.cert.pem</string>
+
+					<key>PrivateKeyPath</key>
+					<string>Certificates/apns:com.apple.calendar.key.pem</string>
+
+					<key>AuthorityChainPath</key>
+					<string>Certificates/apns:com.apple.calendar.chain.pem</string>
+
+					<key>Passphrase</key>
+					<string></string>
+
+					<key>KeychainIdentity</key>
+					<string>apns:com.apple.calendar</string>
+
+					<key>Topic</key>
+					<string></string>
+				</dict>
+
+				<key>CardDAV</key>
+				<dict>
+					<key>Enabled</key>
+					<false/>
+
+					<key>CertificatePath</key>
+					<string>Certificates/apns:com.apple.contact.cert.pem</string>
+
+					<key>PrivateKeyPath</key>
+					<string>Certificates/apns:com.apple.contact.key.pem</string>
+
+					<key>AuthorityChainPath</key>
+					<string>Certificates/apns:com.apple.contact.chain.pem</string>
+
+					<key>Passphrase</key>
+					<string></string>
+
+					<key>KeychainIdentity</key>
+					<string>apns:com.apple.contact</string>
+
+					<key>Topic</key>
+					<string></string>
+				</dict>
+			</dict>
+
+			<key>AMP</key>
+			<dict>
+				<key>Enabled</key>
+				<false/>
+
+				<key>Port</key>
+				<integer>62311</integer>
+
+				<key>EnableStaggering</key>
+				<false/>
+
+				<key>StaggerSeconds</key>
+				<integer>3</integer>
+			</dict>
+		</dict>
+	</dict>
+
+	<key>DirectoryProxy</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>SocketPath</key>
+		<string>directory-proxy.sock</string>
+
+		<key>InSidecarCachingSeconds</key>
+		<integer>120</integer>
+	</dict>
+
+	<key>DirectoryCaching</key>
+	<dict>
+		<!-- How long to cache in worker and in memcached -->
+		<key>CachingSeconds</key>
+		<integer>60</integer>
+
+		<key>NegativeCachingEnabled</key>
+		<true/>
+
+		<!-- 0 = purging turned off -->
+		<key>LookupsBetweenPurges</key>
+		<integer>10000</integer>
+	</dict>
+
+	<!-- Support multiple hosts within a domain -->
+
+	<key>Servers</key>
+	<dict>
+		<!-- Multiple servers enabled or not -->
+		<key>Enabled</key>
+		<false/>
+
+		<!-- File path for server information -->
+		<key>ConfigFile</key>
+		<string>localservers.xml</string>
+
+		<!-- Pool size for connections between servers -->
+		<key>MaxClients</key>
+		<integer>5</integer>
+
+		<!-- Name for top-level inbox resource -->
+		<key>InboxName</key>
+		<string>podding</string>
+
+		<!-- Name for top-level cross-pod resource -->
+		<key>ConduitName</key>
+		<string>conduit</string>
+	</dict>
+
+	<!-- Performance tuning -->
+
+	<!-- Set the maximum number of outstanding requests to this server. -->
+	<key>MaxRequests</key>
+	<integer>3</integer>
+
+	<key>MaxAccepts</key>
+	<integer>1</integer>
+
+	<!-- The maximum number of outstanding database connections per database
+	     connection pool. When SharedConnectionPool (see above) is set to True,
+	     this is the total number of outgoing database connections allowed to the
+	     entire server; when SharedConnectionPool is False - this is the default -
+	     this is the number of database connections used per worker process. -->
+	<key>MaxDBConnectionsPerPool</key>
+	<integer>10</integer>
+
+	<key>ListenBacklog</key>
+	<integer>2024</integer>
+
+	<!-- Max. time between request lines -->
+	<key>IncomingDataTimeOut</key>
+	<integer>60</integer>
+
+	<!-- Max. time between pipelined requests -->
+	<key>PipelineIdleTimeOut</key>
+	<integer>15</integer>
+
+	<!-- Max. time for response processing -->
+	<key>IdleConnectionTimeOut</key>
+	<integer>360</integer>
+
+	<!-- Max. time for client close -->
+	<key>CloseConnectionTimeOut</key>
+	<integer>15</integer>
+
+	<key>UIDReservationTimeOut</key>
+	<integer>1800</integer>
+
+	<key>MaxMultigetWithDataHrefs</key>
+	<integer>5000</integer>
+
+	<key>MaxQueryWithDataResults</key>
+	<integer>1000</integer>
+
+	<!-- How many results to return for principal search REPORT requests -->
+	<key>MaxPrincipalSearchReportResults</key>
+	<integer>500</integer>
+
+	<!-- How many seconds to wait for principal search REPORT results -->
+	<key>PrincipalSearchReportTimeout</key>
+	<integer>10</integer>
+
+	<!-- Client fixes per user-agent match -->
+
+	<key>ClientFixes</key>
+	<dict>
+		<key>ForceAttendeeTRANSP</key>
+		<array>
+			<string>iOS/8\\.0(\\..*)?</string>
+			<string>iOS/8\\.1(\\..*)?</string>
+			<string>iOS/8\\.2(\\..*)?</string>
+		</array>
+	</dict>
+
+	<!-- Localization -->
+
+	<key>Localization</key>
+	<dict>
+		<key>TranslationsDirectory</key>
+		<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/translations</string>
+
+		<!-- will be relative to DataRoot -->
+		<key>LocalesDirectory</key>
+		<string>locales</string>
+
+		<key>Language</key>
+		<string></string>
+	</dict>
+
+	<!-- Implementation details
+
+	     The following are specific to how the server is built, and useful for
+	     development, but shouldn't be needed by users. -->
+
+	<!-- Twisted -->
+	<key>Twisted</key>
+	<dict>
+		<key>reactor</key>
+		<string>select</string>
+	</dict>
+
+	<!-- Umask -->
+	<key>umask</key>
+	<integer>18</integer>
+
+	<!-- A TCP port used for communication between the child and master processes
+	     (bound to 127.0.0.1). Specify 0 to let OS assign a port. -->
+	<key>ControlPort</key>
+	<integer>0</integer>
+
+	<!-- A unix socket used for communication between the child and master
+	     processes. If blank, then an AF_INET socket is used instead. -->
+	<key>ControlSocket</key>
+	<string>caldavd.sock</string>
+
+	<!-- Support for Content-Encoding compression options as specified in RFC2616
+	     Section 3.5 Defaults off, because it weakens TLS (CRIME attack). -->
+	<key>ResponseCompression</key>
+	<false/>
+
+	<!-- The retry-after value (in seconds) to return with a 503 error -->
+	<key>HTTPRetryAfter</key>
+	<integer>180</integer>
+
+	<!-- Profiling options -->
+	<key>Profiling</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>BaseDirectory</key>
+		<string>/tmp/stats</string>
+	</dict>
+
+	<key>Memcached</key>
+	<dict>
+		<key>MaxClients</key>
+		<integer>5</integer>
+
+		<key>Pools</key>
+		<dict>
+			<key>Default</key>
+			<dict>
+				<!-- A unix socket used for communication with memcached. If MemcacheSocket
+				     is empty string, an AF_INET socket is used. -->
+				<key>MemcacheSocket</key>
+				<string></string>
+
+				<key>ClientEnabled</key>
+				<true/>
+
+				<!-- The server is handled outside our containers -->
+				<key>ServerEnabled</key>
+				<false/>
+
+				<key>BindAddress</key>
+				<string>$MEMCACHED_HOST</string>
+				<!-- <string>memcached</string> -->
+
+				<key>Port</key>
+				<integer>$MEMCACHED_PORT</integer>
+				<!-- <integer>11211</integer> -->
+
+				<!-- Possible types: "OpenDirectoryBacker", "ImplicitUIDLock",
+				     "RefreshUIDLock", "DIGESTCREDENTIALS", "resourceInfoDB", "pubsubnodes",
+				     "FBCache", "ScheduleAddressMapper", "SQL.props", "SQL.calhome",
+				     "SQL.adbkhome", -->
+				<key>HandleCacheTypes</key>
+				<array>
+					<string>Default</string>
+				</array>
+			</dict>
+
+			<!-- "Shared": { "ClientEnabled": True, "ServerEnabled": True, "BindAddress":
+			     "127.0.0.1", "Port": 11211, "HandleCacheTypes": [ "ProxyDB",
+			     "DelegatesDB", "PrincipalToken", ] }, -->
+		</dict>
+
+		<!-- Find in PATH -->
+		<key>memcached</key>
+		<string>memcached</string>
+
+		<!-- Megabytes -->
+		<key>MaxMemory</key>
+		<integer>0</integer>
+
+		<key>Options</key>
+		<array>
+		</array>
+
+		<key>ProxyDBKeyNormalization</key>
+		<true/>
+	</dict>
+
+	<key>Postgres</key>
+	<dict>
+		<key>DatabaseName</key>
+		<string>caldav</string>
+
+		<key>ClusterName</key>
+		<string>cluster</string>
+
+		<key>LogFile</key>
+		<string>postgres.log</string>
+
+		<key>LogRotation</key>
+		<false/>
+
+		<key>SocketDirectory</key>
+		<string></string>
+
+		<key>SocketName</key>
+		<string></string>
+
+		<key>ListenAddresses</key>
+		<array>
+		</array>
+
+		<!-- Time out transactions -->
+		<key>TxnTimeoutSeconds</key>
+		<integer>30</integer>
+
+		<!-- BuffersToConnectionsRatio * MaxConnections Note: don't set this, it will
+		     be computed dynamically See _updateMultiProcess( ) below for details -->
+		<key>SharedBuffers</key>
+		<integer>0</integer>
+
+		<!-- Dynamically computed based on ProcessCount, etc. Note: don't set this, it
+		     will be computed dynamically See _updateMultiProcess( ) below for details -->
+		<key>MaxConnections</key>
+		<integer>0</integer>
+
+		<!-- how many extra connections to leave for utilities -->
+		<key>ExtraConnections</key>
+		<integer>3</integer>
+
+		<key>BuffersToConnectionsRatio</key>
+		<real>1.5</real>
+
+		<key>Options</key>
+		<array>
+			<string>-c standard_conforming_strings=on</string>
+		</array>
+
+		<!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+		     pg_ctl tool to spawn it with? -->
+		<key>Ctl</key>
+		<string>pg_ctl</string>
+
+		<!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+		     initdb tool to create its database cluster with? -->
+		<key>Init</key>
+		<string>initdb</string>
+	</dict>
+
+	<key>QueryCaching</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>MemcachedPool</key>
+		<string>Default</string>
+
+		<key>ExpireSeconds</key>
+		<integer>3600</integer>
+	</dict>
+
+	<key>GroupCaching</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>UpdateSeconds</key>
+		<integer>300</integer>
+
+		<key>UseDirectoryBasedDelegates</key>
+		<false/>
+
+		<key>InitialSchedulingDelaySeconds</key>
+		<integer>10</integer>
+
+		<key>BatchSize</key>
+		<integer>100</integer>
+
+		<key>BatchSchedulingIntervalSeconds</key>
+		<integer>2</integer>
+	</dict>
+
+	<key>GroupAttendees</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>ReconciliationDelaySeconds</key>
+		<integer>5</integer>
+
+		<!-- 1 hour -->
+		<key>AutoUpdateSecondsFromNow</key>
+		<integer>3600</integer>
+	</dict>
+
+	<key>AutomaticPurging</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- 7 days -->
+		<key>PollingIntervalSeconds</key>
+		<integer>604800</integer>
+
+		<!-- No staggering -->
+		<key>CheckStaggerSeconds</key>
+		<integer>0</integer>
+
+		<!-- 7 days -->
+		<key>PurgeIntervalSeconds</key>
+		<integer>604800</integer>
+
+		<key>HomePurgeDelaySeconds</key>
+		<integer>60</integer>
+
+		<!-- 7 days -->
+		<key>GroupPurgeIntervalSeconds</key>
+		<integer>604800</integer>
+	</dict>
+
+	<key>Manhole</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Set to False for telnet -->
+		<key>UseSSH</key>
+		<true/>
+
+		<!-- Master listens here, children increment -->
+		<key>StartingPortNumber</key>
+		<integer>5000</integer>
+
+		<!-- Directory Proxy listens here -->
+		<key>DPSPortNumber</key>
+		<integer>4999</integer>
+
+		<!-- Path to password file with lines of user:pass -->
+		<key>PasswordFilePath</key>
+		<string></string>
+
+		<!-- Relative to DataRoot -->
+		<key>sshKeyName</key>
+		<string>manhole.key</string>
+
+		<key>sshKeySize</key>
+		<integer>4096</integer>
+	</dict>
+
+	<key>EnableKeepAlive</key>
+	<false/>
+
+	<key>EnableResponseCache</key>
+	<true/>
+
+	<!-- Minutes -->
+	<key>ResponseCacheTimeout</key>
+	<integer>30</integer>
+
+	<key>EnableFreeBusyCache</key>
+	<true/>
+
+	<key>FreeBusyCacheDaysBack</key>
+	<integer>7</integer>
+
+	<key>FreeBusyCacheDaysForward</key>
+	<integer>84</integer>
+
+	<key>FreeBusyIndexLowerLimitDays</key>
+	<integer>365</integer>
+
+	<key>FreeBusyIndexExpandAheadDays</key>
+	<integer>365</integer>
+
+	<key>FreeBusyIndexExpandMaxDays</key>
+	<integer>1825</integer>
+
+	<key>FreeBusyIndexDelayedExpand</key>
+	<false/>
+
+	<key>FreeBusyIndexSmartUpdate</key>
+	<true/>
+
+	<!-- The RootResource uses a twext property store. Specify the class here -->
+	<key>RootResourcePropStoreClass</key>
+	<string>txweb2.dav.xattrprops.xattrPropertyStore</string>
+
+	<!-- Used in the command line utilities to specify which service class to use
+	     to carry out work. -->
+	<key>UtilityServiceClass</key>
+	<string></string>
+
+	<!-- Inbox items created more than MigratedInboxDaysCutoff days in the past are
+	     removed during migration -->
+	<key>MigratedInboxDaysCutoff</key>
+	<integer>60</integer>
+
+	<!-- The default timezone for the server; on OS X you can leave this empty and
+	     the system's timezone will be used.  If empty and not on OS X it will
+	     default to America/Los_Angeles. -->
+	<key>DefaultTimezone</key>
+	<string></string>
+
+	<!-- After this many seconds of no admin requests, shutdown the agent.  Zero
+	     means no automatic shutdown. -->
+	<key>AgentInactivityTimeoutSeconds</key>
+	<integer>300</integer>
+
+	<!-- Program to execute if the service cannot start; for example in OS X we
+	     want to call serveradmin to disable the service so launchd does not keep
+	     respawning it.  Empty string to disable this feature. -->
+	<key>ServiceDisablingProgram</key>
+	<string></string>
+
+	<!-- Program to execute to post an alert to the administrator; for example in
+	     OS X we want to call calendarserver_alert &lt;alert-type&gt; &lt;args&gt; -->
+	<key>AlertPostingProgram</key>
+	<string></string>
+
+	<!-- These three keys are relative to ConfigRoot: -->
+
+	<!-- Config to read first and merge -->
+	<key>ImportConfig</key>
+	<string></string>
+
+	<!-- Other plists to parse after this one; note that an Include can change the
+	     ServerRoot and/or ConfigRoot, thereby affecting the locations of the
+	     following Includes in the list. (Useful for service directory relocation) -->
+	<key>Includes</key>
+	<array>
+	</array>
+
+	<!-- Which config file calendarserver_config should  write to for changes;
+	     empty string means the main config file -->
+	<key>WritableConfigFile</key>
+	<string></string>
+</dict>
+</plist>
diff --git a/docker/docker_cmd.sh b/docker/docker_cmd.sh
new file mode 100755
index 000000000..28804aa16
--- /dev/null
+++ b/docker/docker_cmd.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Just get our conf file
+TEMP_FILE="/home/ccs/docker/caldavd.plist.template"
+
+# It is important that this dir is world-writable,
+# /tmp usually is
+CONF_FILE="/tmp/caldavd.plist"
+
+# Replace any env variable as they come from docker run
+envsubst < $TEMP_FILE > $CONF_FILE
+
+# TODO Evaluate performance issues
+# This is because the random user picked by OpenShift
+# is not allowed to write/mkdir __pycache__
+export PYTHONDONTWRITEBYTECODE=x
+
+# Run caldavd, no daemonize, log to stdout
+caldavd -X -L -f $CONF_FILE

From 885143149c91045d5f9ad2b264d8ad37d6e39f6c Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 11:09:14 +0200
Subject: [PATCH 02/19] try to run with another user

---
 Dockerfile | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4553f92ab..d03be9436 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,10 @@
 FROM ubuntu:16.04
 
-LABEL maintainer            "giorgio.azzinnaro@gmail.com"
-LABEL io.openshift.tags     caldavd,ccs
-LABEL io.openshift.wants    memcached,postgres
-LABEL io.k8s.description    "Calendar and Contacts Server is a CalDAV implementation"
+LABEL maintainer                    "giorgio.azzinnaro@gmail.com"
+LABEL io.openshift.tags             caldavd,ccs
+LABEL io.openshift.wants            memcached,postgres
+LABEL io.k8s.description            "Calendar and Contacts Server is a CalDAV implementation"
+LABEL io.openshift.expose-services  8080:http
 
 # Straight from CCS GitHub install guide
 # except for gettext-base, which we need for "envsubst"
@@ -20,7 +21,11 @@ ADD . /home/ccs
 WORKDIR /home/ccs
 
 # Dependencies are retrieved and CCS installed in /usr/local
-RUN pip install -r requirements-default.txt
+RUN pip install -r requirements-default.txt 
+
+# Create all runtime directories and ensure right permissions for OC
+RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd && \
+    chmod -R a+wX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd
 
 # TODO Check if everything is in this dir
 VOLUME [ "/var/db/caldavd" ]
@@ -37,8 +42,8 @@ ENV POSTGRES_PASS   password
 ENV MEMCACHED_HOST  memcached
 ENV MEMCACHED_PORT  11211
 
-# To avoid errors with OpenShift
-#USER 1000
+# To avoid errors with OpenShift, could be any
+USER 1000
 
 # This entry point simply creates /etc/caldavd/caldavd.plist,
 # using the given ENV as placeholders,

From bf320a376bdf8ee82e35f52c2beb515d165572e2 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 12:21:44 +0200
Subject: [PATCH 03/19] removed a few config layers from Dockerfile

---
 Dockerfile | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d03be9436..c5a569f61 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,10 @@
 FROM ubuntu:16.04
 
-LABEL maintainer                    "giorgio.azzinnaro@gmail.com"
-LABEL io.openshift.tags             caldavd,ccs
-LABEL io.openshift.wants            memcached,postgres
-LABEL io.k8s.description            "Calendar and Contacts Server is a CalDAV implementation"
-LABEL io.openshift.expose-services  8080:http
+LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"                               \
+      io.openshift.tags             = caldavd,ccs                                                 \
+      io.openshift.wants            = memcached,postgres                                          \
+      io.k8s.description            = "Calendar and Contacts Server is a CalDAV implementation"   \
+      io.openshift.expose-services  = 8080:http4
 
 # Straight from CCS GitHub install guide
 # except for gettext-base, which we need for "envsubst"
@@ -34,13 +34,12 @@ VOLUME [ "/var/db/caldavd" ]
 EXPOSE 8080
 
 # Some sensible defaults for config
-ENV POSTGRES_HOST   tcp:postgres:5432
-ENV POSTGRES_DB     postgres
-ENV POSTGRES_USER   postgres
-ENV POSTGRES_PASS   password
-
-ENV MEMCACHED_HOST  memcached
-ENV MEMCACHED_PORT  11211
+ENV POSTGRES_HOST   = tcp:postgres:5432 \
+    POSTGRES_DB     = postgres          \
+    POSTGRES_USER   = postgres          \
+    POSTGRES_PASS   = password          \
+    MEMCACHED_HOST  = memcached         \
+    MEMCACHED_PORT  = 11211
 
 # To avoid errors with OpenShift, could be any
 USER 1000

From 0fa9a7e8aa5e21456f6f565988069e6774ef8105 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 19:42:15 +0200
Subject: [PATCH 04/19] using contrib/ directory

---
 Dockerfile                                        | 2 +-
 {docker => contrib/docker}/README.md              | 0
 {docker => contrib/docker}/caldavd.plist.template | 0
 {docker => contrib/docker}/docker_cmd.sh          | 7 +------
 4 files changed, 2 insertions(+), 7 deletions(-)
 rename {docker => contrib/docker}/README.md (100%)
 rename {docker => contrib/docker}/caldavd.plist.template (100%)
 rename {docker => contrib/docker}/docker_cmd.sh (57%)

diff --git a/Dockerfile b/Dockerfile
index c5a569f61..7ad156282 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,4 +47,4 @@ USER 1000
 # This entry point simply creates /etc/caldavd/caldavd.plist,
 # using the given ENV as placeholders,
 # and then runs `caldavd -X -L`
-CMD [ "/home/ccs/docker/docker_cmd.sh" ]
\ No newline at end of file
+CMD [ "/home/ccs/contrib/docker/docker_cmd.sh" ]
\ No newline at end of file
diff --git a/docker/README.md b/contrib/docker/README.md
similarity index 100%
rename from docker/README.md
rename to contrib/docker/README.md
diff --git a/docker/caldavd.plist.template b/contrib/docker/caldavd.plist.template
similarity index 100%
rename from docker/caldavd.plist.template
rename to contrib/docker/caldavd.plist.template
diff --git a/docker/docker_cmd.sh b/contrib/docker/docker_cmd.sh
similarity index 57%
rename from docker/docker_cmd.sh
rename to contrib/docker/docker_cmd.sh
index 28804aa16..1157e0ed0 100755
--- a/docker/docker_cmd.sh
+++ b/contrib/docker/docker_cmd.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Just get our conf file
-TEMP_FILE="/home/ccs/docker/caldavd.plist.template"
+TEMP_FILE="/home/ccs/contrib/docker/caldavd.plist.template"
 
 # It is important that this dir is world-writable,
 # /tmp usually is
@@ -10,10 +10,5 @@ CONF_FILE="/tmp/caldavd.plist"
 # Replace any env variable as they come from docker run
 envsubst < $TEMP_FILE > $CONF_FILE
 
-# TODO Evaluate performance issues
-# This is because the random user picked by OpenShift
-# is not allowed to write/mkdir __pycache__
-export PYTHONDONTWRITEBYTECODE=x
-
 # Run caldavd, no daemonize, log to stdout
 caldavd -X -L -f $CONF_FILE

From 429d08b6984b64392ee0706a56593cad529d2bbd Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 22:56:50 +0200
Subject: [PATCH 05/19] relevant ldap config

---
 Dockerfile                            | 15 +++++++++------
 contrib/docker/caldavd.plist.template | 15 ++++++++++++---
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7ad156282..ae389ffaa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,12 +34,15 @@ VOLUME [ "/var/db/caldavd" ]
 EXPOSE 8080
 
 # Some sensible defaults for config
-ENV POSTGRES_HOST   = tcp:postgres:5432 \
-    POSTGRES_DB     = postgres          \
-    POSTGRES_USER   = postgres          \
-    POSTGRES_PASS   = password          \
-    MEMCACHED_HOST  = memcached         \
-    MEMCACHED_PORT  = 11211
+ENV POSTGRES_HOST   = tcp:postgres:5432             \
+    POSTGRES_DB     = postgres                      \
+    POSTGRES_USER   = postgres                      \
+    POSTGRES_PASS   = password                      \
+    MEMCACHED_HOST  = memcached                     \
+    MEMCACHED_PORT  = 11211                         \
+    LDAP_URI        = ldap://openldap               \
+    LDAP_DN         = "cn=admin,dc=example,dc=org"  \
+    LDAP_PASS       = admin
 
 # To avoid errors with OpenShift, could be any
 USER 1000
diff --git a/contrib/docker/caldavd.plist.template b/contrib/docker/caldavd.plist.template
index ed19ded8c..a2ade19bc 100644
--- a/contrib/docker/caldavd.plist.template
+++ b/contrib/docker/caldavd.plist.template
@@ -400,7 +400,7 @@
 		<true/>
 
 		<key>type</key>
-		<string>xml</string>
+		<string>ldap</string>
 
 		<key>params</key>
 		<dict>
@@ -410,8 +410,17 @@
 				<string>groups</string>
 			</array>
 
-			<key>xmlFile</key>
-			<string>accounts.xml</string>
+			<key>uri</key>
+			<string>$LDAP_URI</string>
+
+			<key>credentials</key>
+			<dict>
+			<key>dn</key>
+			<string>$LDAP_DN</string>
+
+			<key>password</key>
+			<string>$LDAP_PASS</string>
+			</dict>
 		</dict>
 	</dict>
 

From ae15a265c1c405711717db32dde66dc4a27bea15 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 2 Apr 2018 23:02:26 +0200
Subject: [PATCH 06/19] fix issue with ENV in dockerfile

---
 Dockerfile | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ae389ffaa..8833209d8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,15 +34,15 @@ VOLUME [ "/var/db/caldavd" ]
 EXPOSE 8080
 
 # Some sensible defaults for config
-ENV POSTGRES_HOST   = tcp:postgres:5432             \
-    POSTGRES_DB     = postgres                      \
-    POSTGRES_USER   = postgres                      \
-    POSTGRES_PASS   = password                      \
-    MEMCACHED_HOST  = memcached                     \
-    MEMCACHED_PORT  = 11211                         \
-    LDAP_URI        = ldap://openldap               \
-    LDAP_DN         = "cn=admin,dc=example,dc=org"  \
-    LDAP_PASS       = admin
+ENV POSTGRES_HOST   tcp:postgres:5432
+ENV POSTGRES_DB     postgres
+ENV POSTGRES_USER   postgres
+ENV POSTGRES_PASS   password
+ENV MEMCACHED_HOST  memcached
+ENV MEMCACHED_PORT  11211
+ENV LDAP_URI        ldap://openldap
+ENV LDAP_DN         "cn=admin,dc=example,dc=org"
+ENV LDAP_PASS       admin
 
 # To avoid errors with OpenShift, could be any
 USER 1000

From 70424bd015909b60db0c80589cdb4c481a60f699 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sat, 14 Apr 2018 19:03:42 +0200
Subject: [PATCH 07/19] fixing issue with uid

---
 Dockerfile                     |  6 +++---
 contrib/docker/docker_cmd.sh   |  9 +++++++++
 contrib/docker/passwd.template | 23 +++++++++++++++++++++++
 3 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 contrib/docker/passwd.template

diff --git a/Dockerfile b/Dockerfile
index 8833209d8..897d54f2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@ LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"
 RUN apt-get update &&                                       \
     apt-get -y install build-essential                      \
         python-setuptools python-pip python-dev             \
-        git curl gettext-base                               \
+        git curl gettext-base libnss-wrapper                \
         libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
         libldap2-dev libsasl2-dev zlib1g-dev
 
@@ -25,7 +25,7 @@ RUN pip install -r requirements-default.txt
 
 # Create all runtime directories and ensure right permissions for OC
 RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd && \
-    chmod -R a+wX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd
+    chmod -R g+rwX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd
 
 # TODO Check if everything is in this dir
 VOLUME [ "/var/db/caldavd" ]
@@ -41,7 +41,7 @@ ENV POSTGRES_PASS   password
 ENV MEMCACHED_HOST  memcached
 ENV MEMCACHED_PORT  11211
 ENV LDAP_URI        ldap://openldap
-ENV LDAP_DN         "cn=admin,dc=example,dc=org"
+ENV LDAP_DN         cn=admin,dc=example,dc=org
 ENV LDAP_PASS       admin
 
 # To avoid errors with OpenShift, could be any
diff --git a/contrib/docker/docker_cmd.sh b/contrib/docker/docker_cmd.sh
index 1157e0ed0..eda851036 100755
--- a/contrib/docker/docker_cmd.sh
+++ b/contrib/docker/docker_cmd.sh
@@ -1,5 +1,14 @@
 #!/bin/sh
 
+# This is because OpenShift runs with random UIDs,
+# and ccs expects the UID to be in /etc/passwd
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+envsubst < "/home/ccs/contrib/docker/passwd.template" > /tmp/passwd
+export LD_PRELOAD=libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=/tmp/passwd
+export NSS_WRAPPER_GROUP=/etc/group
+
 # Just get our conf file
 TEMP_FILE="/home/ccs/contrib/docker/caldavd.plist.template"
 
diff --git a/contrib/docker/passwd.template b/contrib/docker/passwd.template
new file mode 100644
index 000000000..552d368cb
--- /dev/null
+++ b/contrib/docker/passwd.template
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
+systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
+systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
+systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
+calendarserver:x:${USER_ID}:${GROUP_ID}:Calendar and Contacts Server:${HOME}:/bin/bash
\ No newline at end of file

From f3ac298dcfd7e3d3c161afefdadec9ea58e23e7d Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sat, 14 Apr 2018 19:22:23 +0200
Subject: [PATCH 08/19] trying to make nss_wrapper work

---
 Dockerfile                     | 2 +-
 contrib/docker/docker_cmd.sh   | 2 +-
 contrib/docker/passwd.template | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 897d54f2b..2bb2a7db8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"
       io.openshift.tags             = caldavd,ccs                                                 \
       io.openshift.wants            = memcached,postgres                                          \
       io.k8s.description            = "Calendar and Contacts Server is a CalDAV implementation"   \
-      io.openshift.expose-services  = 8080:http4
+      io.openshift.expose-services  = 8080:http
 
 # Straight from CCS GitHub install guide
 # except for gettext-base, which we need for "envsubst"
diff --git a/contrib/docker/docker_cmd.sh b/contrib/docker/docker_cmd.sh
index eda851036..d5face88f 100755
--- a/contrib/docker/docker_cmd.sh
+++ b/contrib/docker/docker_cmd.sh
@@ -5,7 +5,7 @@
 export USER_ID=$(id -u)
 export GROUP_ID=$(id -g)
 envsubst < "/home/ccs/contrib/docker/passwd.template" > /tmp/passwd
-export LD_PRELOAD=libnss_wrapper.so
+export LD_PRELOAD=/usr/lib/libnss_wrapper.so
 export NSS_WRAPPER_PASSWD=/tmp/passwd
 export NSS_WRAPPER_GROUP=/etc/group
 
diff --git a/contrib/docker/passwd.template b/contrib/docker/passwd.template
index 552d368cb..b6c73d343 100644
--- a/contrib/docker/passwd.template
+++ b/contrib/docker/passwd.template
@@ -20,4 +20,4 @@ systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/fal
 systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
 systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
 systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
-calendarserver:x:${USER_ID}:${GROUP_ID}:Calendar and Contacts Server:${HOME}:/bin/bash
\ No newline at end of file
+calendarserver:x:${USER_ID}:${GROUP_ID}:Calendar and Contacts Server:${HOME}:/bin/bash

From 4ce13d58e18b9fe42452f896934772d97182a649 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sat, 14 Apr 2018 19:25:58 +0200
Subject: [PATCH 09/19] refactoring entrypoint sh

---
 contrib/docker/docker_cmd.sh | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/contrib/docker/docker_cmd.sh b/contrib/docker/docker_cmd.sh
index d5face88f..b582c7cf8 100755
--- a/contrib/docker/docker_cmd.sh
+++ b/contrib/docker/docker_cmd.sh
@@ -2,22 +2,26 @@
 
 # This is because OpenShift runs with random UIDs,
 # and ccs expects the UID to be in /etc/passwd
+PASSWD_TEMP_FILE="/home/ccs/contrib/docker/passwd.template"
+PASSWD_FILE="/tmp/passwd"
+
 export USER_ID=$(id -u)
 export GROUP_ID=$(id -g)
-envsubst < "/home/ccs/contrib/docker/passwd.template" > /tmp/passwd
+envsubst < $PASSWD_TEMP_FILE > $PASSWD_FILE
+
 export LD_PRELOAD=/usr/lib/libnss_wrapper.so
-export NSS_WRAPPER_PASSWD=/tmp/passwd
+export NSS_WRAPPER_PASSWD=$PASSWD_FILE
 export NSS_WRAPPER_GROUP=/etc/group
 
 # Just get our conf file
-TEMP_FILE="/home/ccs/contrib/docker/caldavd.plist.template"
+CCS_CONF_TEMP_FILE="/home/ccs/contrib/docker/caldavd.plist.template"
 
 # It is important that this dir is world-writable,
 # /tmp usually is
-CONF_FILE="/tmp/caldavd.plist"
+CCS_CONF_FILE="/tmp/caldavd.plist"
 
 # Replace any env variable as they come from docker run
-envsubst < $TEMP_FILE > $CONF_FILE
+envsubst < $CCS_CONF_TEMP_FILE > $CCS_CONF_FILE
 
 # Run caldavd, no daemonize, log to stdout
-caldavd -X -L -f $CONF_FILE
+caldavd -X -L -f $CCS_CONF_FILE

From 651bd7349faa1abb5200f12956c8591c442f3d79 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sun, 15 Apr 2018 10:55:27 +0200
Subject: [PATCH 10/19] enabling dynamic /etc/passwd

---
 Dockerfile                     |  7 ++++---
 contrib/docker/docker_cmd.sh   | 12 ++----------
 contrib/docker/passwd.template | 23 -----------------------
 3 files changed, 6 insertions(+), 36 deletions(-)
 delete mode 100644 contrib/docker/passwd.template

diff --git a/Dockerfile b/Dockerfile
index 2bb2a7db8..f0f02b4c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@ LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"
 RUN apt-get update &&                                       \
     apt-get -y install build-essential                      \
         python-setuptools python-pip python-dev             \
-        git curl gettext-base libnss-wrapper                \
+        git curl gettext-base                               \
         libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
         libldap2-dev libsasl2-dev zlib1g-dev
 
@@ -24,8 +24,9 @@ WORKDIR /home/ccs
 RUN pip install -r requirements-default.txt 
 
 # Create all runtime directories and ensure right permissions for OC
-RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd && \
-    chmod -R g+rwX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd
+RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd &&                   \
+    chmod -R g+rwX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd &&   \
+    chmod g=u /etc/passwd
 
 # TODO Check if everything is in this dir
 VOLUME [ "/var/db/caldavd" ]
diff --git a/contrib/docker/docker_cmd.sh b/contrib/docker/docker_cmd.sh
index b582c7cf8..050788d19 100755
--- a/contrib/docker/docker_cmd.sh
+++ b/contrib/docker/docker_cmd.sh
@@ -2,16 +2,8 @@
 
 # This is because OpenShift runs with random UIDs,
 # and ccs expects the UID to be in /etc/passwd
-PASSWD_TEMP_FILE="/home/ccs/contrib/docker/passwd.template"
-PASSWD_FILE="/tmp/passwd"
-
-export USER_ID=$(id -u)
-export GROUP_ID=$(id -g)
-envsubst < $PASSWD_TEMP_FILE > $PASSWD_FILE
-
-export LD_PRELOAD=/usr/lib/libnss_wrapper.so
-export NSS_WRAPPER_PASSWD=$PASSWD_FILE
-export NSS_WRAPPER_GROUP=/etc/group
+# Must be done at runtime because of the dynamic UID
+echo "ccs:x:$(id -u):$(id -g):Calendar and Contacts Server:/home/ccs:/bin/bash" >> /etc/passwd
 
 # Just get our conf file
 CCS_CONF_TEMP_FILE="/home/ccs/contrib/docker/caldavd.plist.template"
diff --git a/contrib/docker/passwd.template b/contrib/docker/passwd.template
deleted file mode 100644
index b6c73d343..000000000
--- a/contrib/docker/passwd.template
+++ /dev/null
@@ -1,23 +0,0 @@
-root:x:0:0:root:/root:/bin/bash
-daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
-bin:x:2:2:bin:/bin:/usr/sbin/nologin
-sys:x:3:3:sys:/dev:/usr/sbin/nologin
-sync:x:4:65534:sync:/bin:/bin/sync
-games:x:5:60:games:/usr/games:/usr/sbin/nologin
-man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
-lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
-mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
-news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
-uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
-proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
-www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
-backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
-list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
-irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
-gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
-nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
-systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
-systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
-systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
-calendarserver:x:${USER_ID}:${GROUP_ID}:Calendar and Contacts Server:${HOME}:/bin/bash

From 78732d4495bccc7ea51d846e8a0215bcb6bce004 Mon Sep 17 00:00:00 2001
From: Marcel Schoengens <mschoengens@bitvalve.org>
Date: Thu, 3 May 2018 10:04:17 +0200
Subject: [PATCH 11/19] Created Docker Compose file and modified Dockerfile to
 work without LDAP support.

---
 Dockerfile                                    |   54 -
 contrib/docker_compose/Dockerfile             |   53 +
 contrib/docker_compose/caldavd.plist.template | 2292 +++++++++++++++++
 contrib/docker_compose/docker-compose.yml     |   78 +
 contrib/docker_compose/docker_cmd.sh          |   43 +
 5 files changed, 2466 insertions(+), 54 deletions(-)
 delete mode 100644 Dockerfile
 create mode 100644 contrib/docker_compose/Dockerfile
 create mode 100644 contrib/docker_compose/caldavd.plist.template
 create mode 100644 contrib/docker_compose/docker-compose.yml
 create mode 100644 contrib/docker_compose/docker_cmd.sh

diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index f0f02b4c8..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,54 +0,0 @@
-FROM ubuntu:16.04
-
-LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"                               \
-      io.openshift.tags             = caldavd,ccs                                                 \
-      io.openshift.wants            = memcached,postgres                                          \
-      io.k8s.description            = "Calendar and Contacts Server is a CalDAV implementation"   \
-      io.openshift.expose-services  = 8080:http
-
-# Straight from CCS GitHub install guide
-# except for gettext-base, which we need for "envsubst"
-RUN apt-get update &&                                       \
-    apt-get -y install build-essential                      \
-        python-setuptools python-pip python-dev             \
-        git curl gettext-base                               \
-        libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
-        libldap2-dev libsasl2-dev zlib1g-dev
-
-# All of the source code is in here
-ADD . /home/ccs
-
-WORKDIR /home/ccs
-
-# Dependencies are retrieved and CCS installed in /usr/local
-RUN pip install -r requirements-default.txt 
-
-# Create all runtime directories and ensure right permissions for OC
-RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd &&                   \
-    chmod -R g+rwX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd &&   \
-    chmod g=u /etc/passwd
-
-# TODO Check if everything is in this dir
-VOLUME [ "/var/db/caldavd" ]
-
-# This can be edited in docker/caldavd.plist.template > HTTPPort
-EXPOSE 8080
-
-# Some sensible defaults for config
-ENV POSTGRES_HOST   tcp:postgres:5432
-ENV POSTGRES_DB     postgres
-ENV POSTGRES_USER   postgres
-ENV POSTGRES_PASS   password
-ENV MEMCACHED_HOST  memcached
-ENV MEMCACHED_PORT  11211
-ENV LDAP_URI        ldap://openldap
-ENV LDAP_DN         cn=admin,dc=example,dc=org
-ENV LDAP_PASS       admin
-
-# To avoid errors with OpenShift, could be any
-USER 1000
-
-# This entry point simply creates /etc/caldavd/caldavd.plist,
-# using the given ENV as placeholders,
-# and then runs `caldavd -X -L`
-CMD [ "/home/ccs/contrib/docker/docker_cmd.sh" ]
\ No newline at end of file
diff --git a/contrib/docker_compose/Dockerfile b/contrib/docker_compose/Dockerfile
new file mode 100644
index 000000000..7fe4c6b7b
--- /dev/null
+++ b/contrib/docker_compose/Dockerfile
@@ -0,0 +1,53 @@
+FROM ubuntu:16.04
+
+ENV VERSION "9.2"
+
+RUN apt-get update \
+    && apt-get -y install build-essential \
+        python-setuptools python-pip python-dev \
+        git curl gettext-base wget postgresql-client \
+        libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
+        libldap2-dev libsasl2-dev zlib1g-dev  \
+    && apt-get purge -y --auto-remove \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt
+
+RUN git clone https://github.com/apple/ccs-calendarserver.git ccs \
+    && cd ccs \
+    && git checkout CalendarServer-$VERSION
+
+WORKDIR /opt/ccs
+
+# Dependencies are retrieved and CCS installed in /usr/local
+RUN pip install -r requirements-default.txt
+
+ADD docker_cmd.sh bin
+ADD caldavd.plist.template .
+
+RUN useradd -ms /bin/bash ccs \
+    && mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd /etc/caldavd /opt/ccs/src/twextpy/twext/python/__pycache__/ \
+    && chown root:ccs /etc/caldavd /var/log/caldavd /var/run/caldavd /opt/ccs/src/twextpy/twext/python/__pycache__/  \
+    && chown ccs:ccs /var/db/caldavd \
+    && chmod -R g+rwX /opt/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd /etc/caldavd /opt/ccs/src/twextpy/twext/python/__pycache__/  \
+    && chmod g=u /etc/passwd \
+    && chmod +x /opt/ccs/bin/docker_cmd.sh
+
+RUN  apt-get update && apt-get -y install emacs-nox iputils-ping telnet 
+
+VOLUME [ "/var/db/caldavd", "/etc/caldavd" ]
+
+EXPOSE 8080
+
+# Some sensible defaults for config
+ENV POSTGRES_HOST   tcp:postgres:5432
+ENV POSTGRES_DB     postgres
+ENV POSTGRES_USER   postgres
+ENV POSTGRES_PASS   password
+ENV MEMCACHED_HOST  memcached
+ENV MEMCACHED_PORT  11211
+
+USER ccs
+
+# This entry point starts the server and creates the config files (in case they do not already exist)
+CMD [ "/opt/ccs/bin/docker_cmd.sh" ]
\ No newline at end of file
diff --git a/contrib/docker_compose/caldavd.plist.template b/contrib/docker_compose/caldavd.plist.template
new file mode 100644
index 000000000..58647e47a
--- /dev/null
+++ b/contrib/docker_compose/caldavd.plist.template
@@ -0,0 +1,2292 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+
+<!--
+    Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+  -->
+
+<plist version="1.0">
+<dict>
+	<!-- Public network address information
+
+	     This is the server's public network address, which is provided to clients
+	     in URLs and the like.  It may or may not be the network address that the
+	     server is listening to directly, though it is by default.  For example, it
+	     may be the address of a load balancer or proxy which forwards connections
+	     to the server. -->
+
+	<!-- Network host name. -->
+	<key>ServerHostName</key>
+	<string></string>
+
+	<!-- Docker: Must be above 1024 for OpenShift -->
+	<!-- HTTP port (0 to disable HTTP) -->
+	<key>HTTPPort</key>
+	<integer>8080</integer>
+		
+	<!-- SSL port (0 to disable HTTPS) -->
+	<key>SSLPort</key>
+	<integer>0</integer>
+
+	<!-- Whether to listen on SSL port(s) -->
+	<key>EnableSSL</key>
+	<false/>
+
+	<!-- Whether the service is offloading TLS duty to a proxy -->
+	<key>BehindTLSProxy</key>
+	<false/>
+
+	<!-- If True, all nonSSL requests redirected to an SSL Port -->
+	<key>RedirectHTTPToHTTPS</key>
+	<false/>
+
+	<!-- SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD -->
+	<key>SSLMethod</key>
+	<string>SSLv23_METHOD</string>
+
+	<key>SSLCiphers</key>
+	<string>RC4-SHA:HIGH:!ADH</string>
+
+	<!-- Max-age value for Strict-Transport-Security header; set to 0 to disable
+	     header. -->
+	<key>StrictTransportSecuritySeconds</key>
+	<integer>604800</integer>
+
+	<!-- Network address configuration information.
+
+	     This configures the actual network address that the server binds to. -->
+
+	<key>SocketFiles</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Socket file to listen for secure requests on -->
+		<key>Secured</key>
+		<string>secured.sock</string>
+
+		<!-- Socket file to listen for insecure requests on -->
+		<key>Unsecured</key>
+		<string>unsecured.sock</string>
+
+		<key>Owner</key>
+		<string></string>
+
+		<key>Group</key>
+		<string></string>
+
+		<key>Permissions</key>
+		<integer>504</integer>
+	</dict>
+
+	<key>SocketRoot</key>
+	<string>/tmp/calendarserver</string>
+
+	<!-- List of IP addresses to bind to [empty = all] -->
+	<key>BindAddresses</key>
+	<array>
+	</array>
+
+	<!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
+	<key>BindHTTPPorts</key>
+	<array>
+	</array>
+
+	<!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
+	<key>BindSSLPorts</key>
+	<array>
+	</array>
+
+	<!-- File descriptors to inherit for HTTP requests [empty = don't inherit] -->
+	<key>InheritFDs</key>
+	<array>
+	</array>
+
+	<!-- File descriptors to inherit for HTTPS requests [empty = don't inherit] -->
+	<key>InheritSSLFDs</key>
+	<array>
+	</array>
+
+	<!-- Use a 'meta' FD, i.e. an FD to transmit other FDs to slave processes. -->
+	<key>UseMetaFD</key>
+	<true/>
+
+	<!-- Inherited file descriptor to call recvmsg() on to receive sockets (none =
+	     don't inherit) -->
+	<key>MetaFD</key>
+	<integer>0</integer>
+
+	<!-- Database configuration information.
+
+	     Defines what kind of database to use: file (deprecated) or SQL. File-based
+	     DB is only supported for migration purposes - it cannot be used for a real
+	     service.
+
+	     For an SQL-based DB, configuration of connection parameters and various
+	     timeouts is provided. -->
+
+	<!-- True: database; False: files (deprecated) -->
+	<key>UseDatabase</key>
+	<true/>
+
+	<!-- Possible values: empty, meaning 'spawn postgres yourself', or 'postgres'
+	     or 'oracle', meaning 'connect to a postgres or Oracle database as
+	     specified by the 'DSN' configuration key. -->
+	<key>DBType</key>
+	<string>postgres</string>
+
+	<!-- Features supported by the database
+
+	     'skip-locked': SKIP LOCKED available with SELECT (remove if using postgres
+	     &lt; v9.5) -->
+	<key>DBFeatures</key>
+	<array>
+		<string>skip-locked</string>
+	</array>
+
+	<!-- The username to use when DBType is empty -->
+	<!-- <key>SpawnedDBUser</key>
+	<string>caldav</string> -->
+
+	<!-- Used to connect to an external database if DBType is non-empty -->
+	<key>DatabaseConnection</key>
+	<dict>
+		<!-- Database connection endpoint -->
+		<key>endpoint</key>
+		<string>$POSTGRES_HOST</string>
+		<!-- <string>tcp:postgres:5432</string> -->
+
+		<!-- Name of database or Oracle SID -->
+		<key>database</key>
+		<string>$POSTGRES_DB</string>
+		<!-- <string>postgres</string> -->
+
+		<!-- User name to connect as -->
+		<key>user</key>
+		<string>$POSTGRES_USER</string>
+		<!-- <string>postgres</string> -->
+
+		<!-- Password to use -->
+		<key>password</key>
+		<string>$POSTGRES_PASS</string>
+		<!-- <string>password</string> -->
+
+		<!-- Set to True to require SSL (pg8000 only). -->
+		<key>ssl</key>
+		<false/>
+	</dict>
+
+	<!-- Use a shared database connection pool in the master process, rather than
+	     having each client make its connections directly. -->
+	<key>SharedConnectionPool</key>
+	<false/>
+
+	<!-- Internally used by database to tell slave processes to inherit a file
+	     descriptor and use it as an AMP connection over a UNIX socket; see
+	     twext.enterprise.adbapi2.ConnectionPoolConnection -->
+	<key>DBAMPFD</key>
+	<integer>0</integer>
+
+	<!-- Set to True to prevent the server or utility tools from running if the
+	     database needs a schema upgrade. -->
+	<key>FailIfUpgradeNeeded</key>
+	<true/>
+
+	<!-- Set to True to check the current database schema against the schema file
+	     matching the database schema version. -->
+	<key>CheckExistingSchema</key>
+	<false/>
+
+	<!-- When upgrading, only upgrade homes where the owner UID starts with the
+	     specified prefix. The upgrade will only be partial and only apply to
+	     upgrade pieces that affect entire homes. The upgrade will need to be run
+	     again without this prefix set to complete the overall upgrade. -->
+	<key>UpgradeHomePrefix</key>
+	<string></string>
+
+	<!-- Timeout transactions that take longer than the specified number of
+	     seconds. Zero means no timeouts. 5 minute default. -->
+	<key>TransactionTimeoutSeconds</key>
+	<integer>300</integer>
+
+	<!-- When a transactions times out tell HTTP clients clients to retry after
+	     this amount of time -->
+	<key>TransactionHTTPRetrySeconds</key>
+	<integer>300</integer>
+
+	<!-- Work queue configuration information -->
+
+	<key>WorkQueue</key>
+	<dict>
+		<!-- Interval in seconds for job queue polling -->
+		<key>queuePollInterval</key>
+		<real>0.1</real>
+
+		<!-- Number of seconds before an assigned job is considered overdue -->
+		<key>queueOverdueTimeout</key>
+		<integer>300</integer>
+
+		<!-- Array of array that describe the threshold and new polling interval for
+		     job queue polling back off -->
+		<key>queuePollingBackoff</key>
+		<array>
+			<array>
+				<integer>60</integer>
+				<integer>60</integer>
+			</array>
+			<array>
+				<integer>5</integer>
+				<integer>1</integer>
+			</array>
+		</array>
+
+		<!-- Queue capacity (percentage) which causes job processing to halt -->
+		<key>overloadLevel</key>
+		<integer>95</integer>
+
+		<!-- Queue capacity (percentage) at which only high priority items are run -->
+		<key>highPriorityLevel</key>
+		<integer>80</integer>
+
+		<!-- Queue capacity (percentage) at which only high/medium priority items are
+		     run -->
+		<key>mediumPriorityLevel</key>
+		<integer>50</integer>
+
+		<!-- This is used to help with concurrency problems when the underlying DB
+		     does not support a proper "LIMIT" term with the query (Oracle). It should
+		     be set to no more than 1 plus the number of app-servers in use. For a
+		     single app-server, always use 1. -->
+		<key>rowLimit</key>
+		<integer>1</integer>
+
+		<!-- When a job fails, reschedule it this number of seconds in the future -->
+		<key>failureRescheduleInterval</key>
+		<integer>60</integer>
+
+		<!-- When a job can't run because of a lock, reschedule it this number of
+		     seconds in the future -->
+		<key>lockRescheduleInterval</key>
+		<integer>60</integer>
+
+		<!-- dict of work table name's, whose values are dicts containing "priority"
+		     and "weight" items to use for newly created work. -->
+		<key>workParameters</key>
+		<dict>
+		</dict>
+	</dict>
+
+	<!-- Types of service provided -->
+
+	<!-- Enable CalDAV service -->
+	<key>EnableCalDAV</key>
+	<true/>
+
+	<!-- Enable CardDAV service -->
+	<key>EnableCardDAV</key>
+	<true/>
+
+	<!-- When True override all other services and set the server into podding-only
+	     mode -->
+	<key>MigrationOnly</key>
+	<false/>
+
+	<!-- Data store -->
+
+	<!-- The top level directory, contains (by default) ConfigRoot and DataRoot -->
+	<key>ServerRoot</key>
+	<string>/var/db/caldavd</string>
+
+	<!-- Data directory, parent to DatabaseRoot, AttachmentsRoot, and others -->
+	<key>DataRoot</key>
+	<string>Data</string>
+
+	<!-- Database directory, contains PostgreSQL cluster -->
+	<key>DatabaseRoot</key>
+	<string>Database</string>
+
+	<!-- Attachments directory, where file attachments are stored -->
+	<key>AttachmentsRoot</key>
+	<string>Attachments</string>
+
+	<!-- Documents directory, contains files to be served as HTTP resources at the
+	     root level -->
+	<key>DocumentRoot</key>
+	<string>Documents</string>
+
+	<!-- Config directory, contains additional config files -->
+	<key>ConfigRoot</key>
+	<string>Config</string>
+
+	<!-- Log directory, contains access.log, error.log and others -->
+	<key>LogRoot</key>
+	<string>/var/log/caldavd</string>
+
+	<!-- Run-time directory, contains PID files and UNIX socket files -->
+	<key>RunRoot</key>
+	<string>/var/run/caldavd</string>
+
+	<!-- WebCal directory, contains HTML implementing the web calendar -->
+	<key>WebCalendarRoot</key>
+	<string>/Applications/Server.app/Contents/ServerRoot/usr/share/collabd/webcal/public</string>
+
+	<!-- Quotas -->
+
+	<!-- Attachments -->
+	<!-- User attachment quota (in bytes - default 100MB) -->
+	<key>UserQuota</key>
+	<integer>104857600</integer>
+
+	<!-- Maximum size for a single attachment (in bytes - default 10MB) -->
+	<key>MaximumAttachmentSize</key>
+	<integer>10485760</integer>
+
+	<!-- Maximum number of attachments per instance -->
+	<key>MaximumAttachmentsPerInstance</key>
+	<integer>5</integer>
+
+	<!-- Resource data -->
+	<!-- Maximum number of calendars/address books allowed in a home -->
+	<key>MaxCollectionsPerHome</key>
+	<integer>50</integer>
+
+	<!-- Maximum number of resources in a calendar/address book -->
+	<key>MaxResourcesPerCollection</key>
+	<integer>10000</integer>
+
+	<!-- Maximum resource size (in bytes) -->
+	<key>MaxResourceSize</key>
+	<integer>1048576</integer>
+
+	<!-- Maximum number of unique attendees -->
+	<key>MaxAttendeesPerInstance</key>
+	<integer>100</integer>
+
+	<!-- Maximum number of instances the server will index -->
+	<key>MaxAllowedInstances</key>
+	<integer>3000</integer>
+
+	<!-- Set to URL path of wiki authentication service, e.g. "/auth", in order to
+	     use javascript authentication dialog.  Empty string indicates standard
+	     browser authentication dialog should be used. -->
+	<key>WebCalendarAuthPath</key>
+	<string></string>
+
+	<!-- Define mappings of URLs to file system objects (directories or files) -->
+	<key>Aliases</key>
+	<array>
+	</array>
+
+	<!-- Directory service
+
+	     A directory service provides information about principals (e.g. users,
+	     groups, locations and resources) to the server. -->
+
+
+	<!-- XML File Directory Service -->
+	<key>DirectoryService</key>
+	<dict>
+	  <key>type</key>
+	  <string>twistedcaldav.directory.xmlfile.XMLDirectoryService</string>
+	  
+	  <key>params</key>
+	  <dict>
+
+	    <key>xmlFile</key>
+	    <string>/etc/caldavd/accounts.xml</string>
+	    <key>recordTypes</key>
+	    <array>
+	      <string>users</string>
+	      <string>groups</string>
+	    </array>
+	  </dict>
+	</dict>
+	<!-- <key>DirectoryService</key> -->
+	<!-- <dict> -->
+	<!-- 	<key>Enabled</key> -->
+	<!-- 	<true/> -->
+
+	<!-- 	<key>type</key> -->
+	<!-- 	<string>ldap</string> -->
+
+	<!-- 	<key>params</key> -->
+	<!-- 	<dict> -->
+	<!-- 		<key>recordTypes</key> -->
+	<!-- 		<array> -->
+	<!-- 			<string>users</string> -->
+	<!-- 			<string>groups</string> -->
+	<!-- 		</array> -->
+
+	<!-- 		<key>uri</key> -->
+	<!-- 		<string>$LDAP_URI</string> -->
+
+	<!-- 		<key>credentials</key> -->
+	<!-- 		<dict> -->
+	<!-- 		<key>dn</key> -->
+	<!-- 		<string>$LDAP_DN</string> -->
+
+	<!-- 		<key>password</key> -->
+	<!-- 		<string>$LDAP_PASS</string> -->
+	<!-- 		</dict> -->
+	<!-- 	</dict> -->
+	<!-- </dict> -->
+
+	<key>DirectoryRealmName</key>
+	<string></string>
+
+	<!-- Apply an additional filter for attendee lookups where names must start
+	     with the search tokens rather than just contain them. -->
+	<key>DirectoryFilterStartsWith</key>
+	<false/>
+
+	<!-- Locations and Resources service
+
+	     Supplements the directory service with information about locations and
+	     resources. -->
+
+	<key>ResourceService</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>type</key>
+		<string>xml</string>
+
+		<key>params</key>
+		<dict>
+			<key>recordTypes</key>
+			<array>
+				<string>locations</string>
+				<string>resources</string>
+				<string>addresses</string>
+			</array>
+
+			<key>xmlFile</key>
+			<string>resources.xml</string>
+		</dict>
+	</dict>
+
+	<!-- Augment service
+
+	     Augments for the directory service records to add calendar specific
+	     attributes. -->
+
+	<key>AugmentService</key>
+	<dict>
+		<key>type</key>
+		<string>xml</string>
+
+		<key>params</key>
+		<dict>
+			<key>xmlFiles</key>
+			<array>
+			</array>
+
+			<key>statSeconds</key>
+			<integer>15</integer>
+		</dict>
+	</dict>
+
+	<!-- Proxies -->
+
+	<!-- Allows for initialization of the proxy database from an XML file -->
+	<key>ProxyLoadFromFile</key>
+	<string></string>
+
+	<!-- Special principals -->
+
+	<!-- Principals with "DAV:all" access (relative URLs) -->
+	<key>AdminPrincipals</key>
+	<array>
+	</array>
+
+	<!-- Principals with "DAV:read" access (relative URLs) -->
+	<key>ReadPrincipals</key>
+	<array>
+	</array>
+
+	<!-- Create "proxy access" principals -->
+	<key>EnableProxyPrincipals</key>
+	<true/>
+
+	<!-- Permissions -->
+
+	<!-- Allow unauthenticated read access to / -->
+	<key>EnableAnonymousReadRoot</key>
+	<true/>
+
+	<!-- Allow unauthenticated read access to hierarchy -->
+	<key>EnableAnonymousReadNav</key>
+	<false/>
+
+	<!-- Allow listing of principal collections -->
+	<key>EnablePrincipalListings</key>
+	<true/>
+
+	<!-- Render calendar collections as a monolithic iCalendar object -->
+	<key>EnableMonolithicCalendars</key>
+	<true/>
+
+	<!-- Client controls -->
+
+	<!-- List of regexes for clients to disallow -->
+	<key>RejectClients</key>
+	<array>
+	</array>
+
+	<!-- Authentication -->
+
+	<key>Authentication</key>
+	<dict>
+		<!-- Clear text; best avoided -->
+		<key>Basic</key>
+		<dict>
+			<key>Enabled</key>
+			<true/>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<false/>
+		</dict>
+
+		<!-- Digest challenge/response -->
+		<key>Digest</key>
+		<dict>
+			<key>Enabled</key>
+			<true/>
+
+			<key>Algorithm</key>
+			<string>md5</string>
+
+			<key>Qop</key>
+			<string></string>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+		</dict>
+
+		<!-- Kerberos/SPNEGO -->
+		<key>Kerberos</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>ServicePrincipal</key>
+			<string></string>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+		</dict>
+
+		<!-- TLS Client Certificate -->
+		<key>ClientCertificate</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<!-- Advertised over non-SSL? -->
+			<key>AllowedOverWireUnencrypted</key>
+			<true/>
+
+			<!-- Always require a client cert -->
+			<key>Required</key>
+			<true/>
+
+			<!-- Array of acceptable client cert CA file names -->
+			<key>CAFiles</key>
+			<array>
+			</array>
+
+			<!-- Send the list of acceptable CAs to the client -->
+			<key>SendCAsToClient</key>
+			<true/>
+		</dict>
+
+		<key>Wiki</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>Cookie</key>
+			<string>cc.collabd_session_guid</string>
+
+			<key>EndpointDescriptor</key>
+			<string>unix:path=/var/run/collabd</string>
+		</dict>
+	</dict>
+
+	<!-- Logging -->
+
+	<!-- Apache-style access log -->
+	<key>AccessLogFile</key>
+	<string>access.log</string>
+
+	<!-- Server activity log (the verbosity is controlled by DefaultLogLevel and
+	     LogLevels keys) -->
+	<key>ErrorLogFile</key>
+	<string>error.log</string>
+
+	<!-- Agent activity log (only applies to Server.app edition) -->
+	<key>AgentLogFile</key>
+	<string>agent.log</string>
+
+	<!-- Utility log (used for command line utilities; the name will be dynamically
+	     changed to that of the utility being run) -->
+	<key>UtilityLogFile</key>
+	<string>utility.log</string>
+
+	<!-- True = use log file, False = stdout -->
+	<key>ErrorLogEnabled</key>
+	<true/>
+
+	<!-- Rotate error log after so many megabytes -->
+	<key>ErrorLogRotateMB</key>
+	<integer>10</integer>
+
+	<!-- Retain this many error log files -->
+	<key>ErrorLogMaxRotatedFiles</key>
+	<integer>5</integer>
+
+	<!-- Rotate error log when service starts -->
+	<key>ErrorLogRotateOnStart</key>
+	<false/>
+
+	<key>PIDFile</key>
+	<string>caldavd.pid</string>
+
+	<key>RotateAccessLog</key>
+	<false/>
+
+	<key>EnableExtendedAccessLog</key>
+	<true/>
+
+	<key>EnableExtendedTimingAccessLog</key>
+	<false/>
+
+	<!-- Controls the verbosity of ErrorLogFile (valid values are error, warn,
+	     info, debug; default is info) -->
+	<key>DefaultLogLevel</key>
+	<string></string>
+
+	<!-- Allows overriding log levels on a per-package, per-module, or even per-
+	     class basis -->
+	<key>LogLevels</key>
+	<dict>
+	</dict>
+
+	<!-- Used internally to track which worker process is logging a message -->
+	<key>LogID</key>
+	<string></string>
+
+	<key>AccountingCategories</key>
+	<dict>
+		<!-- Log regular HTTP requests -->
+		<key>HTTP</key>
+		<false/>
+
+		<!-- Log non-freebusy iTIP details -->
+		<key>iTIP</key>
+		<false/>
+
+		<!-- Log freebusy iTIP details -->
+		<key>iTIP-VFREEBUSY</key>
+		<false/>
+
+		<!-- Log extra details about implicit scheduling errors -->
+		<key>Implicit Errors</key>
+		<false/>
+
+		<!-- Log extra details about auto-accept iTIP processing -->
+		<key>AutoScheduling</key>
+		<false/>
+
+		<!-- Log iSchedule HTTP requests (including cross-pod) -->
+		<key>iSchedule</key>
+		<false/>
+
+		<!-- Log cross-pod conduit HTTP requests -->
+		<key>xPod</key>
+		<false/>
+
+		<!-- Log invalid recurrence instance details -->
+		<key>Invalid Instance</key>
+		<false/>
+
+		<!-- Log cross-pod migration details -->
+		<key>migration</key>
+		<false/>
+	</dict>
+
+	<key>AccountingPrincipals</key>
+	<array>
+	</array>
+
+	<!-- The parent directory for accounting log directories (by default, relative
+	     to LogRoot) -->
+	<key>AccountingLogRoot</key>
+	<string>accounting</string>
+
+	<key>Stats</key>
+	<dict>
+		<key>EnableUnixStatsSocket</key>
+		<false/>
+
+		<key>UnixStatsSocket</key>
+		<string>caldavd-stats.sock</string>
+
+		<key>EnableTCPStatsSocket</key>
+		<false/>
+
+		<key>TCPStatsPort</key>
+		<integer>8100</integer>
+	</dict>
+
+	<key>LogDatabase</key>
+	<dict>
+		<key>LabelsInSQL</key>
+		<false/>
+
+		<key>Statistics</key>
+		<false/>
+
+		<key>StatisticsLogFile</key>
+		<string>sqlstats.log</string>
+
+		<key>SQLStatements</key>
+		<false/>
+
+		<key>TransactionWaitSeconds</key>
+		<integer>0</integer>
+	</dict>
+
+	<!-- SSL/TLS -->
+
+	<!-- Public key -->
+	<key>SSLCertificate</key>
+	<string></string>
+
+	<!-- Private key -->
+	<key>SSLPrivateKey</key>
+	<string></string>
+
+	<!-- Certificate Authority Chain -->
+	<key>SSLAuthorityChain</key>
+	<string></string>
+
+	<key>SSLPassPhraseDialog</key>
+	<string>/etc/apache2/getsslpassphrase</string>
+
+	<key>SSLCertAdmin</key>
+	<string>/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin</string>
+
+	<!-- Keychain identity to use in place of cert files -->
+	<key>SSLKeychainIdentity</key>
+	<string></string>
+
+	<!-- Process management -->
+
+	<!-- Username and Groupname to drop privileges to, if empty privileges will not
+	     be dropped. -->
+	<key>UserName</key>
+	<string></string>
+
+	<key>GroupName</key>
+	<string></string>
+
+	<!-- Multi-process -->
+	<key>ProcessType</key>
+	<string>Combined</string>
+
+	<key>MultiProcess</key>
+	<dict>
+		<key>ProcessCount</key>
+		<integer>0</integer>
+
+		<key>MinProcessCount</key>
+		<integer>2</integer>
+
+		<key>PerCPU</key>
+		<integer>1</integer>
+
+		<key>PerGB</key>
+		<integer>1</integer>
+
+		<key>StaggeredStartup</key>
+		<dict>
+			<key>Enabled</key>
+			<false/>
+
+			<key>Interval</key>
+			<integer>15</integer>
+		</dict>
+	</dict>
+
+	<!-- How large a spawned process is allowed to get before it's stopped -->
+	<key>MemoryLimiter</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- How often to check memory sizes (in seconds) -->
+		<key>Seconds</key>
+		<integer>60</integer>
+
+		<!-- Memory limit (RSS in bytes) -->
+		<key>Bytes</key>
+		<integer>2147483648</integer>
+
+		<!-- True: only take into account resident memory; False: include virtual
+		     memory -->
+		<key>ResidentOnly</key>
+		<true/>
+	</dict>
+
+	<!-- If enabled, will honor macOS Server ACLs to control access -->
+	<key>EnableSACLs</key>
+	<false/>
+
+	<!-- Make all data read-only -->
+	<key>EnableReadOnlyServer</key>
+	<false/>
+
+	<!-- Standard (or draft) WebDAV extensions -->
+
+	<!-- POST ;add-member extension -->
+	<key>EnableAddMember</key>
+	<true/>
+
+	<!-- REPORT collection-sync -->
+	<key>EnableSyncReport</key>
+	<true/>
+
+	<!-- REPORT collection-sync on home collections -->
+	<key>EnableSyncReportHome</key>
+	<true/>
+
+	<!-- Sync token includes config component -->
+	<key>EnableConfigSyncToken</key>
+	<true/>
+
+	<!-- /.well-known resource -->
+	<key>EnableWellKnown</key>
+	<true/>
+
+	<!-- Extended calendar-query REPORT -->
+	<key>EnableCalendarQueryExtended</key>
+	<true/>
+
+	<!-- Support Managed Attachments -->
+	<key>EnableManagedAttachments</key>
+	<false/>
+
+	<!-- server-info document -->
+	<key>EnableServerInfo</key>
+	<false/>
+
+	<!-- Generic CalDAV/CardDAV extensions -->
+
+	<!-- Allow clients to send/receive JSON jCal and jCard format data -->
+	<key>EnableJSONData</key>
+	<true/>
+
+	<!-- Non-standard CalDAV extensions -->
+
+	<!-- Calendar Drop Box -->
+	<key>EnableDropBox</key>
+	<false/>
+
+	<!-- Private Events -->
+	<key>EnablePrivateEvents</key>
+	<false/>
+
+	<!-- Old Timezone service -->
+	<key>EnableTimezoneService</key>
+	<false/>
+
+	<!-- New standard timezone service -->
+	<key>TimezoneService</key>
+	<dict>
+		<!-- Overall on/off switch -->
+		<key>Enabled</key>
+		<true/>
+
+		<!-- URI where service is hosted -->
+		<key>URI</key>
+		<string>/stdtimezones</string>
+
+		<!-- Can be "primary" or "secondary" -->
+		<key>Mode</key>
+		<string>primary</string>
+
+		<!-- Path to directory containing a zoneinfo - if None use default package
+		     path secondary service MUST define its own writable path -->
+		<key>BasePath</key>
+		<string></string>
+
+		<!-- Path to db cache info - if None use default package path secondary
+		     service MUST define its own writable path if not None -->
+		<key>XMLInfoPath</key>
+		<string></string>
+
+		<!-- User friendly JSON output -->
+		<key>PrettyPrintJSON</key>
+		<true/>
+
+		<key>SecondaryService</key>
+		<dict>
+			<!-- Only one of these should be used when a secondary service is used -->
+			<!-- Domain/IP of secondary service to discover -->
+			<key>Host</key>
+			<string></string>
+
+			<!-- HTTP(s) URI to secondary service -->
+			<key>URI</key>
+			<string></string>
+
+			<key>UpdateIntervalMinutes</key>
+			<integer>1440</integer>
+		</dict>
+	</dict>
+
+	<!-- Strip out VTIMEZONES that are known -->
+	<key>EnableTimezonesByReference</key>
+	<true/>
+
+	<!-- Use timezone data from twistedcaldav.zoneinfo - don't copy to Data
+	     directory -->
+	<key>UsePackageTimezones</key>
+	<false/>
+
+	<!-- POST batch uploads -->
+	<key>EnableBatchUpload</key>
+	<true/>
+
+	<!-- Maximum number of resources in a batch POST -->
+	<key>MaxResourcesBatchUpload</key>
+	<integer>100</integer>
+
+	<!-- Maximum size of a batch POST (10 MB) -->
+	<key>MaxBytesBatchUpload</key>
+	<integer>10485760</integer>
+
+	<key>Sharing</key>
+	<dict>
+		<!-- Overall on/off switch -->
+		<key>Enabled</key>
+		<true/>
+
+		<!-- External (non-principal) sharees allowed -->
+		<key>AllowExternalUsers</key>
+		<false/>
+
+		<key>Calendars</key>
+		<dict>
+			<!-- Calendar on/off switch -->
+			<key>Enabled</key>
+			<true/>
+
+			<key>IgnorePerUserProperties</key>
+			<array>
+				<string>X-APPLE-STRUCTURED-LOCATION</string>
+			</array>
+
+			<key>CollectionProperties</key>
+			<dict>
+				<key>Shadowable</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:caldav}calendar-description</string>
+				</array>
+
+				<key>ProxyOverride</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:caldav}calendar-description</string>
+					<string>{com.apple.ical:}calendarcolor</string>
+					<string>{http://apple.com/ns/ical/}calendar-color</string>
+					<string>{http://apple.com/ns/ical/}calendar-order</string>
+				</array>
+
+				<key>Global</key>
+				<array>
+				</array>
+			</dict>
+
+			<key>Groups</key>
+			<dict>
+				<!-- Calendar sharing to groups on/off switch -->
+				<key>Enabled</key>
+				<true/>
+
+				<key>ReconciliationDelaySeconds</key>
+				<integer>5</integer>
+			</dict>
+		</dict>
+
+		<key>AddressBooks</key>
+		<dict>
+			<!-- Address Book sharing on/off switch -->
+			<key>Enabled</key>
+			<false/>
+
+			<key>CollectionProperties</key>
+			<dict>
+				<key>Shadowable</key>
+				<array>
+					<string>{urn:ietf:params:xml:ns:carddav}addressbook-description</string>
+				</array>
+
+				<key>ProxyOverride</key>
+				<array>
+				</array>
+
+				<key>Global</key>
+				<array>
+				</array>
+			</dict>
+
+			<key>Groups</key>
+			<dict>
+				<!-- Address Book Group sharing on/off switch -->
+				<key>Enabled</key>
+				<false/>
+			</dict>
+		</dict>
+	</dict>
+
+	<!-- Only allow calendars to be created with a single component type If this is
+	     on, it will also trigger an upgrade behavior that will split existing
+	     calendars into multiples based on component type. If on, it will also
+	     cause new accounts to provision with separate calendars for events and
+	     tasks. -->
+	<key>RestrictCalendarsToOneComponentType</key>
+	<true/>
+
+	<!-- Set of supported iCalendar components -->
+	<key>SupportedComponents</key>
+	<array>
+		<string>VEVENT</string>
+		<string>VTODO</string>
+	</array>
+
+	<!-- Enable Trash Collection -->
+	<key>EnableTrashCollection</key>
+	<false/>
+
+	<!-- Expose Trash Collection as a resource -->
+	<key>ExposeTrashCollection</key>
+	<false/>
+
+	<!-- Perform upgrades - currently only the database to filesystem migration -
+	     but in the future, hopefully all relevant upgrades - in parallel in
+	     subprocesses. -->
+	<key>ParallelUpgrades</key>
+	<false/>
+
+	<!-- During the upgrade phase of startup, rather than skipping homes found both
+	     on the filesystem and in the database, merge the data from the filesystem
+	     into the database homes. -->
+	<key>MergeUpgrades</key>
+	<false/>
+
+	<!-- Support for default alarms generated by the server -->
+	<key>EnableDefaultAlarms</key>
+	<true/>
+
+	<!-- Remove duplicate alarms on PUT -->
+	<key>RemoveDuplicateAlarms</key>
+	<true/>
+
+	<!-- Remove duplicate private comments on PUT -->
+	<key>RemoveDuplicatePrivateComments</key>
+	<false/>
+
+	<key>HostedStatus</key>
+	<dict>
+		<!-- Decorate ATTENDEEs with the following parameter to indicate where the
+		     ATTENDEE is hosted, locally or externally.  It's configurable and
+		     extensible in case we want to add more values.  A value of empty string
+		     means no decoration. -->
+		<key>Enabled</key>
+		<false/>
+
+		<key>Parameter</key>
+		<string>X-APPLE-HOSTED-STATUS</string>
+
+		<key>Values</key>
+		<dict>
+			<key>local</key>
+			<string></string>
+
+			<key>external</key>
+			<string>EXTERNAL</string>
+		</dict>
+	</dict>
+
+	<key>RevisionCleanup</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- Number of days that a client sync report token is valid -->
+		<key>SyncTokenLifetimeDays</key>
+		<real>14.0</real>
+
+		<!-- Number of days between revision cleanups -->
+		<key>CleanupPeriodDays</key>
+		<real>2.0</real>
+	</dict>
+
+	<key>InboxCleanup</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- Number of days before deleting a new inbox item -->
+		<key>ItemLifetimeDays</key>
+		<real>14.0</real>
+
+		<!-- Number of days between inbox cleanups -->
+		<key>CleanupPeriodDays</key>
+		<real>2.0</real>
+
+		<!-- Number of seconds before CleanupOneInboxWork starts after
+		     InboxCleanupWork -->
+		<key>StartDelaySeconds</key>
+		<integer>300</integer>
+
+		<!-- Number of seconds between each CleanupOneInboxWork (fractional) -->
+		<key>StaggerSeconds</key>
+		<real>0.5</real>
+
+		<!-- Number of items above which inbox removals will be deferred to a work
+		     item -->
+		<key>InboxRemoveWorkThreshold</key>
+		<integer>5</integer>
+
+		<!-- Number of seconds between each InboxRemoveWork -->
+		<key>RemovalStaggerSeconds</key>
+		<real>0.5</real>
+	</dict>
+
+	<!-- CardDAV Features -->
+	<key>DirectoryAddressBook</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>type</key>
+		<string>opendirectory</string>
+
+		<key>params</key>
+		<dict>
+			<key>queryPeopleRecords</key>
+			<true/>
+
+			<key>peopleNode</key>
+			<string>/Search/Contacts</string>
+
+			<key>queryUserRecords</key>
+			<true/>
+
+			<key>userNode</key>
+			<string>/Search/Contacts</string>
+
+			<key>maxDSQueryRecords</key>
+			<integer>0</integer>
+
+			<key>queryDSLocal</key>
+			<false/>
+
+			<key>ignoreSystemRecords</key>
+			<true/>
+
+			<key>dsLocalCacheTimeout</key>
+			<integer>30</integer>
+
+			<key>liveQuery</key>
+			<true/>
+
+			<key>fakeETag</key>
+			<true/>
+
+			<key>cacheQuery</key>
+			<false/>
+
+			<key>cacheTimeout</key>
+			<integer>30</integer>
+
+			<key>standardizeSyntheticUIDs</key>
+			<false/>
+
+			<key>addDSAttrXProperties</key>
+			<false/>
+
+			<key>appleInternalServer</key>
+			<false/>
+
+			<key>additionalAttributes</key>
+			<array>
+			</array>
+
+			<key>allowedAttributes</key>
+			<array>
+			</array>
+		</dict>
+
+		<key>name</key>
+		<string>directory</string>
+
+		<key>MaxQueryResults</key>
+		<integer>1000</integer>
+	</dict>
+
+	<!-- /directory resource exists -->
+	<key>EnableSearchAddressBook</key>
+	<false/>
+
+	<!-- Anonymous users may access directory address book -->
+	<key>AnonymousDirectoryAddressBookAccess</key>
+	<false/>
+
+	<!-- /XXX CardDAV -->
+
+	<!-- Web-based administration -->
+	<key>EnableWebAdmin</key>
+	<true/>
+
+	<!-- JSON control API - only for testing -->
+	<key>EnableControlAPI</key>
+	<false/>
+
+	<!-- Scheduling related options -->
+
+	<key>Scheduling</key>
+	<dict>
+		<key>CalDAV</key>
+		<dict>
+			<!-- Domain for mailto calendar user addresses on this server -->
+			<key>EmailDomain</key>
+			<string></string>
+
+			<!-- Domain for http calendar user addresses on this server -->
+			<key>HTTPDomain</key>
+			<string></string>
+
+			<!-- Regex patterns to match local calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- Whether to maintain compatibility with non-implicit mode -->
+			<key>OldDraftCompatibility</key>
+			<true/>
+
+			<!-- Whether to support older clients that do not use Schedule-Tag feature -->
+			<key>ScheduleTagCompatibility</key>
+			<true/>
+
+			<!-- Private comments from attendees to organizer -->
+			<key>EnablePrivateComments</key>
+			<true/>
+
+			<!-- Names of iCalendar properties that are preserved when an Attendee does
+			     an invite PUT -->
+			<key>PerAttendeeProperties</key>
+			<array>
+				<string>X-APPLE-NEEDS-REPLY</string>
+				<string>X-APPLE-TRAVEL-DURATION</string>
+				<string>X-APPLE-TRAVEL-START</string>
+				<string>X-APPLE-TRAVEL-RETURN-DURATION</string>
+				<string>X-APPLE-TRAVEL-RETURN</string>
+			</array>
+
+			<!-- Names of X- iCalendar properties that are sent from ORGANIZER to
+			     ATTENDEE -->
+			<key>OrganizerPublicProperties</key>
+			<array>
+				<string>X-APPLE-DROPBOX</string>
+				<string>X-APPLE-STRUCTURED-LOCATION</string>
+			</array>
+
+			<!-- Names of X- iCalendar parameters that are sent from ORGANIZER to
+			     ATTENDEE -->
+			<key>OrganizerPublicParameters</key>
+			<array>
+			</array>
+
+			<!-- Names of X- iCalendar properties that are sent from ATTENDEE to
+			     ORGANIZER These are also implicitly added to OrganizerPublicProperties -->
+			<key>AttendeePublicProperties</key>
+			<array>
+			</array>
+
+			<!-- Names of X- iCalendar parameters that are sent from ATTENDEE to
+			     ORGANIZER These are also implicitly added to OrganizerPublicParameters -->
+			<key>AttendeePublicParameters</key>
+			<array>
+			</array>
+		</dict>
+
+		<key>iSchedule</key>
+		<dict>
+			<!-- iSchedule protocol -->
+			<key>Enabled</key>
+			<false/>
+
+			<!-- Reg-ex patterns to match iSchedule-able calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- iSchedule server configurations -->
+			<key>RemoteServers</key>
+			<string>remoteservers.xml</string>
+
+			<!-- Capabilities serial number -->
+			<key>SerialNumber</key>
+			<integer>1</integer>
+
+			<!-- File where a fake Bind zone exists for creating fake DNS results -->
+			<key>DNSDebug</key>
+			<string></string>
+
+			<!-- DKIM options -->
+			<key>DKIM</key>
+			<dict>
+				<!-- DKIM signing/verification enabled -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Domain for DKIM (defaults to ServerHostName) -->
+				<key>Domain</key>
+				<string></string>
+
+				<!-- Selector for public key -->
+				<key>KeySelector</key>
+				<string>ischedule</string>
+
+				<!-- Signature algorithm (one of rsa-sha1 or rsa-sha256) -->
+				<key>SignatureAlgorithm</key>
+				<string>rsa-sha256</string>
+
+				<!-- This server's public key stored in DNS -->
+				<key>UseDNSKey</key>
+				<true/>
+
+				<!-- This server's public key stored in HTTP /.well-known -->
+				<key>UseHTTPKey</key>
+				<true/>
+
+				<!-- This server's public key manually exchanged with others -->
+				<key>UsePrivateExchangeKey</key>
+				<true/>
+
+				<!-- Expiration time for signature verification -->
+				<key>ExpireSeconds</key>
+				<integer>3600</integer>
+
+				<!-- File where private key is stored -->
+				<key>PrivateKeyFile</key>
+				<string></string>
+
+				<!-- File where public key is stored -->
+				<key>PublicKeyFile</key>
+				<string></string>
+
+				<!-- Directory where private exchange public keys are stored -->
+				<key>PrivateExchanges</key>
+				<string></string>
+
+				<!-- Turn on protocol level debugging to return detailed information to the
+				     requestor -->
+				<key>ProtocolDebug</key>
+				<false/>
+			</dict>
+		</dict>
+
+		<key>iMIP</key>
+		<dict>
+			<!-- Server-to-iMIP protocol -->
+			<key>Enabled</key>
+			<false/>
+
+			<key>Sending</key>
+			<dict>
+				<!-- SMTP server to relay messages through -->
+				<key>Server</key>
+				<string></string>
+
+				<!-- SMTP server port to relay messages through -->
+				<key>Port</key>
+				<integer>587</integer>
+
+				<!-- 'From' address for server -->
+				<key>Address</key>
+				<string></string>
+
+				<key>UseSSL</key>
+				<true/>
+
+				<!-- For account sending mail -->
+				<key>Username</key>
+				<string></string>
+
+				<!-- For account sending mail -->
+				<key>Password</key>
+				<string></string>
+
+				<!-- Messages for events older than this may days are not sent -->
+				<key>SuppressionDays</key>
+				<integer>7</integer>
+			</dict>
+
+			<key>Receiving</key>
+			<dict>
+				<!-- Server to retrieve email messages from -->
+				<key>Server</key>
+				<string></string>
+
+				<!-- Server port to retrieve email messages from -->
+				<key>Port</key>
+				<integer>0</integer>
+
+				<key>UseSSL</key>
+				<true/>
+
+				<!-- Type of message access server: 'pop' or 'imap' -->
+				<key>Type</key>
+				<string></string>
+
+				<!-- How often to fetch mail -->
+				<key>PollingSeconds</key>
+				<integer>30</integer>
+
+				<!-- For account receiving mail -->
+				<key>Username</key>
+				<string></string>
+
+				<!-- For account receiving mail -->
+				<key>Password</key>
+				<string></string>
+			</dict>
+
+			<!-- Regex patterns to match iMIP-able calendar user addresses -->
+			<key>AddressPatterns</key>
+			<array>
+			</array>
+
+			<!-- Directory containing HTML templates for email invitations (invite.html,
+			     cancel.html) -->
+			<key>MailTemplatesDirectory</key>
+			<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/email_templates</string>
+
+			<!-- Directory containing language-specific subdirectories containing date-
+			     specific icons for email invitations -->
+			<key>MailIconsDirectory</key>
+			<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/date_icons</string>
+
+			<!-- How many days invitations are valid -->
+			<key>InvitationDaysToLive</key>
+			<integer>90</integer>
+		</dict>
+
+		<key>Options</key>
+		<dict>
+			<!-- Allow groups to be Organizers -->
+			<key>AllowGroupAsOrganizer</key>
+			<false/>
+
+			<!-- Allow locations to be Organizers -->
+			<key>AllowLocationAsOrganizer</key>
+			<false/>
+
+			<!-- Allow resources to be Organizers -->
+			<key>AllowResourceAsOrganizer</key>
+			<false/>
+
+			<!-- Allow locations to have events without an Organizer -->
+			<key>AllowLocationWithoutOrganizer</key>
+			<true/>
+
+			<!-- Allow resources to have events without an Organizer -->
+			<key>AllowResourceWithoutOrganizer</key>
+			<true/>
+
+			<!-- Track who the last modifier of an unscheduled location event is -->
+			<key>TrackUnscheduledLocationData</key>
+			<true/>
+
+			<!-- Track who the last modifier of an unscheduled resource event is -->
+			<key>TrackUnscheduledResourceData</key>
+			<true/>
+
+			<!-- Add fake email addresses to work around client bug -->
+			<key>FakeResourceLocationEmail</key>
+			<false/>
+
+			<!-- Maximum number of attendees to request freebusy for -->
+			<key>LimitFreeBusyAttendees</key>
+			<integer>30</integer>
+
+			<!-- Number of attendees to do batched refreshes: 0 - no batching -->
+			<key>AttendeeRefreshBatch</key>
+			<integer>5</integer>
+
+			<!-- Number of attendees above which attendee refreshes are suppressed: 0 -
+			     no limit -->
+			<key>AttendeeRefreshCountLimit</key>
+			<integer>50</integer>
+
+			<!-- Time for implicit UID lock timeout -->
+			<key>UIDLockTimeoutSeconds</key>
+			<integer>60</integer>
+
+			<!-- Expiration time for UID lock, -->
+			<key>UIDLockExpirySeconds</key>
+			<integer>300</integer>
+
+			<!-- Host names matched in http(s) CUAs -->
+			<key>PrincipalHostAliases</key>
+			<array>
+			</array>
+
+			<!-- Add a time stamp when an Attendee changes their PARTSTAT -->
+			<key>TimestampAttendeePartStatChanges</key>
+			<true/>
+
+			<!-- Delegates can get extra info in a freebusy request -->
+			<key>DelegeteRichFreeBusy</key>
+			<true/>
+
+			<!-- Any user can get extra info for rooms/resources in a freebusy request -->
+			<key>RoomResourceRichFreeBusy</key>
+			<true/>
+
+			<key>AutoSchedule</key>
+			<dict>
+				<!-- Auto-scheduling will never occur if set to False -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Override augments setting and always auto-schedule -->
+				<key>Always</key>
+				<false/>
+
+				<!-- Allow auto-schedule for users -->
+				<key>AllowUsers</key>
+				<false/>
+
+				<!-- Default mode for auto-schedule processing, one of: "none"            -
+				     no auto-scheduling "accept-always"   - always accept, ignore busy time
+				     "decline-always"  - always decline, ignore free time "accept-if-free"
+				     - accept if free, do nothing if busy "decline-if-busy" - decline if
+				     busy, do nothing if free "automatic"       - accept if free, decline if
+				     busy -->
+				<key>DefaultMode</key>
+				<string>automatic</string>
+
+				<!-- How far into the future to check for booking conflicts -->
+				<key>FutureFreeBusyDays</key>
+				<integer>1095</integer>
+			</dict>
+
+			<key>WorkQueues</key>
+			<dict>
+				<!-- Work queues for scheduling enabled -->
+				<key>Enabled</key>
+				<true/>
+
+				<!-- Number of seconds delay for a queued scheduling request/cancel -->
+				<key>RequestDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Number of seconds delay for a queued scheduling reply -->
+				<key>ReplyDelaySeconds</key>
+				<integer>1</integer>
+
+				<!-- Time delay for sending an auto reply iTIP message -->
+				<key>AutoReplyDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Time after an iTIP REPLY for first batched attendee refresh -->
+				<key>AttendeeRefreshBatchDelaySeconds</key>
+				<integer>5</integer>
+
+				<!-- Time between attendee batch refreshes -->
+				<key>AttendeeRefreshBatchIntervalSeconds</key>
+				<integer>5</integer>
+
+				<!-- Delay in seconds before a work item is executed again after a temp
+				     failure -->
+				<key>TemporaryFailureDelay</key>
+				<integer>60</integer>
+
+				<!-- Max number of temp failure retries before treating as a permanent
+				     failure -->
+				<key>MaxTemporaryFailures</key>
+				<integer>10</integer>
+			</dict>
+
+			<!-- This controls automatic splitting of large recurring events by the
+			     server. The ability for clients to split events using POST ?action=split
+			     is always enabled -->
+
+			<key>Splitting</key>
+			<dict>
+				<!-- False for now whilst we experiment with this -->
+				<key>Enabled</key>
+				<false/>
+
+				<!-- Consider splitting when greater than 100KB -->
+				<key>Size</key>
+				<integer>102400</integer>
+
+				<!-- Number of days in the past where the split will occur -->
+				<key>PastDays</key>
+				<integer>14</integer>
+
+				<!-- How many seconds to delay the split work item -->
+				<key>Delay</key>
+				<integer>60</integer>
+			</dict>
+		</dict>
+	</dict>
+
+	<key>FreeBusyURL</key>
+	<dict>
+		<!-- Per-user free-busy-url protocol -->
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Number of days into the future to generate f-b data if no explicit time-
+		     range is specified -->
+		<key>TimePeriod</key>
+		<integer>14</integer>
+
+		<!-- Allow anonymous read access to free-busy URL -->
+		<key>AnonymousAccess</key>
+		<false/>
+	</dict>
+
+	<!-- Notifications -->
+
+	<key>Notifications</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>CoalesceSeconds</key>
+		<integer>3</integer>
+
+		<key>Services</key>
+		<dict>
+			<key>APNS</key>
+			<dict>
+				<key>Enabled</key>
+				<false/>
+
+				<key>SubscriptionURL</key>
+				<string>apns</string>
+
+				<!-- How often the client should re-register (2 days) -->
+				<key>SubscriptionRefreshIntervalSeconds</key>
+				<integer>172800</integer>
+
+				<!-- How often a purge is done (12 hours) -->
+				<key>SubscriptionPurgeIntervalSeconds</key>
+				<integer>43200</integer>
+
+				<!-- How old a subscription must be before it's purged (14 days) -->
+				<key>SubscriptionPurgeSeconds</key>
+				<integer>1209600</integer>
+
+				<key>ProviderHost</key>
+				<string>gateway.push.apple.com</string>
+
+				<key>ProviderPort</key>
+				<integer>2195</integer>
+
+				<key>FeedbackHost</key>
+				<string>feedback.push.apple.com</string>
+
+				<key>FeedbackPort</key>
+				<integer>2196</integer>
+
+				<!-- 8 hours -->
+				<key>FeedbackUpdateSeconds</key>
+				<integer>28800</integer>
+
+				<key>Environment</key>
+				<string>PRODUCTION</string>
+
+				<key>EnableStaggering</key>
+				<false/>
+
+				<key>StaggerSeconds</key>
+				<integer>3</integer>
+
+				<key>CalDAV</key>
+				<dict>
+					<key>Enabled</key>
+					<false/>
+
+					<key>CertificatePath</key>
+					<string>Certificates/apns:com.apple.calendar.cert.pem</string>
+
+					<key>PrivateKeyPath</key>
+					<string>Certificates/apns:com.apple.calendar.key.pem</string>
+
+					<key>AuthorityChainPath</key>
+					<string>Certificates/apns:com.apple.calendar.chain.pem</string>
+
+					<key>Passphrase</key>
+					<string></string>
+
+					<key>KeychainIdentity</key>
+					<string>apns:com.apple.calendar</string>
+
+					<key>Topic</key>
+					<string></string>
+				</dict>
+
+				<key>CardDAV</key>
+				<dict>
+					<key>Enabled</key>
+					<false/>
+
+					<key>CertificatePath</key>
+					<string>Certificates/apns:com.apple.contact.cert.pem</string>
+
+					<key>PrivateKeyPath</key>
+					<string>Certificates/apns:com.apple.contact.key.pem</string>
+
+					<key>AuthorityChainPath</key>
+					<string>Certificates/apns:com.apple.contact.chain.pem</string>
+
+					<key>Passphrase</key>
+					<string></string>
+
+					<key>KeychainIdentity</key>
+					<string>apns:com.apple.contact</string>
+
+					<key>Topic</key>
+					<string></string>
+				</dict>
+			</dict>
+
+			<key>AMP</key>
+			<dict>
+				<key>Enabled</key>
+				<false/>
+
+				<key>Port</key>
+				<integer>62311</integer>
+
+				<key>EnableStaggering</key>
+				<false/>
+
+				<key>StaggerSeconds</key>
+				<integer>3</integer>
+			</dict>
+		</dict>
+	</dict>
+
+	<key>DirectoryProxy</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>SocketPath</key>
+		<string>directory-proxy.sock</string>
+
+		<key>InSidecarCachingSeconds</key>
+		<integer>120</integer>
+	</dict>
+
+	<key>DirectoryCaching</key>
+	<dict>
+		<!-- How long to cache in worker and in memcached -->
+		<key>CachingSeconds</key>
+		<integer>60</integer>
+
+		<key>NegativeCachingEnabled</key>
+		<true/>
+
+		<!-- 0 = purging turned off -->
+		<key>LookupsBetweenPurges</key>
+		<integer>10000</integer>
+	</dict>
+
+	<!-- Support multiple hosts within a domain -->
+
+	<key>Servers</key>
+	<dict>
+		<!-- Multiple servers enabled or not -->
+		<key>Enabled</key>
+		<false/>
+
+		<!-- File path for server information -->
+		<key>ConfigFile</key>
+		<string>localservers.xml</string>
+
+		<!-- Pool size for connections between servers -->
+		<key>MaxClients</key>
+		<integer>5</integer>
+
+		<!-- Name for top-level inbox resource -->
+		<key>InboxName</key>
+		<string>podding</string>
+
+		<!-- Name for top-level cross-pod resource -->
+		<key>ConduitName</key>
+		<string>conduit</string>
+	</dict>
+
+	<!-- Performance tuning -->
+
+	<!-- Set the maximum number of outstanding requests to this server. -->
+	<key>MaxRequests</key>
+	<integer>3</integer>
+
+	<key>MaxAccepts</key>
+	<integer>1</integer>
+
+	<!-- The maximum number of outstanding database connections per database
+	     connection pool. When SharedConnectionPool (see above) is set to True,
+	     this is the total number of outgoing database connections allowed to the
+	     entire server; when SharedConnectionPool is False - this is the default -
+	     this is the number of database connections used per worker process. -->
+	<key>MaxDBConnectionsPerPool</key>
+	<integer>10</integer>
+
+	<key>ListenBacklog</key>
+	<integer>2024</integer>
+
+	<!-- Max. time between request lines -->
+	<key>IncomingDataTimeOut</key>
+	<integer>60</integer>
+
+	<!-- Max. time between pipelined requests -->
+	<key>PipelineIdleTimeOut</key>
+	<integer>15</integer>
+
+	<!-- Max. time for response processing -->
+	<key>IdleConnectionTimeOut</key>
+	<integer>360</integer>
+
+	<!-- Max. time for client close -->
+	<key>CloseConnectionTimeOut</key>
+	<integer>15</integer>
+
+	<key>UIDReservationTimeOut</key>
+	<integer>1800</integer>
+
+	<key>MaxMultigetWithDataHrefs</key>
+	<integer>5000</integer>
+
+	<key>MaxQueryWithDataResults</key>
+	<integer>1000</integer>
+
+	<!-- How many results to return for principal search REPORT requests -->
+	<key>MaxPrincipalSearchReportResults</key>
+	<integer>500</integer>
+
+	<!-- How many seconds to wait for principal search REPORT results -->
+	<key>PrincipalSearchReportTimeout</key>
+	<integer>10</integer>
+
+	<!-- Client fixes per user-agent match -->
+
+	<key>ClientFixes</key>
+	<dict>
+		<key>ForceAttendeeTRANSP</key>
+		<array>
+			<string>iOS/8\\.0(\\..*)?</string>
+			<string>iOS/8\\.1(\\..*)?</string>
+			<string>iOS/8\\.2(\\..*)?</string>
+		</array>
+	</dict>
+
+	<!-- Localization -->
+
+	<key>Localization</key>
+	<dict>
+		<key>TranslationsDirectory</key>
+		<string>/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/translations</string>
+
+		<!-- will be relative to DataRoot -->
+		<key>LocalesDirectory</key>
+		<string>locales</string>
+
+		<key>Language</key>
+		<string></string>
+	</dict>
+
+	<!-- Implementation details
+
+	     The following are specific to how the server is built, and useful for
+	     development, but shouldn't be needed by users. -->
+
+	<!-- Twisted -->
+	<key>Twisted</key>
+	<dict>
+		<key>reactor</key>
+		<string>select</string>
+	</dict>
+
+	<!-- Umask -->
+	<key>umask</key>
+	<integer>18</integer>
+
+	<!-- A TCP port used for communication between the child and master processes
+	     (bound to 127.0.0.1). Specify 0 to let OS assign a port. -->
+	<key>ControlPort</key>
+	<integer>0</integer>
+
+	<!-- A unix socket used for communication between the child and master
+	     processes. If blank, then an AF_INET socket is used instead. -->
+	<key>ControlSocket</key>
+	<string>caldavd.sock</string>
+
+	<!-- Support for Content-Encoding compression options as specified in RFC2616
+	     Section 3.5 Defaults off, because it weakens TLS (CRIME attack). -->
+	<key>ResponseCompression</key>
+	<false/>
+
+	<!-- The retry-after value (in seconds) to return with a 503 error -->
+	<key>HTTPRetryAfter</key>
+	<integer>180</integer>
+
+	<!-- Profiling options -->
+	<key>Profiling</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<key>BaseDirectory</key>
+		<string>/tmp/stats</string>
+	</dict>
+
+	<key>Memcached</key>
+	<dict>
+		<key>MaxClients</key>
+		<integer>5</integer>
+
+		<key>Pools</key>
+		<dict>
+			<key>Default</key>
+			<dict>
+				<!-- A unix socket used for communication with memcached. If MemcacheSocket
+				     is empty string, an AF_INET socket is used. -->
+				<key>MemcacheSocket</key>
+				<string></string>
+
+				<key>ClientEnabled</key>
+				<true/>
+
+				<!-- The server is handled outside our containers -->
+				<key>ServerEnabled</key>
+				<false/>
+
+				<key>BindAddress</key>
+				<string>$MEMCACHED_HOST</string>
+				<!-- <string>memcached</string> -->
+
+				<key>Port</key>
+				<integer>$MEMCACHED_PORT</integer>
+				<!-- <integer>11211</integer> -->
+
+				<!-- Possible types: "OpenDirectoryBacker", "ImplicitUIDLock",
+				     "RefreshUIDLock", "DIGESTCREDENTIALS", "resourceInfoDB", "pubsubnodes",
+				     "FBCache", "ScheduleAddressMapper", "SQL.props", "SQL.calhome",
+				     "SQL.adbkhome", -->
+				<key>HandleCacheTypes</key>
+				<array>
+					<string>Default</string>
+				</array>
+			</dict>
+
+			<!-- "Shared": { "ClientEnabled": True, "ServerEnabled": True, "BindAddress":
+			     "127.0.0.1", "Port": 11211, "HandleCacheTypes": [ "ProxyDB",
+			     "DelegatesDB", "PrincipalToken", ] }, -->
+		</dict>
+
+		<!-- Find in PATH -->
+		<key>memcached</key>
+		<string>memcached</string>
+
+		<!-- Megabytes -->
+		<key>MaxMemory</key>
+		<integer>0</integer>
+
+		<key>Options</key>
+		<array>
+		</array>
+
+		<key>ProxyDBKeyNormalization</key>
+		<true/>
+	</dict>
+
+	<key>Postgres</key>
+	<dict>
+		<key>DatabaseName</key>
+		<string>caldav</string>
+
+		<key>ClusterName</key>
+		<string>cluster</string>
+
+		<key>LogFile</key>
+		<string>postgres.log</string>
+
+		<key>LogRotation</key>
+		<false/>
+
+		<key>SocketDirectory</key>
+		<string></string>
+
+		<key>SocketName</key>
+		<string></string>
+
+		<key>ListenAddresses</key>
+		<array>
+		</array>
+
+		<!-- Time out transactions -->
+		<key>TxnTimeoutSeconds</key>
+		<integer>30</integer>
+
+		<!-- BuffersToConnectionsRatio * MaxConnections Note: don't set this, it will
+		     be computed dynamically See _updateMultiProcess( ) below for details -->
+		<key>SharedBuffers</key>
+		<integer>0</integer>
+
+		<!-- Dynamically computed based on ProcessCount, etc. Note: don't set this, it
+		     will be computed dynamically See _updateMultiProcess( ) below for details -->
+		<key>MaxConnections</key>
+		<integer>0</integer>
+
+		<!-- how many extra connections to leave for utilities -->
+		<key>ExtraConnections</key>
+		<integer>3</integer>
+
+		<key>BuffersToConnectionsRatio</key>
+		<real>1.5</real>
+
+		<key>Options</key>
+		<array>
+			<string>-c standard_conforming_strings=on</string>
+		</array>
+
+		<!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+		     pg_ctl tool to spawn it with? -->
+		<key>Ctl</key>
+		<string>pg_ctl</string>
+
+		<!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+		     initdb tool to create its database cluster with? -->
+		<key>Init</key>
+		<string>initdb</string>
+	</dict>
+
+	<key>QueryCaching</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>MemcachedPool</key>
+		<string>Default</string>
+
+		<key>ExpireSeconds</key>
+		<integer>3600</integer>
+	</dict>
+
+	<key>GroupCaching</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>UpdateSeconds</key>
+		<integer>300</integer>
+
+		<key>UseDirectoryBasedDelegates</key>
+		<false/>
+
+		<key>InitialSchedulingDelaySeconds</key>
+		<integer>10</integer>
+
+		<key>BatchSize</key>
+		<integer>100</integer>
+
+		<key>BatchSchedulingIntervalSeconds</key>
+		<integer>2</integer>
+	</dict>
+
+	<key>GroupAttendees</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<key>ReconciliationDelaySeconds</key>
+		<integer>5</integer>
+
+		<!-- 1 hour -->
+		<key>AutoUpdateSecondsFromNow</key>
+		<integer>3600</integer>
+	</dict>
+
+	<key>AutomaticPurging</key>
+	<dict>
+		<key>Enabled</key>
+		<true/>
+
+		<!-- 7 days -->
+		<key>PollingIntervalSeconds</key>
+		<integer>604800</integer>
+
+		<!-- No staggering -->
+		<key>CheckStaggerSeconds</key>
+		<integer>0</integer>
+
+		<!-- 7 days -->
+		<key>PurgeIntervalSeconds</key>
+		<integer>604800</integer>
+
+		<key>HomePurgeDelaySeconds</key>
+		<integer>60</integer>
+
+		<!-- 7 days -->
+		<key>GroupPurgeIntervalSeconds</key>
+		<integer>604800</integer>
+	</dict>
+
+	<key>Manhole</key>
+	<dict>
+		<key>Enabled</key>
+		<false/>
+
+		<!-- Set to False for telnet -->
+		<key>UseSSH</key>
+		<true/>
+
+		<!-- Master listens here, children increment -->
+		<key>StartingPortNumber</key>
+		<integer>5000</integer>
+
+		<!-- Directory Proxy listens here -->
+		<key>DPSPortNumber</key>
+		<integer>4999</integer>
+
+		<!-- Path to password file with lines of user:pass -->
+		<key>PasswordFilePath</key>
+		<string></string>
+
+		<!-- Relative to DataRoot -->
+		<key>sshKeyName</key>
+		<string>manhole.key</string>
+
+		<key>sshKeySize</key>
+		<integer>4096</integer>
+	</dict>
+
+	<key>EnableKeepAlive</key>
+	<false/>
+
+	<key>EnableResponseCache</key>
+	<true/>
+
+	<!-- Minutes -->
+	<key>ResponseCacheTimeout</key>
+	<integer>30</integer>
+
+	<key>EnableFreeBusyCache</key>
+	<true/>
+
+	<key>FreeBusyCacheDaysBack</key>
+	<integer>7</integer>
+
+	<key>FreeBusyCacheDaysForward</key>
+	<integer>84</integer>
+
+	<key>FreeBusyIndexLowerLimitDays</key>
+	<integer>365</integer>
+
+	<key>FreeBusyIndexExpandAheadDays</key>
+	<integer>365</integer>
+
+	<key>FreeBusyIndexExpandMaxDays</key>
+	<integer>1825</integer>
+
+	<key>FreeBusyIndexDelayedExpand</key>
+	<false/>
+
+	<key>FreeBusyIndexSmartUpdate</key>
+	<true/>
+
+	<!-- The RootResource uses a twext property store. Specify the class here -->
+	<key>RootResourcePropStoreClass</key>
+	<string>txweb2.dav.xattrprops.xattrPropertyStore</string>
+
+	<!-- Used in the command line utilities to specify which service class to use
+	     to carry out work. -->
+	<key>UtilityServiceClass</key>
+	<string></string>
+
+	<!-- Inbox items created more than MigratedInboxDaysCutoff days in the past are
+	     removed during migration -->
+	<key>MigratedInboxDaysCutoff</key>
+	<integer>60</integer>
+
+	<!-- The default timezone for the server; on OS X you can leave this empty and
+	     the system's timezone will be used.  If empty and not on OS X it will
+	     default to America/Los_Angeles. -->
+	<key>DefaultTimezone</key>
+	<string></string>
+
+	<!-- After this many seconds of no admin requests, shutdown the agent.  Zero
+	     means no automatic shutdown. -->
+	<key>AgentInactivityTimeoutSeconds</key>
+	<integer>300</integer>
+
+	<!-- Program to execute if the service cannot start; for example in OS X we
+	     want to call serveradmin to disable the service so launchd does not keep
+	     respawning it.  Empty string to disable this feature. -->
+	<key>ServiceDisablingProgram</key>
+	<string></string>
+
+	<!-- Program to execute to post an alert to the administrator; for example in
+	     OS X we want to call calendarserver_alert &lt;alert-type&gt; &lt;args&gt; -->
+	<key>AlertPostingProgram</key>
+	<string></string>
+
+	<!-- These three keys are relative to ConfigRoot: -->
+
+	<!-- Config to read first and merge -->
+	<key>ImportConfig</key>
+	<string></string>
+
+	<!-- Other plists to parse after this one; note that an Include can change the
+	     ServerRoot and/or ConfigRoot, thereby affecting the locations of the
+	     following Includes in the list. (Useful for service directory relocation) -->
+	<key>Includes</key>
+	<array>
+	</array>
+
+	<!-- Which config file calendarserver_config should  write to for changes;
+	     empty string means the main config file -->
+	<key>WritableConfigFile</key>
+	<string></string>
+</dict>
+</plist>
diff --git a/contrib/docker_compose/docker-compose.yml b/contrib/docker_compose/docker-compose.yml
new file mode 100644
index 000000000..2bcc1ebea
--- /dev/null
+++ b/contrib/docker_compose/docker-compose.yml
@@ -0,0 +1,78 @@
+version: "3.4"
+
+services:
+  ccs:
+    image: ccs
+    restart: always
+    environment:
+      VIRTUAL_HOST: "127.0.0.1"
+      #LETSENCRYPT_HOST: "example.com"
+      #LETSENCRYPT_EMAIL: "mail@example.com"
+      POSTGRES_HOST: 'tcp:postgres:5432'
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASS: test1234
+    volumes:
+     - ccsdata:/var/db/caldavd
+     - ccsconf:/etc/caldavd
+    networks:
+      - ccsnet
+      - proxynet
+    depends_on:
+      - postgres
+      - memcached
+  postgres:
+    image: postgres
+    restart: always
+    environment:
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASSWORD: test1234
+    volumes:
+      - "dbdata:/var/lib/postgresql/data"
+    restart: always
+    networks:
+      - ccsnet
+  memcached:
+    image: memcached:1.5-alpine
+    networks:
+      - ccsnet
+  proxy:
+    image: jwilder/nginx-proxy:alpine
+    restart: always
+    labels: 
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
+    volumes:
+      - "proxycerts:/etc/nginx/certs:ro"
+      - "proxyvhosts:/etc/nginx/vhost.d"
+      - "proxyhtml:/usr/share/nginx/html"
+      - "/var/run/docker.sock:/tmp/docker.sock:ro"
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - proxynet
+  letsencrypt:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    restart: always
+    environment:
+      NGINX_PROXY_CONTAINER: proxy
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "proxycerts:/etc/nginx/certs"
+      - "proxyvhosts:/etc/nginx/vhost.d"
+      - "proxyhtml:/usr/share/nginx/html"
+    depends_on:
+      - proxy
+
+volumes:
+  dbdata:
+  ccsdata:
+  ccsconf:
+  proxycerts:
+  proxyvhosts:
+  proxyhtml:
+
+networks:
+  ccsnet:
+  proxynet:
\ No newline at end of file
diff --git a/contrib/docker_compose/docker_cmd.sh b/contrib/docker_compose/docker_cmd.sh
new file mode 100644
index 000000000..c3fabb11e
--- /dev/null
+++ b/contrib/docker_compose/docker_cmd.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# echo "ccs:x:$(id -u):$(id -g):Calendar and Contacts Server:/opt/ccs:/bin/bash" >> /etc/passwd
+
+# Just get our conf file
+CCS_CONF_TEMP_FILE="/opt/ccs/caldavd.plist.template"
+
+# It is important that this dir is world-writable,
+# /tmp usually is
+CCS_CONF_FILE="/etc/caldavd/caldavd.plist"
+CCS_AUTH_FILE="/etc/caldavd/accounts.xml"
+
+# create SQL tables on first run
+echo $(awk -F: '{print $2":"$3}' <<< $POSTGRES_HOST):$POSTGRES_DB:$POSTGRES_USER:$POSTGRES_PASS > ~/.pgpass
+chmod 600 ~/.pgpass
+
+# wait for postgres to be available
+export PGHOST=$(awk -F: '{print $2}' <<< $POSTGRES_HOST)
+until psql -h $PGHOST -U $POSTGRES_USER $POSTGRES_DB -c '\q'; do
+  >&2 echo "Postgres is unavailable - sleeping"
+  sleep 1
+done
+
+TD=$(psql -h $PGHOST -U $POSTGRES_USER $POSTGRES_DB <<< '\dt')
+
+if [ "$TD" = "No relations found." ]; then
+    psql -h $PGHOST -U $POSTGRES_USER $POSTGRES_DB < /opt/ccs/txdav/common/datastore/sql_schema/current.sql
+fi
+
+# create config file on first run
+if [ ! -f $CCS_CONF_FILE ]; then
+    envsubst < $CCS_CONF_TEMP_FILE > $CCS_CONF_FILE
+fi
+
+# create auth file if not available
+if [ ! -f $CCS_AUTH_FILE ]; then
+    cp /opt/ccs/conf/auth/accounts.xml $CCS_AUTH_FILE
+    cp /opt/ccs/conf/auth/*.dtd /etc/caldavd
+fi
+
+# Run caldavd, no daemonize, log to stdout
+caldavd -X -L -f $CCS_CONF_FILE
+

From 37a0f00de6201580beaffb3444b7b483efa59866 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 14 May 2018 09:55:59 +0200
Subject: [PATCH 12/19] docker_entrypoint.sh should be executable

---
 contrib/docker/docker_entrypoint.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 contrib/docker/docker_entrypoint.sh

diff --git a/contrib/docker/docker_entrypoint.sh b/contrib/docker/docker_entrypoint.sh
old mode 100644
new mode 100755

From 029c3adefb6a9781b32902a3f64f207132a1be38 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 14 May 2018 10:33:06 +0200
Subject: [PATCH 13/19] removed base conf; envsubst user conf; refactoring

---
 Dockerfile                            |  35 ++++--
 contrib/docker/caldavd.base.plist     |  82 -------------
 contrib/docker/caldavd.envsubst.plist | 160 ++++++++++----------------
 contrib/docker/docker-compose.yml     |  49 ++++++++
 contrib/docker/docker_entrypoint.sh   |   8 ++
 5 files changed, 143 insertions(+), 191 deletions(-)
 delete mode 100644 contrib/docker/caldavd.base.plist
 create mode 100644 contrib/docker/docker-compose.yml

diff --git a/Dockerfile b/Dockerfile
index 520912383..6c6c6b4e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,12 +8,22 @@ LABEL maintainer                    = "giorgio.azzinnaro@gmail.com"
 
 # Straight from CCS GitHub install guide
 # except for gettext-base, which we need for "envsubst"
-RUN apt-get update &&                                       \
-    apt-get -y install build-essential                      \
-        python-setuptools python-pip python-dev             \
-        git curl gettext-base                               \
-        libssl-dev libreadline6-dev libkrb5-dev libffi-dev  \
-        libldap2-dev libsasl2-dev zlib1g-dev
+RUN apt-get update &&       \
+    apt-get -y install      \
+        build-essential     \
+        curl                \
+        gettext-base        \
+        git                 \
+        libffi-dev          \
+        libkrb5-dev         \
+        libldap2-dev        \
+        libreadline6-dev    \
+        libsasl2-dev        \
+        libssl-dev          \
+        python-dev          \
+        python-pip          \
+        python-setuptools   \
+        zlib1g-dev
 
 # All of the source code is in here
 ADD . /home/ccs
@@ -24,9 +34,16 @@ WORKDIR /home/ccs
 RUN pip install -r requirements-default.txt 
 
 # Create all runtime directories and ensure right permissions for OC
-RUN mkdir -p /var/db/caldavd /var/log/caldavd /var/run/caldavd &&                   \
-    chmod -R g+rwX /home/ccs /var/db/caldavd /var/log/caldavd /var/run/caldavd &&   \
-    chmod g=u /etc/passwd
+RUN mkdir -p        /var/db/caldavd     \
+                    /var/log/caldavd    \
+                    /var/run/caldavd    \
+                    /etc/caldavd &&     \
+    chmod -R g+rwX  /home/ccs           \
+                    /var/db/caldavd     \
+                    /var/log/caldavd    \
+                    /var/run/caldavd    \
+                    /etc/caldavd &&     \
+    chmod g=u       /etc/passwd
 
 # TODO Check if everything is in this dir
 VOLUME [ "/var/db/caldavd" ]
diff --git a/contrib/docker/caldavd.base.plist b/contrib/docker/caldavd.base.plist
deleted file mode 100644
index 1e10de07b..000000000
--- a/contrib/docker/caldavd.base.plist
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-
-<!--
-    Copyright (c) 2006-2017 Apple Inc. All rights reserved.
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-  -->
-
-<!-- 
-    This is used as base for configuration,
-    it may explicitly declare some config coming from
-    /home/ccs/conf/caldavd-stdconfig.plist
-    to provide good documentation.
-
-    This file is not to be used alone.
-    docker_entrypoint.sh generates a configuration file,
-    that imports this as a base,
-    and then includes user configurable files
-    from volume /etc/caldavd.
-
-    Edit /etc/caldavd/caldavd.ext.plist for your custom configuration!
- -->
-<plist version="1.0">
-<dict>
-
-	<!-- Docker: Must be above 1024 for OpenShift -->
-	<!-- HTTP port (0 to disable HTTP) -->
-	<key>HTTPPort</key>
-	<integer>8080</integer>
-
-	<!-- True: database; False: files (deprecated) -->
-	<key>UseDatabase</key>
-	<true/>
-
-	<!-- Possible values: empty, meaning 'spawn postgres yourself', or 'postgres'
-	     or 'oracle', meaning 'connect to a postgres or Oracle database as
-	     specified by the 'DSN' configuration key. -->
-	<key>DBType</key>
-	<string>postgres</string>
-
-	<!-- Features supported by the database
-
-	     'skip-locked': SKIP LOCKED available with SELECT (remove if using postgres
-	     &lt; v9.5) -->
-	<key>DBFeatures</key>
-	<array>
-		<string>skip-locked</string>
-	</array>
-
-	<!-- Set to True to prevent the server or utility tools from running if the
-	     database needs a schema upgrade. -->
-	<key>FailIfUpgradeNeeded</key>
-	<true/>
-
-	<!-- Set to True to check the current database schema against the schema file
-	     matching the database schema version. -->
-	<key>CheckExistingSchema</key>
-	<true/>
-
-	<!-- Data store -->
-
-	<!-- The top level directory, contains (by default) ConfigRoot and DataRoot -->
-	<key>ServerRoot</key>
-	<string>/var/db/caldavd</string>
-
-	<!-- Config directory, contains additional config files -->
-	<key>ConfigRoot</key>
-	<string>/etc/caldavd</string>
-
-</dict>
-</plist>
diff --git a/contrib/docker/caldavd.envsubst.plist b/contrib/docker/caldavd.envsubst.plist
index bb672fc14..974d91bd4 100644
--- a/contrib/docker/caldavd.envsubst.plist
+++ b/contrib/docker/caldavd.envsubst.plist
@@ -36,6 +36,66 @@
 <plist version="1.0">
 <dict>
 
+	<!-- Docker: Must be above 1024 for OpenShift -->
+	<!-- HTTP port (0 to disable HTTP) -->
+	<key>HTTPPort</key>
+	<integer>8080</integer>
+
+	<!-- True: database; False: files (deprecated) -->
+	<key>UseDatabase</key>
+	<true/>
+
+	<!-- Possible values: empty, meaning 'spawn postgres yourself', or 'postgres'
+	     or 'oracle', meaning 'connect to a postgres or Oracle database as
+	     specified by the 'DSN' configuration key. -->
+	<key>DBType</key>
+	<string>postgres</string>
+
+	<!-- Features supported by the database
+
+	     'skip-locked': SKIP LOCKED available with SELECT (remove if using postgres
+	     &lt; v9.5) -->
+	<key>DBFeatures</key>
+	<array>
+		<string>skip-locked</string>
+	</array>
+
+	<!-- Set to True to prevent the server or utility tools from running if the
+	     database needs a schema upgrade. -->
+	<key>FailIfUpgradeNeeded</key>
+	<true/>
+
+	<!-- Set to True to check the current database schema against the schema file
+	     matching the database schema version. -->
+	<key>CheckExistingSchema</key>
+	<true/>
+
+	<!-- Data store -->
+
+	<!-- The top level directory, contains (by default) ConfigRoot and DataRoot -->
+	<key>ServerRoot</key>
+	<string>/var/db/caldavd</string>
+
+	<!-- Config directory, contains additional config files -->
+	<key>ConfigRoot</key>
+	<string>/etc/caldavd</string>
+
+	<!-- These three keys are relative to ConfigRoot: -->
+
+	<!-- Other plists to parse after this one; note that an Include can change the
+	     ServerRoot and/or ConfigRoot, thereby affecting the locations of the
+	     following Includes in the list. (Useful for service directory relocation) -->
+	<key>Includes</key>
+	<array>
+		<string>/etc/caldavd/caldavd.ext.plist</string>
+		<string>/etc/caldavd/caldavd.writable.plist</string>
+	</array>
+
+	<!-- Which config file calendarserver_config should  write to for changes;
+	     empty string means the main config file -->
+	<key>WritableConfigFile</key>
+	<string>/etc/caldavd/caldavd.writable.plist</string>
+
 	<!-- Used to connect to an external database if DBType is non-empty -->
 	<key>DatabaseConnection</key>
 	<dict>
@@ -64,86 +124,6 @@
 		<false/>
 	</dict>
 
-	<!-- Directory service
-
-	     A directory service provides information about principals (e.g. users,
-	     groups, locations and resources) to the server. -->
-
-	<!-- XML File Directory Service -->
-	<key>DirectoryService</key>
-	<dict>
-	  <key>type</key>
-	  <string>xml</string>
-	  
-	  <key>params</key>
-	  <dict>
-
-	    <key>xmlFile</key>
-	    <string>/etc/caldavd/accounts.xml</string>
-	    <key>recordTypes</key>
-	    <array>
-	      <string>users</string>
-	      <string>groups</string>
-	    </array>
-	  </dict>
-	</dict>
-
-	<key>DirectoryRealmName</key>
-	<string></string>
-
-	<!-- Apply an additional filter for attendee lookups where names must start
-	     with the search tokens rather than just contain them. -->
-	<key>DirectoryFilterStartsWith</key>
-	<false/>
-
-	<!-- Locations and Resources service
-
-	     Supplements the directory service with information about locations and
-	     resources. -->
-
-	<key>ResourceService</key>
-	<dict>
-		<key>Enabled</key>
-		<true/>
-
-		<key>type</key>
-		<string>xml</string>
-
-		<key>params</key>
-		<dict>
-			<key>recordTypes</key>
-			<array>
-				<string>locations</string>
-				<string>resources</string>
-				<string>addresses</string>
-			</array>
-
-			<key>xmlFile</key>
-			<string>resources.xml</string>
-		</dict>
-	</dict>
-
-	<!-- Augment service
-
-	     Augments for the directory service records to add calendar specific
-	     attributes. -->
-
-	<key>AugmentService</key>
-	<dict>
-		<key>type</key>
-		<string>xml</string>
-
-		<key>params</key>
-		<dict>
-			<key>xmlFiles</key>
-			<array>
-			</array>
-
-			<key>statSeconds</key>
-			<integer>15</integer>
-		</dict>
-	</dict>
-
 	<key>Memcached</key>
 	<dict>
 		<key>MaxClients</key>
@@ -203,25 +183,5 @@
 		<key>ProxyDBKeyNormalization</key>
 		<true/>
 	</dict>
-
-	<!-- These three keys are relative to ConfigRoot: -->
-
-	<!-- Config to read first and merge -->
-	<key>ImportConfig</key>
-	<string>/home/ccs/contrib/caldavd.base.plist</string>
-
-	<!-- Other plists to parse after this one; note that an Include can change the
-	     ServerRoot and/or ConfigRoot, thereby affecting the locations of the
-	     following Includes in the list. (Useful for service directory relocation) -->
-	<key>Includes</key>
-	<array>
-	<string>/etc/caldavd/caldavd.ext.plist</string>
-	<string>/etc/caldavd/caldavd.writable.plist</string>
-	</array>
-
-	<!-- Which config file calendarserver_config should  write to for changes;
-	     empty string means the main config file -->
-	<key>WritableConfigFile</key>
-	<string>/etc/caldavd/caldavd.writable.plist</string>
 </dict>
 </plist>
diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
new file mode 100644
index 000000000..9d479cbc9
--- /dev/null
+++ b/contrib/docker/docker-compose.yml
@@ -0,0 +1,49 @@
+version: "3.4"
+
+services:
+  ccs:
+    image: giorgioazzinnaro/ccs-calendarserver
+    restart: always
+    environment:
+      POSTGRES_HOST: 'tcp:postgres:5432'
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASS: test1234
+      MEMCACHED_HOST: memcached
+      MEMCACHED_PORT: 11211
+    volumes:
+     - ccsdata:/var/db/caldavd
+     - ccsconf:/etc/caldavd
+    networks:
+      - ccsnet
+    depends_on:
+      - postgres
+      - memcached
+
+  postgres:
+    image: postgres
+    restart: always
+    environment:
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASSWORD: test1234
+    volumes:
+      - "postgresdata:/var/lib/postgresql/data"
+    restart: always
+    networks:
+      - ccsnet
+
+  memcached:
+    image: memcached:1.5
+    networks:
+      - ccsnet
+
+
+volumes:
+  postgresdata:
+  ccsdata:
+  ccsconf:
+
+
+networks:
+  ccsnet:
\ No newline at end of file
diff --git a/contrib/docker/docker_entrypoint.sh b/contrib/docker/docker_entrypoint.sh
index b52dbe6af..1feca6f14 100755
--- a/contrib/docker/docker_entrypoint.sh
+++ b/contrib/docker/docker_entrypoint.sh
@@ -13,7 +13,15 @@ CCS_CONF_TEMP_FILE="/home/ccs/contrib/docker/caldavd.envsubst.plist"
 # /tmp usually is
 export CCS_CONF_FILE="/tmp/caldavd.plist"
 
+# This file may be added by the user in a volume
+CCS_USER_CONF_FILE="/etc/caldavd/caldavd.ext.plist"
+
 # Replace any env variable as they come from docker run
 envsubst < $CCS_CONF_TEMP_FILE > $CCS_CONF_FILE
 
+# Replace env variables in user defined config if exists
+if [ -f $CCS_USER_CONF_FILE ]; then
+    envsubst < $CCS_USER_CONF_FILE > $CCS_USER_CONF_FILE
+fi
+
 exec "$@"

From 6f8e30788441fcec85911df6fa0de6e4f50c94aa Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 14 May 2018 14:23:29 +0200
Subject: [PATCH 14/19] correcting CMD config file

---
 Dockerfile                        | 2 +-
 contrib/docker/docker-compose.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6c6c6b4e2..fb9bfdfe8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,4 +69,4 @@ USER 1000
 # This entry point simply creates /tmp/caldavd.plist,
 # using the given ENV as placeholders
 ENTRYPOINT [ "/home/ccs/contrib/docker/docker_entrypoint.sh" ]
-CMD [ "caldavd", "-X", "-L", "-f", "$CCS_CONF_FILE" ]
\ No newline at end of file
+CMD [ "caldavd", "-X", "-L", "-f", "/tmp/caldavd.plist" ]
\ No newline at end of file
diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
index 9d479cbc9..f4ace2f9b 100644
--- a/contrib/docker/docker-compose.yml
+++ b/contrib/docker/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.4"
+version: "3"
 
 services:
   ccs:

From 0b91db0644ed7bb93ee2fcdc910e72e5cd85dbc9 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 14 May 2018 15:03:00 +0200
Subject: [PATCH 15/19] config file in docker compose for sql init

---
 contrib/docker/docker-compose.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
index f4ace2f9b..ed52f9dc0 100644
--- a/contrib/docker/docker-compose.yml
+++ b/contrib/docker/docker-compose.yml
@@ -1,9 +1,12 @@
-version: "3"
+version: "3.3"
+
+configs:
+  sql_seed:
+    file: ../../txdav/common/datastore/sql_schema/current.sql
 
 services:
   ccs:
     image: giorgioazzinnaro/ccs-calendarserver
-    restart: always
     environment:
       POSTGRES_HOST: 'tcp:postgres:5432'
       POSTGRES_DB: ccs
@@ -16,9 +19,12 @@ services:
      - ccsconf:/etc/caldavd
     networks:
       - ccsnet
+    ports:
+      - "8080:8080"
     depends_on:
       - postgres
       - memcached
+    restart: always
 
   postgres:
     image: postgres
@@ -29,7 +35,9 @@ services:
       POSTGRES_PASSWORD: test1234
     volumes:
       - "postgresdata:/var/lib/postgresql/data"
-    restart: always
+    configs:
+      - source: sql_seed
+        target: /docker-entrypoint-initdb.d/ccs.sql
     networks:
       - ccsnet
 

From 227b59b0f76afc23709fea09a1c86a96117e8063 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Mon, 14 May 2018 15:11:03 +0200
Subject: [PATCH 16/19] docs

---
 contrib/docker/README.md | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 0ecce84a1..162b1525e 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -8,11 +8,26 @@ It uses `setup.py` and expects external __Postgres__ and __Memcached__.
 __Postgres__ schema must be manually defined during the first run,
 using [current.sql](https://github.com/apple/ccs-calendarserver/blob/master/txdav/common/datastore/sql_schema/current.sql).
 
+What is being done in our `docker-compose.yml` is adding the SQL file in
+`/docker-entrypoint-initdb.d` as suggested
+[here](https://hub.docker.com/_/postgres/), at chapter:
+*How to extend this image*.
+
+## Running
+
+### Docker Swarm
+```bash
+$ docker stack deploy -c docker-compose.yml ccs-stack
+```
+
+### K8s / OpenShift
+__TODO__
+
 
 ## Configuration
 
 Configuration of CCS is done in multiple layers:
 
-1. `caldavd.base.plist`, is added as is to the image. Is not to be used alone: it is imported by:
-2. `caldavd.envsubst.plist`, on which env variable are replaced by `docker_entrypoint.sh`. This takes care of loading:
-3. `/etc/caldavd/caldavd.ext.plist`, which may be added via a *VOLUME*.
\ No newline at end of file
+1. `caldavd.envsubst.plist`, on which env variable are replaced by `docker_entrypoint.sh`. This takes care of loading:
+2. `/etc/caldavd/caldavd.ext.plist`, which may be added via a *VOLUME*, envsubst is applied.
+3. `/etc/caldavd/caldavd.writable.plist`, as a writable config file is required by CCS
\ No newline at end of file

From 1ff7cd95df0d25ed0cccf6b667e51e899631c0b6 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sun, 10 Jun 2018 10:58:46 +0200
Subject: [PATCH 17/19] setting up an example config for directory with xml

---
 contrib/docker/README.md                      | 15 ++++-
 contrib/docker/docker_entrypoint.sh           | 10 +++-
 contrib/docker/samples/xml/conf/accounts.xml  | 38 ++++++++++++
 .../docker/samples/xml/conf/caldavd.ext.plist | 46 +++++++++++++++
 contrib/docker/samples/xml/docker-compose.yml | 58 +++++++++++++++++++
 5 files changed, 162 insertions(+), 5 deletions(-)
 create mode 100644 contrib/docker/samples/xml/conf/accounts.xml
 create mode 100644 contrib/docker/samples/xml/conf/caldavd.ext.plist
 create mode 100644 contrib/docker/samples/xml/docker-compose.yml

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 162b1525e..662ad8aa3 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -29,5 +29,16 @@ __TODO__
 Configuration of CCS is done in multiple layers:
 
 1. `caldavd.envsubst.plist`, on which env variable are replaced by `docker_entrypoint.sh`. This takes care of loading:
-2. `/etc/caldavd/caldavd.ext.plist`, which may be added via a *VOLUME*, envsubst is applied.
-3. `/etc/caldavd/caldavd.writable.plist`, as a writable config file is required by CCS
\ No newline at end of file
+2. `/etc/caldavd/caldavd.ext.plist`, which may be added via a *VOLUME*, envsubst is __NOT__ applied to this.
+3. `/etc/caldavd/caldavd.writable.plist`, as a writable config file is required by CCS.
+
+
+### XML example
+In `contrib/docker/samples/xml` is a sample Docker stack where
+XML is used to define accounts.
+
+### LDAP example
+__TODO__
+
+In `contrib/docker/samples/ldap` a stack with Apache DS is defined
+to test getting resources via LDAP.
\ No newline at end of file
diff --git a/contrib/docker/docker_entrypoint.sh b/contrib/docker/docker_entrypoint.sh
index 1feca6f14..73d384049 100755
--- a/contrib/docker/docker_entrypoint.sh
+++ b/contrib/docker/docker_entrypoint.sh
@@ -19,9 +19,13 @@ CCS_USER_CONF_FILE="/etc/caldavd/caldavd.ext.plist"
 # Replace any env variable as they come from docker run
 envsubst < $CCS_CONF_TEMP_FILE > $CCS_CONF_FILE
 
+# Doesn't work in-place,
+# doesn't make much sense to have either:
+# as the user is already defining their config...
+#
 # Replace env variables in user defined config if exists
-if [ -f $CCS_USER_CONF_FILE ]; then
-    envsubst < $CCS_USER_CONF_FILE > $CCS_USER_CONF_FILE
-fi
+# if [ -f $CCS_USER_CONF_FILE ]; then
+#     envsubst < $CCS_USER_CONF_FILE > $CCS_USER_CONF_FILE
+# fi
 
 exec "$@"
diff --git a/contrib/docker/samples/xml/conf/accounts.xml b/contrib/docker/samples/xml/conf/accounts.xml
new file mode 100644
index 000000000..8030f5863
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/accounts.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE accounts SYSTEM "accounts.dtd">
+
+<directory realm="Test Realm">
+<record>
+    <uid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</uid>
+    <guid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</guid>
+    <short-name>admin</short-name>
+    <password>admin</password>
+    <full-name>Super User</full-name>
+    <email>admin@example.com</email>
+</record>
+<record>
+    <uid>29B6C503-11DF-43EC-8CCA-40C7003149CE</uid>
+    <guid>29B6C503-11DF-43EC-8CCA-40C7003149CE</guid>
+    <short-name>test</short-name>
+    <password>test</password>
+    <full-name>Test User</full-name>
+    <email>test@example.com</email>
+</record>
+</directory>
diff --git a/contrib/docker/samples/xml/conf/caldavd.ext.plist b/contrib/docker/samples/xml/conf/caldavd.ext.plist
new file mode 100644
index 000000000..5b6d5353d
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/caldavd.ext.plist
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+  -->
+
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+
+    <!--
+        Directory service
+
+        A directory service provides information about principals (eg.
+        users, groups, locations and resources) to the server.
+
+        A variety of directory services are available for use.
+      -->
+
+    <!-- XML directory service -->
+    <key>DirectoryService</key>
+    <dict>
+      <key>type</key>
+      <string>xml</string>
+      
+      <key>params</key>
+      <dict>
+        <key>xmlFile</key>
+        <string>/etc/caldavd/accounts.xml</string>
+      </dict>
+    </dict>
+
+  </dict>
+</plist>
diff --git a/contrib/docker/samples/xml/docker-compose.yml b/contrib/docker/samples/xml/docker-compose.yml
new file mode 100644
index 000000000..0ca3ab24c
--- /dev/null
+++ b/contrib/docker/samples/xml/docker-compose.yml
@@ -0,0 +1,58 @@
+
+version: "3.3"
+
+configs:
+  sql_seed:
+    file: ../../../../txdav/common/datastore/sql_schema/current.sql
+
+services:
+  ccs:
+    image: giorgioazzinnaro/ccs-calendarserver
+    environment:
+      POSTGRES_HOST: 'tcp:postgres:5432'
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASS: test1234
+      MEMCACHED_HOST: memcached
+      MEMCACHED_PORT: 11211
+    volumes:
+     - ccsdata:/var/db/caldavd
+     - ./conf:/etc/caldavd
+    networks:
+      - ccsnet
+    ports:
+      - "8080:8080"
+    depends_on:
+      - postgres
+      - memcached
+    restart: always
+
+  postgres:
+    image: postgres
+    restart: always
+    environment:
+      POSTGRES_DB: ccs
+      POSTGRES_USER: caldavd
+      POSTGRES_PASSWORD: test1234
+    volumes:
+      - "postgresdata:/var/lib/postgresql/data"
+    configs:
+      - source: sql_seed
+        target: /docker-entrypoint-initdb.d/ccs.sql
+    networks:
+      - ccsnet
+
+  memcached:
+    image: memcached:1.5
+    networks:
+      - ccsnet
+
+
+volumes:
+  postgresdata:
+  ccsdata:
+  ccsconf:
+
+
+networks:
+  ccsnet:
\ No newline at end of file

From 3a4c2c114eb5c496acc7a70066fd8d91606d8bb9 Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sun, 10 Jun 2018 13:56:52 +0200
Subject: [PATCH 18/19] a full example based on original README.md

---
 .../docker/samples/xml/conf/accounts-test.xml | 1648 +++++++++++++++++
 contrib/docker/samples/xml/conf/accounts.xml  |   38 -
 .../docker/samples/xml/conf/augments-test.xml |   82 +
 .../docker/samples/xml/conf/caldavd.ext.plist |   84 +-
 .../docker/samples/xml/conf/proxies-test.xml  |  120 ++
 .../samples/xml/conf/resources-test.xml       | 1253 +++++++++++++
 6 files changed, 3186 insertions(+), 39 deletions(-)
 create mode 100755 contrib/docker/samples/xml/conf/accounts-test.xml
 delete mode 100644 contrib/docker/samples/xml/conf/accounts.xml
 create mode 100644 contrib/docker/samples/xml/conf/augments-test.xml
 create mode 100644 contrib/docker/samples/xml/conf/proxies-test.xml
 create mode 100755 contrib/docker/samples/xml/conf/resources-test.xml

diff --git a/contrib/docker/samples/xml/conf/accounts-test.xml b/contrib/docker/samples/xml/conf/accounts-test.xml
new file mode 100755
index 000000000..d3f5afc5f
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/accounts-test.xml
@@ -0,0 +1,1648 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE accounts SYSTEM "accounts.dtd">
+
+<directory realm="Test Realm">
+<record>
+    <uid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</uid>
+    <guid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</guid>
+    <short-name>admin</short-name>
+    <password>admin</password>
+    <full-name>Super User</full-name>
+    <email>admin@example.com</email>
+</record>
+<record>
+    <uid>29B6C503-11DF-43EC-8CCA-40C7003149CE</uid>
+    <guid>29B6C503-11DF-43EC-8CCA-40C7003149CE</guid>
+    <short-name>apprentice</short-name>
+    <password>apprentice</password>
+    <full-name>Apprentice Super User</full-name>
+    <email>apprentice@example.com</email>
+</record>
+<record>
+    <uid>860B3EE9-6D7C-4296-9639-E6B998074A78</uid>
+    <guid>860B3EE9-6D7C-4296-9639-E6B998074A78</guid>
+    <short-name>i18nuser</short-name>
+    <password>i18nuser</password>
+    <full-name>まだ</full-name>
+    <email>i18nuser@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000001</uid>
+    <guid>10000000-0000-0000-0000-000000000001</guid>
+    <short-name>user01</short-name>
+    <password>user01</password>
+    <full-name>User 01</full-name>
+    <email>user01@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000002</uid>
+    <guid>10000000-0000-0000-0000-000000000002</guid>
+    <short-name>user02</short-name>
+    <password>user02</password>
+    <full-name>User 02</full-name>
+    <email>user02@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000003</uid>
+    <guid>10000000-0000-0000-0000-000000000003</guid>
+    <short-name>user03</short-name>
+    <password>user03</password>
+    <full-name>User 03</full-name>
+    <email>user03@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000004</uid>
+    <guid>10000000-0000-0000-0000-000000000004</guid>
+    <short-name>user04</short-name>
+    <password>user04</password>
+    <full-name>User 04</full-name>
+    <email>user04@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000005</uid>
+    <guid>10000000-0000-0000-0000-000000000005</guid>
+    <short-name>user05</short-name>
+    <password>user05</password>
+    <full-name>User 05</full-name>
+    <email>user05@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000006</uid>
+    <guid>10000000-0000-0000-0000-000000000006</guid>
+    <short-name>user06</short-name>
+    <password>user06</password>
+    <full-name>User 06</full-name>
+    <email>user06@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000007</uid>
+    <guid>10000000-0000-0000-0000-000000000007</guid>
+    <short-name>user07</short-name>
+    <password>user07</password>
+    <full-name>User 07</full-name>
+    <email>user07@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000008</uid>
+    <guid>10000000-0000-0000-0000-000000000008</guid>
+    <short-name>user08</short-name>
+    <password>user08</password>
+    <full-name>User 08</full-name>
+    <email>user08@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000009</uid>
+    <guid>10000000-0000-0000-0000-000000000009</guid>
+    <short-name>user09</short-name>
+    <password>user09</password>
+    <full-name>User 09</full-name>
+    <email>user09@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000010</uid>
+    <guid>10000000-0000-0000-0000-000000000010</guid>
+    <short-name>user10</short-name>
+    <password>user10</password>
+    <full-name>User 10</full-name>
+    <email>user10@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000011</uid>
+    <guid>10000000-0000-0000-0000-000000000011</guid>
+    <short-name>user11</short-name>
+    <password>user11</password>
+    <full-name>User 11</full-name>
+    <email>user11@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000012</uid>
+    <guid>10000000-0000-0000-0000-000000000012</guid>
+    <short-name>user12</short-name>
+    <password>user12</password>
+    <full-name>User 12</full-name>
+    <email>user12@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000013</uid>
+    <guid>10000000-0000-0000-0000-000000000013</guid>
+    <short-name>user13</short-name>
+    <password>user13</password>
+    <full-name>User 13</full-name>
+    <email>user13@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000014</uid>
+    <guid>10000000-0000-0000-0000-000000000014</guid>
+    <short-name>user14</short-name>
+    <password>user14</password>
+    <full-name>User 14</full-name>
+    <email>user14@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000015</uid>
+    <guid>10000000-0000-0000-0000-000000000015</guid>
+    <short-name>user15</short-name>
+    <password>user15</password>
+    <full-name>User 15</full-name>
+    <email>user15@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000016</uid>
+    <guid>10000000-0000-0000-0000-000000000016</guid>
+    <short-name>user16</short-name>
+    <password>user16</password>
+    <full-name>User 16</full-name>
+    <email>user16@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000017</uid>
+    <guid>10000000-0000-0000-0000-000000000017</guid>
+    <short-name>user17</short-name>
+    <password>user17</password>
+    <full-name>User 17</full-name>
+    <email>user17@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000018</uid>
+    <guid>10000000-0000-0000-0000-000000000018</guid>
+    <short-name>user18</short-name>
+    <password>user18</password>
+    <full-name>User 18</full-name>
+    <email>user18@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000019</uid>
+    <guid>10000000-0000-0000-0000-000000000019</guid>
+    <short-name>user19</short-name>
+    <password>user19</password>
+    <full-name>User 19</full-name>
+    <email>user19@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000020</uid>
+    <guid>10000000-0000-0000-0000-000000000020</guid>
+    <short-name>user20</short-name>
+    <password>user20</password>
+    <full-name>User 20</full-name>
+    <email>user20@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000021</uid>
+    <guid>10000000-0000-0000-0000-000000000021</guid>
+    <short-name>user21</short-name>
+    <password>user21</password>
+    <full-name>User 21</full-name>
+    <email>user21@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000022</uid>
+    <guid>10000000-0000-0000-0000-000000000022</guid>
+    <short-name>user22</short-name>
+    <password>user22</password>
+    <full-name>User 22</full-name>
+    <email>user22@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000023</uid>
+    <guid>10000000-0000-0000-0000-000000000023</guid>
+    <short-name>user23</short-name>
+    <password>user23</password>
+    <full-name>User 23</full-name>
+    <email>user23@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000024</uid>
+    <guid>10000000-0000-0000-0000-000000000024</guid>
+    <short-name>user24</short-name>
+    <password>user24</password>
+    <full-name>User 24</full-name>
+    <email>user24@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000025</uid>
+    <guid>10000000-0000-0000-0000-000000000025</guid>
+    <short-name>user25</short-name>
+    <password>user25</password>
+    <full-name>User 25</full-name>
+    <email>user25@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000026</uid>
+    <guid>10000000-0000-0000-0000-000000000026</guid>
+    <short-name>user26</short-name>
+    <password>user26</password>
+    <full-name>User 26</full-name>
+    <email>user26@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000027</uid>
+    <guid>10000000-0000-0000-0000-000000000027</guid>
+    <short-name>user27</short-name>
+    <password>user27</password>
+    <full-name>User 27</full-name>
+    <email>user27@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000028</uid>
+    <guid>10000000-0000-0000-0000-000000000028</guid>
+    <short-name>user28</short-name>
+    <password>user28</password>
+    <full-name>User 28</full-name>
+    <email>user28@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000029</uid>
+    <guid>10000000-0000-0000-0000-000000000029</guid>
+    <short-name>user29</short-name>
+    <password>user29</password>
+    <full-name>User 29</full-name>
+    <email>user29@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000030</uid>
+    <guid>10000000-0000-0000-0000-000000000030</guid>
+    <short-name>user30</short-name>
+    <password>user30</password>
+    <full-name>User 30</full-name>
+    <email>user30@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000031</uid>
+    <guid>10000000-0000-0000-0000-000000000031</guid>
+    <short-name>user31</short-name>
+    <password>user31</password>
+    <full-name>User 31</full-name>
+    <email>user31@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000032</uid>
+    <guid>10000000-0000-0000-0000-000000000032</guid>
+    <short-name>user32</short-name>
+    <password>user32</password>
+    <full-name>User 32</full-name>
+    <email>user32@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000033</uid>
+    <guid>10000000-0000-0000-0000-000000000033</guid>
+    <short-name>user33</short-name>
+    <password>user33</password>
+    <full-name>User 33</full-name>
+    <email>user33@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000034</uid>
+    <guid>10000000-0000-0000-0000-000000000034</guid>
+    <short-name>user34</short-name>
+    <password>user34</password>
+    <full-name>User 34</full-name>
+    <email>user34@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000035</uid>
+    <guid>10000000-0000-0000-0000-000000000035</guid>
+    <short-name>user35</short-name>
+    <password>user35</password>
+    <full-name>User 35</full-name>
+    <email>user35@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000036</uid>
+    <guid>10000000-0000-0000-0000-000000000036</guid>
+    <short-name>user36</short-name>
+    <password>user36</password>
+    <full-name>User 36</full-name>
+    <email>user36@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000037</uid>
+    <guid>10000000-0000-0000-0000-000000000037</guid>
+    <short-name>user37</short-name>
+    <password>user37</password>
+    <full-name>User 37</full-name>
+    <email>user37@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000038</uid>
+    <guid>10000000-0000-0000-0000-000000000038</guid>
+    <short-name>user38</short-name>
+    <password>user38</password>
+    <full-name>User 38</full-name>
+    <email>user38@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000039</uid>
+    <guid>10000000-0000-0000-0000-000000000039</guid>
+    <short-name>user39</short-name>
+    <password>user39</password>
+    <full-name>User 39</full-name>
+    <email>user39@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000040</uid>
+    <guid>10000000-0000-0000-0000-000000000040</guid>
+    <short-name>user40</short-name>
+    <password>user40</password>
+    <full-name>User 40</full-name>
+    <email>user40@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000041</uid>
+    <guid>10000000-0000-0000-0000-000000000041</guid>
+    <short-name>user41</short-name>
+    <password>user41</password>
+    <full-name>User 41</full-name>
+    <email>user41@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000042</uid>
+    <guid>10000000-0000-0000-0000-000000000042</guid>
+    <short-name>user42</short-name>
+    <password>user42</password>
+    <full-name>User 42</full-name>
+    <email>user42@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000043</uid>
+    <guid>10000000-0000-0000-0000-000000000043</guid>
+    <short-name>user43</short-name>
+    <password>user43</password>
+    <full-name>User 43</full-name>
+    <email>user43@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000044</uid>
+    <guid>10000000-0000-0000-0000-000000000044</guid>
+    <short-name>user44</short-name>
+    <password>user44</password>
+    <full-name>User 44</full-name>
+    <email>user44@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000045</uid>
+    <guid>10000000-0000-0000-0000-000000000045</guid>
+    <short-name>user45</short-name>
+    <password>user45</password>
+    <full-name>User 45</full-name>
+    <email>user45@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000046</uid>
+    <guid>10000000-0000-0000-0000-000000000046</guid>
+    <short-name>user46</short-name>
+    <password>user46</password>
+    <full-name>User 46</full-name>
+    <email>user46@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000047</uid>
+    <guid>10000000-0000-0000-0000-000000000047</guid>
+    <short-name>user47</short-name>
+    <password>user47</password>
+    <full-name>User 47</full-name>
+    <email>user47@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000048</uid>
+    <guid>10000000-0000-0000-0000-000000000048</guid>
+    <short-name>user48</short-name>
+    <password>user48</password>
+    <full-name>User 48</full-name>
+    <email>user48@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000049</uid>
+    <guid>10000000-0000-0000-0000-000000000049</guid>
+    <short-name>user49</short-name>
+    <password>user49</password>
+    <full-name>User 49</full-name>
+    <email>user49@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000050</uid>
+    <guid>10000000-0000-0000-0000-000000000050</guid>
+    <short-name>user50</short-name>
+    <password>user50</password>
+    <full-name>User 50</full-name>
+    <email>user50@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000051</uid>
+    <guid>10000000-0000-0000-0000-000000000051</guid>
+    <short-name>user51</short-name>
+    <password>user51</password>
+    <full-name>User 51</full-name>
+    <email>user51@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000052</uid>
+    <guid>10000000-0000-0000-0000-000000000052</guid>
+    <short-name>user52</short-name>
+    <password>user52</password>
+    <full-name>User 52</full-name>
+    <email>user52@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000053</uid>
+    <guid>10000000-0000-0000-0000-000000000053</guid>
+    <short-name>user53</short-name>
+    <password>user53</password>
+    <full-name>User 53</full-name>
+    <email>user53@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000054</uid>
+    <guid>10000000-0000-0000-0000-000000000054</guid>
+    <short-name>user54</short-name>
+    <password>user54</password>
+    <full-name>User 54</full-name>
+    <email>user54@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000055</uid>
+    <guid>10000000-0000-0000-0000-000000000055</guid>
+    <short-name>user55</short-name>
+    <password>user55</password>
+    <full-name>User 55</full-name>
+    <email>user55@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000056</uid>
+    <guid>10000000-0000-0000-0000-000000000056</guid>
+    <short-name>user56</short-name>
+    <password>user56</password>
+    <full-name>User 56</full-name>
+    <email>user56@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000057</uid>
+    <guid>10000000-0000-0000-0000-000000000057</guid>
+    <short-name>user57</short-name>
+    <password>user57</password>
+    <full-name>User 57</full-name>
+    <email>user57@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000058</uid>
+    <guid>10000000-0000-0000-0000-000000000058</guid>
+    <short-name>user58</short-name>
+    <password>user58</password>
+    <full-name>User 58</full-name>
+    <email>user58@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000059</uid>
+    <guid>10000000-0000-0000-0000-000000000059</guid>
+    <short-name>user59</short-name>
+    <password>user59</password>
+    <full-name>User 59</full-name>
+    <email>user59@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000060</uid>
+    <guid>10000000-0000-0000-0000-000000000060</guid>
+    <short-name>user60</short-name>
+    <password>user60</password>
+    <full-name>User 60</full-name>
+    <email>user60@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000061</uid>
+    <guid>10000000-0000-0000-0000-000000000061</guid>
+    <short-name>user61</short-name>
+    <password>user61</password>
+    <full-name>User 61</full-name>
+    <email>user61@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000062</uid>
+    <guid>10000000-0000-0000-0000-000000000062</guid>
+    <short-name>user62</short-name>
+    <password>user62</password>
+    <full-name>User 62</full-name>
+    <email>user62@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000063</uid>
+    <guid>10000000-0000-0000-0000-000000000063</guid>
+    <short-name>user63</short-name>
+    <password>user63</password>
+    <full-name>User 63</full-name>
+    <email>user63@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000064</uid>
+    <guid>10000000-0000-0000-0000-000000000064</guid>
+    <short-name>user64</short-name>
+    <password>user64</password>
+    <full-name>User 64</full-name>
+    <email>user64@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000065</uid>
+    <guid>10000000-0000-0000-0000-000000000065</guid>
+    <short-name>user65</short-name>
+    <password>user65</password>
+    <full-name>User 65</full-name>
+    <email>user65@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000066</uid>
+    <guid>10000000-0000-0000-0000-000000000066</guid>
+    <short-name>user66</short-name>
+    <password>user66</password>
+    <full-name>User 66</full-name>
+    <email>user66@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000067</uid>
+    <guid>10000000-0000-0000-0000-000000000067</guid>
+    <short-name>user67</short-name>
+    <password>user67</password>
+    <full-name>User 67</full-name>
+    <email>user67@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000068</uid>
+    <guid>10000000-0000-0000-0000-000000000068</guid>
+    <short-name>user68</short-name>
+    <password>user68</password>
+    <full-name>User 68</full-name>
+    <email>user68@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000069</uid>
+    <guid>10000000-0000-0000-0000-000000000069</guid>
+    <short-name>user69</short-name>
+    <password>user69</password>
+    <full-name>User 69</full-name>
+    <email>user69@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000070</uid>
+    <guid>10000000-0000-0000-0000-000000000070</guid>
+    <short-name>user70</short-name>
+    <password>user70</password>
+    <full-name>User 70</full-name>
+    <email>user70@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000071</uid>
+    <guid>10000000-0000-0000-0000-000000000071</guid>
+    <short-name>user71</short-name>
+    <password>user71</password>
+    <full-name>User 71</full-name>
+    <email>user71@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000072</uid>
+    <guid>10000000-0000-0000-0000-000000000072</guid>
+    <short-name>user72</short-name>
+    <password>user72</password>
+    <full-name>User 72</full-name>
+    <email>user72@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000073</uid>
+    <guid>10000000-0000-0000-0000-000000000073</guid>
+    <short-name>user73</short-name>
+    <password>user73</password>
+    <full-name>User 73</full-name>
+    <email>user73@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000074</uid>
+    <guid>10000000-0000-0000-0000-000000000074</guid>
+    <short-name>user74</short-name>
+    <password>user74</password>
+    <full-name>User 74</full-name>
+    <email>user74@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000075</uid>
+    <guid>10000000-0000-0000-0000-000000000075</guid>
+    <short-name>user75</short-name>
+    <password>user75</password>
+    <full-name>User 75</full-name>
+    <email>user75@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000076</uid>
+    <guid>10000000-0000-0000-0000-000000000076</guid>
+    <short-name>user76</short-name>
+    <password>user76</password>
+    <full-name>User 76</full-name>
+    <email>user76@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000077</uid>
+    <guid>10000000-0000-0000-0000-000000000077</guid>
+    <short-name>user77</short-name>
+    <password>user77</password>
+    <full-name>User 77</full-name>
+    <email>user77@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000078</uid>
+    <guid>10000000-0000-0000-0000-000000000078</guid>
+    <short-name>user78</short-name>
+    <password>user78</password>
+    <full-name>User 78</full-name>
+    <email>user78@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000079</uid>
+    <guid>10000000-0000-0000-0000-000000000079</guid>
+    <short-name>user79</short-name>
+    <password>user79</password>
+    <full-name>User 79</full-name>
+    <email>user79@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000080</uid>
+    <guid>10000000-0000-0000-0000-000000000080</guid>
+    <short-name>user80</short-name>
+    <password>user80</password>
+    <full-name>User 80</full-name>
+    <email>user80@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000081</uid>
+    <guid>10000000-0000-0000-0000-000000000081</guid>
+    <short-name>user81</short-name>
+    <password>user81</password>
+    <full-name>User 81</full-name>
+    <email>user81@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000082</uid>
+    <guid>10000000-0000-0000-0000-000000000082</guid>
+    <short-name>user82</short-name>
+    <password>user82</password>
+    <full-name>User 82</full-name>
+    <email>user82@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000083</uid>
+    <guid>10000000-0000-0000-0000-000000000083</guid>
+    <short-name>user83</short-name>
+    <password>user83</password>
+    <full-name>User 83</full-name>
+    <email>user83@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000084</uid>
+    <guid>10000000-0000-0000-0000-000000000084</guid>
+    <short-name>user84</short-name>
+    <password>user84</password>
+    <full-name>User 84</full-name>
+    <email>user84@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000085</uid>
+    <guid>10000000-0000-0000-0000-000000000085</guid>
+    <short-name>user85</short-name>
+    <password>user85</password>
+    <full-name>User 85</full-name>
+    <email>user85@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000086</uid>
+    <guid>10000000-0000-0000-0000-000000000086</guid>
+    <short-name>user86</short-name>
+    <password>user86</password>
+    <full-name>User 86</full-name>
+    <email>user86@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000087</uid>
+    <guid>10000000-0000-0000-0000-000000000087</guid>
+    <short-name>user87</short-name>
+    <password>user87</password>
+    <full-name>User 87</full-name>
+    <email>user87@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000088</uid>
+    <guid>10000000-0000-0000-0000-000000000088</guid>
+    <short-name>user88</short-name>
+    <password>user88</password>
+    <full-name>User 88</full-name>
+    <email>user88@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000089</uid>
+    <guid>10000000-0000-0000-0000-000000000089</guid>
+    <short-name>user89</short-name>
+    <password>user89</password>
+    <full-name>User 89</full-name>
+    <email>user89@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000090</uid>
+    <guid>10000000-0000-0000-0000-000000000090</guid>
+    <short-name>user90</short-name>
+    <password>user90</password>
+    <full-name>User 90</full-name>
+    <email>user90@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000091</uid>
+    <guid>10000000-0000-0000-0000-000000000091</guid>
+    <short-name>user91</short-name>
+    <password>user91</password>
+    <full-name>User 91</full-name>
+    <email>user91@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000092</uid>
+    <guid>10000000-0000-0000-0000-000000000092</guid>
+    <short-name>user92</short-name>
+    <password>user92</password>
+    <full-name>User 92</full-name>
+    <email>user92@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000093</uid>
+    <guid>10000000-0000-0000-0000-000000000093</guid>
+    <short-name>user93</short-name>
+    <password>user93</password>
+    <full-name>User 93</full-name>
+    <email>user93@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000094</uid>
+    <guid>10000000-0000-0000-0000-000000000094</guid>
+    <short-name>user94</short-name>
+    <password>user94</password>
+    <full-name>User 94</full-name>
+    <email>user94@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000095</uid>
+    <guid>10000000-0000-0000-0000-000000000095</guid>
+    <short-name>user95</short-name>
+    <password>user95</password>
+    <full-name>User 95</full-name>
+    <email>user95@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000096</uid>
+    <guid>10000000-0000-0000-0000-000000000096</guid>
+    <short-name>user96</short-name>
+    <password>user96</password>
+    <full-name>User 96</full-name>
+    <email>user96@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000097</uid>
+    <guid>10000000-0000-0000-0000-000000000097</guid>
+    <short-name>user97</short-name>
+    <password>user97</password>
+    <full-name>User 97</full-name>
+    <email>user97@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000098</uid>
+    <guid>10000000-0000-0000-0000-000000000098</guid>
+    <short-name>user98</short-name>
+    <password>user98</password>
+    <full-name>User 98</full-name>
+    <email>user98@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000099</uid>
+    <guid>10000000-0000-0000-0000-000000000099</guid>
+    <short-name>user99</short-name>
+    <password>user99</password>
+    <full-name>User 99</full-name>
+    <email>user99@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000100</uid>
+    <guid>10000000-0000-0000-0000-000000000100</guid>
+    <short-name>user100</short-name>
+    <password>user100</password>
+    <full-name>User 100</full-name>
+    <email>user100@example.com</email>
+</record>
+<record type="user">
+    <uid>10000000-0000-0000-0000-000000000101</uid>
+    <guid>10000000-0000-0000-0000-000000000101</guid>
+    <short-name>user101</short-name>
+    <password>user101</password>
+    <full-name>User 101</full-name>
+    <email>user101@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000001</uid>
+    <guid>50000000-0000-0000-0000-000000000001</guid>
+    <short-name>public01</short-name>
+    <password>public01</password>
+    <full-name>Public 01</full-name>
+    <email>public01@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000002</uid>
+    <guid>50000000-0000-0000-0000-000000000002</guid>
+    <short-name>public02</short-name>
+    <password>public02</password>
+    <full-name>Public 02</full-name>
+    <email>public02@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000003</uid>
+    <guid>50000000-0000-0000-0000-000000000003</guid>
+    <short-name>public03</short-name>
+    <password>public03</password>
+    <full-name>Public 03</full-name>
+    <email>public03@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000004</uid>
+    <guid>50000000-0000-0000-0000-000000000004</guid>
+    <short-name>public04</short-name>
+    <password>public04</password>
+    <full-name>Public 04</full-name>
+    <email>public04@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000005</uid>
+    <guid>50000000-0000-0000-0000-000000000005</guid>
+    <short-name>public05</short-name>
+    <password>public05</password>
+    <full-name>Public 05</full-name>
+    <email>public05@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000006</uid>
+    <guid>50000000-0000-0000-0000-000000000006</guid>
+    <short-name>public06</short-name>
+    <password>public06</password>
+    <full-name>Public 06</full-name>
+    <email>public06@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000007</uid>
+    <guid>50000000-0000-0000-0000-000000000007</guid>
+    <short-name>public07</short-name>
+    <password>public07</password>
+    <full-name>Public 07</full-name>
+    <email>public07@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000008</uid>
+    <guid>50000000-0000-0000-0000-000000000008</guid>
+    <short-name>public08</short-name>
+    <password>public08</password>
+    <full-name>Public 08</full-name>
+    <email>public08@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000009</uid>
+    <guid>50000000-0000-0000-0000-000000000009</guid>
+    <short-name>public09</short-name>
+    <password>public09</password>
+    <full-name>Public 09</full-name>
+    <email>public09@example.com</email>
+</record>
+<record type="user">
+    <uid>50000000-0000-0000-0000-000000000010</uid>
+    <guid>50000000-0000-0000-0000-000000000010</guid>
+    <short-name>public10</short-name>
+    <password>public10</password>
+    <full-name>Public 10</full-name>
+    <email>public10@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000001</uid>
+    <guid>20000000-0000-0000-0000-000000000001</guid>
+    <short-name>group01</short-name>
+    <full-name>Group 01</full-name>
+    <email>group01@example.com</email>
+    <member-uid>10000000-0000-0000-0000-000000000001</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000002</uid>
+    <guid>20000000-0000-0000-0000-000000000002</guid>
+    <short-name>group02</short-name>
+    <full-name>Group 02</full-name>
+    <email>group02@example.com</email>
+    <member-uid>10000000-0000-0000-0000-000000000006</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000007</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000003</uid>
+    <guid>20000000-0000-0000-0000-000000000003</guid>
+    <short-name>group03</short-name>
+    <full-name>Group 03</full-name>
+    <email>group03@example.com</email>
+    <member-uid>10000000-0000-0000-0000-000000000008</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000009</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000004</uid>
+    <guid>20000000-0000-0000-0000-000000000004</guid>
+    <short-name>group04</short-name>
+    <full-name>Group 04</full-name>
+    <email>group04@example.com</email>
+    <member-uid>20000000-0000-0000-0000-000000000002</member-uid>
+    <member-uid>20000000-0000-0000-0000-000000000003</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000010</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000005</uid>
+    <guid>20000000-0000-0000-0000-000000000005</guid>
+    <short-name>group05</short-name>
+    <full-name>Group 05</full-name>
+    <email>group05@example.com</email>
+    <member-uid>20000000-0000-0000-0000-000000000006</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000020</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000006</uid>
+    <guid>20000000-0000-0000-0000-000000000006</guid>
+    <short-name>group06</short-name>
+    <full-name>Group 06</full-name>
+    <email>group06@example.com</email>
+    <member-uid>10000000-0000-0000-0000-000000000021</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000007</uid>
+    <guid>20000000-0000-0000-0000-000000000007</guid>
+    <short-name>group07</short-name>
+    <full-name>Group 07</full-name>
+    <email>group07@example.com</email>
+    <member-uid>10000000-0000-0000-0000-000000000022</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000023</member-uid>
+    <member-uid>10000000-0000-0000-0000-000000000024</member-uid>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000008</uid>
+    <guid>20000000-0000-0000-0000-000000000008</guid>
+    <short-name>group08</short-name>
+    <full-name>Group 08</full-name>
+    <email>group08@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000009</uid>
+    <guid>20000000-0000-0000-0000-000000000009</guid>
+    <short-name>group09</short-name>
+    <full-name>Group 09</full-name>
+    <email>group09@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000010</uid>
+    <guid>20000000-0000-0000-0000-000000000010</guid>
+    <short-name>group10</short-name>
+    <full-name>Group 10</full-name>
+    <email>group10@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000011</uid>
+    <guid>20000000-0000-0000-0000-000000000011</guid>
+    <short-name>group11</short-name>
+    <full-name>Group 11</full-name>
+    <email>group11@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000012</uid>
+    <guid>20000000-0000-0000-0000-000000000012</guid>
+    <short-name>group12</short-name>
+    <full-name>Group 12</full-name>
+    <email>group12@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000013</uid>
+    <guid>20000000-0000-0000-0000-000000000013</guid>
+    <short-name>group13</short-name>
+    <full-name>Group 13</full-name>
+    <email>group13@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000014</uid>
+    <guid>20000000-0000-0000-0000-000000000014</guid>
+    <short-name>group14</short-name>
+    <full-name>Group 14</full-name>
+    <email>group14@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000015</uid>
+    <guid>20000000-0000-0000-0000-000000000015</guid>
+    <short-name>group15</short-name>
+    <full-name>Group 15</full-name>
+    <email>group15@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000016</uid>
+    <guid>20000000-0000-0000-0000-000000000016</guid>
+    <short-name>group16</short-name>
+    <full-name>Group 16</full-name>
+    <email>group16@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000017</uid>
+    <guid>20000000-0000-0000-0000-000000000017</guid>
+    <short-name>group17</short-name>
+    <full-name>Group 17</full-name>
+    <email>group17@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000018</uid>
+    <guid>20000000-0000-0000-0000-000000000018</guid>
+    <short-name>group18</short-name>
+    <full-name>Group 18</full-name>
+    <email>group18@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000019</uid>
+    <guid>20000000-0000-0000-0000-000000000019</guid>
+    <short-name>group19</short-name>
+    <full-name>Group 19</full-name>
+    <email>group19@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000020</uid>
+    <guid>20000000-0000-0000-0000-000000000020</guid>
+    <short-name>group20</short-name>
+    <full-name>Group 20</full-name>
+    <email>group20@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000021</uid>
+    <guid>20000000-0000-0000-0000-000000000021</guid>
+    <short-name>group21</short-name>
+    <full-name>Group 21</full-name>
+    <email>group21@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000022</uid>
+    <guid>20000000-0000-0000-0000-000000000022</guid>
+    <short-name>group22</short-name>
+    <full-name>Group 22</full-name>
+    <email>group22@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000023</uid>
+    <guid>20000000-0000-0000-0000-000000000023</guid>
+    <short-name>group23</short-name>
+    <full-name>Group 23</full-name>
+    <email>group23@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000024</uid>
+    <guid>20000000-0000-0000-0000-000000000024</guid>
+    <short-name>group24</short-name>
+    <full-name>Group 24</full-name>
+    <email>group24@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000025</uid>
+    <guid>20000000-0000-0000-0000-000000000025</guid>
+    <short-name>group25</short-name>
+    <full-name>Group 25</full-name>
+    <email>group25@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000026</uid>
+    <guid>20000000-0000-0000-0000-000000000026</guid>
+    <short-name>group26</short-name>
+    <full-name>Group 26</full-name>
+    <email>group26@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000027</uid>
+    <guid>20000000-0000-0000-0000-000000000027</guid>
+    <short-name>group27</short-name>
+    <full-name>Group 27</full-name>
+    <email>group27@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000028</uid>
+    <guid>20000000-0000-0000-0000-000000000028</guid>
+    <short-name>group28</short-name>
+    <full-name>Group 28</full-name>
+    <email>group28@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000029</uid>
+    <guid>20000000-0000-0000-0000-000000000029</guid>
+    <short-name>group29</short-name>
+    <full-name>Group 29</full-name>
+    <email>group29@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000030</uid>
+    <guid>20000000-0000-0000-0000-000000000030</guid>
+    <short-name>group30</short-name>
+    <full-name>Group 30</full-name>
+    <email>group30@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000031</uid>
+    <guid>20000000-0000-0000-0000-000000000031</guid>
+    <short-name>group31</short-name>
+    <full-name>Group 31</full-name>
+    <email>group31@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000032</uid>
+    <guid>20000000-0000-0000-0000-000000000032</guid>
+    <short-name>group32</short-name>
+    <full-name>Group 32</full-name>
+    <email>group32@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000033</uid>
+    <guid>20000000-0000-0000-0000-000000000033</guid>
+    <short-name>group33</short-name>
+    <full-name>Group 33</full-name>
+    <email>group33@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000034</uid>
+    <guid>20000000-0000-0000-0000-000000000034</guid>
+    <short-name>group34</short-name>
+    <full-name>Group 34</full-name>
+    <email>group34@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000035</uid>
+    <guid>20000000-0000-0000-0000-000000000035</guid>
+    <short-name>group35</short-name>
+    <full-name>Group 35</full-name>
+    <email>group35@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000036</uid>
+    <guid>20000000-0000-0000-0000-000000000036</guid>
+    <short-name>group36</short-name>
+    <full-name>Group 36</full-name>
+    <email>group36@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000037</uid>
+    <guid>20000000-0000-0000-0000-000000000037</guid>
+    <short-name>group37</short-name>
+    <full-name>Group 37</full-name>
+    <email>group37@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000038</uid>
+    <guid>20000000-0000-0000-0000-000000000038</guid>
+    <short-name>group38</short-name>
+    <full-name>Group 38</full-name>
+    <email>group38@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000039</uid>
+    <guid>20000000-0000-0000-0000-000000000039</guid>
+    <short-name>group39</short-name>
+    <full-name>Group 39</full-name>
+    <email>group39@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000040</uid>
+    <guid>20000000-0000-0000-0000-000000000040</guid>
+    <short-name>group40</short-name>
+    <full-name>Group 40</full-name>
+    <email>group40@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000041</uid>
+    <guid>20000000-0000-0000-0000-000000000041</guid>
+    <short-name>group41</short-name>
+    <full-name>Group 41</full-name>
+    <email>group41@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000042</uid>
+    <guid>20000000-0000-0000-0000-000000000042</guid>
+    <short-name>group42</short-name>
+    <full-name>Group 42</full-name>
+    <email>group42@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000043</uid>
+    <guid>20000000-0000-0000-0000-000000000043</guid>
+    <short-name>group43</short-name>
+    <full-name>Group 43</full-name>
+    <email>group43@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000044</uid>
+    <guid>20000000-0000-0000-0000-000000000044</guid>
+    <short-name>group44</short-name>
+    <full-name>Group 44</full-name>
+    <email>group44@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000045</uid>
+    <guid>20000000-0000-0000-0000-000000000045</guid>
+    <short-name>group45</short-name>
+    <full-name>Group 45</full-name>
+    <email>group45@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000046</uid>
+    <guid>20000000-0000-0000-0000-000000000046</guid>
+    <short-name>group46</short-name>
+    <full-name>Group 46</full-name>
+    <email>group46@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000047</uid>
+    <guid>20000000-0000-0000-0000-000000000047</guid>
+    <short-name>group47</short-name>
+    <full-name>Group 47</full-name>
+    <email>group47@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000048</uid>
+    <guid>20000000-0000-0000-0000-000000000048</guid>
+    <short-name>group48</short-name>
+    <full-name>Group 48</full-name>
+    <email>group48@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000049</uid>
+    <guid>20000000-0000-0000-0000-000000000049</guid>
+    <short-name>group49</short-name>
+    <full-name>Group 49</full-name>
+    <email>group49@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000050</uid>
+    <guid>20000000-0000-0000-0000-000000000050</guid>
+    <short-name>group50</short-name>
+    <full-name>Group 50</full-name>
+    <email>group50@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000051</uid>
+    <guid>20000000-0000-0000-0000-000000000051</guid>
+    <short-name>group51</short-name>
+    <full-name>Group 51</full-name>
+    <email>group51@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000052</uid>
+    <guid>20000000-0000-0000-0000-000000000052</guid>
+    <short-name>group52</short-name>
+    <full-name>Group 52</full-name>
+    <email>group52@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000053</uid>
+    <guid>20000000-0000-0000-0000-000000000053</guid>
+    <short-name>group53</short-name>
+    <full-name>Group 53</full-name>
+    <email>group53@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000054</uid>
+    <guid>20000000-0000-0000-0000-000000000054</guid>
+    <short-name>group54</short-name>
+    <full-name>Group 54</full-name>
+    <email>group54@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000055</uid>
+    <guid>20000000-0000-0000-0000-000000000055</guid>
+    <short-name>group55</short-name>
+    <full-name>Group 55</full-name>
+    <email>group55@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000056</uid>
+    <guid>20000000-0000-0000-0000-000000000056</guid>
+    <short-name>group56</short-name>
+    <full-name>Group 56</full-name>
+    <email>group56@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000057</uid>
+    <guid>20000000-0000-0000-0000-000000000057</guid>
+    <short-name>group57</short-name>
+    <full-name>Group 57</full-name>
+    <email>group57@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000058</uid>
+    <guid>20000000-0000-0000-0000-000000000058</guid>
+    <short-name>group58</short-name>
+    <full-name>Group 58</full-name>
+    <email>group58@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000059</uid>
+    <guid>20000000-0000-0000-0000-000000000059</guid>
+    <short-name>group59</short-name>
+    <full-name>Group 59</full-name>
+    <email>group59@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000060</uid>
+    <guid>20000000-0000-0000-0000-000000000060</guid>
+    <short-name>group60</short-name>
+    <full-name>Group 60</full-name>
+    <email>group60@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000061</uid>
+    <guid>20000000-0000-0000-0000-000000000061</guid>
+    <short-name>group61</short-name>
+    <full-name>Group 61</full-name>
+    <email>group61@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000062</uid>
+    <guid>20000000-0000-0000-0000-000000000062</guid>
+    <short-name>group62</short-name>
+    <full-name>Group 62</full-name>
+    <email>group62@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000063</uid>
+    <guid>20000000-0000-0000-0000-000000000063</guid>
+    <short-name>group63</short-name>
+    <full-name>Group 63</full-name>
+    <email>group63@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000064</uid>
+    <guid>20000000-0000-0000-0000-000000000064</guid>
+    <short-name>group64</short-name>
+    <full-name>Group 64</full-name>
+    <email>group64@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000065</uid>
+    <guid>20000000-0000-0000-0000-000000000065</guid>
+    <short-name>group65</short-name>
+    <full-name>Group 65</full-name>
+    <email>group65@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000066</uid>
+    <guid>20000000-0000-0000-0000-000000000066</guid>
+    <short-name>group66</short-name>
+    <full-name>Group 66</full-name>
+    <email>group66@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000067</uid>
+    <guid>20000000-0000-0000-0000-000000000067</guid>
+    <short-name>group67</short-name>
+    <full-name>Group 67</full-name>
+    <email>group67@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000068</uid>
+    <guid>20000000-0000-0000-0000-000000000068</guid>
+    <short-name>group68</short-name>
+    <full-name>Group 68</full-name>
+    <email>group68@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000069</uid>
+    <guid>20000000-0000-0000-0000-000000000069</guid>
+    <short-name>group69</short-name>
+    <full-name>Group 69</full-name>
+    <email>group69@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000070</uid>
+    <guid>20000000-0000-0000-0000-000000000070</guid>
+    <short-name>group70</short-name>
+    <full-name>Group 70</full-name>
+    <email>group70@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000071</uid>
+    <guid>20000000-0000-0000-0000-000000000071</guid>
+    <short-name>group71</short-name>
+    <full-name>Group 71</full-name>
+    <email>group71@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000072</uid>
+    <guid>20000000-0000-0000-0000-000000000072</guid>
+    <short-name>group72</short-name>
+    <full-name>Group 72</full-name>
+    <email>group72@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000073</uid>
+    <guid>20000000-0000-0000-0000-000000000073</guid>
+    <short-name>group73</short-name>
+    <full-name>Group 73</full-name>
+    <email>group73@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000074</uid>
+    <guid>20000000-0000-0000-0000-000000000074</guid>
+    <short-name>group74</short-name>
+    <full-name>Group 74</full-name>
+    <email>group74@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000075</uid>
+    <guid>20000000-0000-0000-0000-000000000075</guid>
+    <short-name>group75</short-name>
+    <full-name>Group 75</full-name>
+    <email>group75@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000076</uid>
+    <guid>20000000-0000-0000-0000-000000000076</guid>
+    <short-name>group76</short-name>
+    <full-name>Group 76</full-name>
+    <email>group76@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000077</uid>
+    <guid>20000000-0000-0000-0000-000000000077</guid>
+    <short-name>group77</short-name>
+    <full-name>Group 77</full-name>
+    <email>group77@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000078</uid>
+    <guid>20000000-0000-0000-0000-000000000078</guid>
+    <short-name>group78</short-name>
+    <full-name>Group 78</full-name>
+    <email>group78@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000079</uid>
+    <guid>20000000-0000-0000-0000-000000000079</guid>
+    <short-name>group79</short-name>
+    <full-name>Group 79</full-name>
+    <email>group79@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000080</uid>
+    <guid>20000000-0000-0000-0000-000000000080</guid>
+    <short-name>group80</short-name>
+    <full-name>Group 80</full-name>
+    <email>group80@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000081</uid>
+    <guid>20000000-0000-0000-0000-000000000081</guid>
+    <short-name>group81</short-name>
+    <full-name>Group 81</full-name>
+    <email>group81@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000082</uid>
+    <guid>20000000-0000-0000-0000-000000000082</guid>
+    <short-name>group82</short-name>
+    <full-name>Group 82</full-name>
+    <email>group82@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000083</uid>
+    <guid>20000000-0000-0000-0000-000000000083</guid>
+    <short-name>group83</short-name>
+    <full-name>Group 83</full-name>
+    <email>group83@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000084</uid>
+    <guid>20000000-0000-0000-0000-000000000084</guid>
+    <short-name>group84</short-name>
+    <full-name>Group 84</full-name>
+    <email>group84@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000085</uid>
+    <guid>20000000-0000-0000-0000-000000000085</guid>
+    <short-name>group85</short-name>
+    <full-name>Group 85</full-name>
+    <email>group85@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000086</uid>
+    <guid>20000000-0000-0000-0000-000000000086</guid>
+    <short-name>group86</short-name>
+    <full-name>Group 86</full-name>
+    <email>group86@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000087</uid>
+    <guid>20000000-0000-0000-0000-000000000087</guid>
+    <short-name>group87</short-name>
+    <full-name>Group 87</full-name>
+    <email>group87@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000088</uid>
+    <guid>20000000-0000-0000-0000-000000000088</guid>
+    <short-name>group88</short-name>
+    <full-name>Group 88</full-name>
+    <email>group88@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000089</uid>
+    <guid>20000000-0000-0000-0000-000000000089</guid>
+    <short-name>group89</short-name>
+    <full-name>Group 89</full-name>
+    <email>group89@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000090</uid>
+    <guid>20000000-0000-0000-0000-000000000090</guid>
+    <short-name>group90</short-name>
+    <full-name>Group 90</full-name>
+    <email>group90@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000091</uid>
+    <guid>20000000-0000-0000-0000-000000000091</guid>
+    <short-name>group91</short-name>
+    <full-name>Group 91</full-name>
+    <email>group91@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000092</uid>
+    <guid>20000000-0000-0000-0000-000000000092</guid>
+    <short-name>group92</short-name>
+    <full-name>Group 92</full-name>
+    <email>group92@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000093</uid>
+    <guid>20000000-0000-0000-0000-000000000093</guid>
+    <short-name>group93</short-name>
+    <full-name>Group 93</full-name>
+    <email>group93@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000094</uid>
+    <guid>20000000-0000-0000-0000-000000000094</guid>
+    <short-name>group94</short-name>
+    <full-name>Group 94</full-name>
+    <email>group94@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000095</uid>
+    <guid>20000000-0000-0000-0000-000000000095</guid>
+    <short-name>group95</short-name>
+    <full-name>Group 95</full-name>
+    <email>group95@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000096</uid>
+    <guid>20000000-0000-0000-0000-000000000096</guid>
+    <short-name>group96</short-name>
+    <full-name>Group 96</full-name>
+    <email>group96@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000097</uid>
+    <guid>20000000-0000-0000-0000-000000000097</guid>
+    <short-name>group97</short-name>
+    <full-name>Group 97</full-name>
+    <email>group97@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000098</uid>
+    <guid>20000000-0000-0000-0000-000000000098</guid>
+    <short-name>group98</short-name>
+    <full-name>Group 98</full-name>
+    <email>group98@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000099</uid>
+    <guid>20000000-0000-0000-0000-000000000099</guid>
+    <short-name>group99</short-name>
+    <full-name>Group 99</full-name>
+    <email>group99@example.com</email>
+</record>
+<record type="group">
+    <uid>20000000-0000-0000-0000-000000000100</uid>
+    <guid>20000000-0000-0000-0000-000000000100</guid>
+    <short-name>group100</short-name>
+    <full-name>Group 100</full-name>
+    <email>group100@example.com</email>
+</record>
+</directory>
diff --git a/contrib/docker/samples/xml/conf/accounts.xml b/contrib/docker/samples/xml/conf/accounts.xml
deleted file mode 100644
index 8030f5863..000000000
--- a/contrib/docker/samples/xml/conf/accounts.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-
-<!--
-Copyright (c) 2006-2017 Apple Inc. All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
- -->
-
-<!DOCTYPE accounts SYSTEM "accounts.dtd">
-
-<directory realm="Test Realm">
-<record>
-    <uid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</uid>
-    <guid>0C8BDE62-E600-4696-83D3-8B5ECABDFD2E</guid>
-    <short-name>admin</short-name>
-    <password>admin</password>
-    <full-name>Super User</full-name>
-    <email>admin@example.com</email>
-</record>
-<record>
-    <uid>29B6C503-11DF-43EC-8CCA-40C7003149CE</uid>
-    <guid>29B6C503-11DF-43EC-8CCA-40C7003149CE</guid>
-    <short-name>test</short-name>
-    <password>test</password>
-    <full-name>Test User</full-name>
-    <email>test@example.com</email>
-</record>
-</directory>
diff --git a/contrib/docker/samples/xml/conf/augments-test.xml b/contrib/docker/samples/xml/conf/augments-test.xml
new file mode 100644
index 000000000..bd579e825
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/augments-test.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE augments SYSTEM "augments.dtd">
+
+<augments>
+<record>
+    <uid>Default</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+</record>
+<record>
+    <uid>Location-Default</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>automatic</auto-schedule-mode>
+</record>
+<record>
+    <uid>Resource-Default</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>automatic</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000005</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>none</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000006</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>accept-always</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000007</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>decline-always</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000008</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>accept-if-free</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000009</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>decline-if-busy</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000010</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>automatic</auto-schedule-mode>
+</record>
+<record>
+    <uid>40000000-0000-0000-0000-000000000011</uid>
+    <enable-calendar>true</enable-calendar>
+    <enable-addressbook>true</enable-addressbook>
+    <auto-schedule-mode>decline-always</auto-schedule-mode>
+    <auto-accept-group>20000000-0000-0000-0000-000000000001</auto-accept-group>
+</record>
+</augments>
diff --git a/contrib/docker/samples/xml/conf/caldavd.ext.plist b/contrib/docker/samples/xml/conf/caldavd.ext.plist
index 5b6d5353d..c0e26ef1c 100644
--- a/contrib/docker/samples/xml/conf/caldavd.ext.plist
+++ b/contrib/docker/samples/xml/conf/caldavd.ext.plist
@@ -38,9 +38,91 @@
       <key>params</key>
       <dict>
         <key>xmlFile</key>
-        <string>/etc/caldavd/accounts.xml</string>
+        <string>/etc/caldavd/accounts-test.xml</string>
       </dict>
     </dict>
 
+    <!-- The realm to use for Digest Auth -->
+    <key>DirectoryRealmName</key>
+    <string>Test Realm</string>
+
+    <!-- Resource and Location Service -->
+    <key>ResourceService</key>
+    <dict>
+      <key>Enabled</key>
+      <true/>
+      <key>type</key>
+      <string>xml</string>
+
+      <key>params</key>
+      <dict>
+        <key>xmlFile</key>
+        <string>/etc/caldavd/resources-test.xml</string>
+      </dict>
+    </dict>
+
+    <!-- XML File Augment Service -->
+    <key>AugmentService</key>
+    <dict>
+      <key>type</key>
+      <string>xml</string>
+
+      <key>params</key>
+      <dict>
+        <key>xmlFiles</key>
+        <array>
+	      <string>/etc/caldavd/augments-test.xml</string>
+        </array>
+      </dict>
+    </dict>
+
+    <key>ProxyLoadFromFile</key>
+    <string>/etc/caldavd/proxies-test.xml</string>
+
+
+    <!--
+        Special principals
+
+        These principals are granted special access and/or perform
+        special roles on the server.
+      -->
+
+    <!-- Principals with "DAV:all" access (relative URLs) -->
+    <key>AdminPrincipals</key>
+    <array>
+      <string>/principals/__uids__/0C8BDE62-E600-4696-83D3-8B5ECABDFD2E/</string>
+    </array>
+
+    <!-- Principals with "DAV:read" access (relative URLs) -->
+    <key>ReadPrincipals</key>
+    <array>
+      <!-- <string>/principals/__uids__/983C8238-FB6B-4D92-9242-89C0A39E5F81/</string> -->
+    </array>
+
+    <!-- Create "proxy access" principals -->
+    <key>EnableProxyPrincipals</key>
+    <true/>
+
+
+    <!--
+        Permissions
+      -->
+
+    <!-- Anonymous read access for root resource -->
+    <key>EnableAnonymousReadRoot</key>
+    <true/>
+
+    <!-- Anonymous read access for resource hierarchy -->
+    <key>EnableAnonymousReadNav</key>
+    <false/>
+
+    <!-- Enables directory listings for principals -->
+    <key>EnablePrincipalListings</key>
+    <true/>
+
+    <!-- Render calendar collections as a monolithic iCalendar object -->
+    <key>EnableMonolithicCalendars</key>
+    <true/>
+    
   </dict>
 </plist>
diff --git a/contrib/docker/samples/xml/conf/proxies-test.xml b/contrib/docker/samples/xml/conf/proxies-test.xml
new file mode 100644
index 000000000..05fe0f05a
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/proxies-test.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE proxies SYSTEM "proxies.dtd">
+
+<proxies>
+<record>
+    <guid>40000000-0000-0000-0000-000000000001</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000002</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000003</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000004</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000005</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000006</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000007</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000008</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000009</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>40000000-0000-0000-0000-000000000010</guid>
+    <write-proxies>
+    <member>10000000-0000-0000-0000-000000000001</member>
+    </write-proxies>
+    <read-proxies>
+    <member>10000000-0000-0000-0000-000000000003</member>
+    </read-proxies>
+</record>
+<record>
+    <guid>delegatedroom</guid>
+    <write-proxies>
+    <member>20000000-0000-0000-0000-000000000005</member>
+    </write-proxies>
+    <read-proxies>
+    </read-proxies>
+</record>
+</proxies>
diff --git a/contrib/docker/samples/xml/conf/resources-test.xml b/contrib/docker/samples/xml/conf/resources-test.xml
new file mode 100755
index 000000000..a7edc2ea3
--- /dev/null
+++ b/contrib/docker/samples/xml/conf/resources-test.xml
@@ -0,0 +1,1253 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2017 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE accounts SYSTEM "accounts.dtd">
+
+<directory realm="Test Realm Resources">
+<record type="location">
+  <uid>pretend</uid>
+  <short-name>pretend</short-name>
+  <full-name>Pretend Conference Room</full-name>
+  <associated-address>il1</associated-address>
+</record>
+<record type="address">
+  <uid>il1</uid>
+  <short-name>il1</short-name>
+  <full-name>IL1</full-name>
+  <street-address>1 Infinite Loop, Cupertino, CA 95014</street-address>
+  <geographic-location>geo:37.331741,-122.030333</geographic-location>
+</record>
+<record type="location">
+  <uid>fantastic</uid>
+  <short-name>fantastic</short-name>
+  <full-name>Fantastic Conference Room</full-name>
+  <associated-address>il2</associated-address>
+</record>
+<record type="address">
+  <uid>il2</uid>
+  <short-name>il2</short-name>
+  <full-name>IL2</full-name>
+  <street-address>2 Infinite Loop, Cupertino, CA 95014</street-address>
+  <geographic-location>geo:37.332633,-122.030502</geographic-location>
+</record>
+<record type="location">
+  <uid>delegatedroom</uid>
+  <short-name>delegatedroom</short-name>
+  <full-name>Delegated Conference Room</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000001</uid>
+    <guid>30000000-0000-0000-0000-000000000001</guid>
+    <short-name>location01</short-name>
+    <full-name>Location 01</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000002</uid>
+    <guid>30000000-0000-0000-0000-000000000002</guid>
+    <short-name>location02</short-name>
+    <full-name>Location 02</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000003</uid>
+    <guid>30000000-0000-0000-0000-000000000003</guid>
+    <short-name>location03</short-name>
+    <full-name>Location 03</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000004</uid>
+    <guid>30000000-0000-0000-0000-000000000004</guid>
+    <short-name>location04</short-name>
+    <full-name>Location 04</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000005</uid>
+    <guid>30000000-0000-0000-0000-000000000005</guid>
+    <short-name>location05</short-name>
+    <full-name>Location 05</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000006</uid>
+    <guid>30000000-0000-0000-0000-000000000006</guid>
+    <short-name>location06</short-name>
+    <full-name>Location 06</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000007</uid>
+    <guid>30000000-0000-0000-0000-000000000007</guid>
+    <short-name>location07</short-name>
+    <full-name>Location 07</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000008</uid>
+    <guid>30000000-0000-0000-0000-000000000008</guid>
+    <short-name>location08</short-name>
+    <full-name>Location 08</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000009</uid>
+    <guid>30000000-0000-0000-0000-000000000009</guid>
+    <short-name>location09</short-name>
+    <full-name>Location 09</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000010</uid>
+    <guid>30000000-0000-0000-0000-000000000010</guid>
+    <short-name>location10</short-name>
+    <full-name>Location 10</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000011</uid>
+    <guid>30000000-0000-0000-0000-000000000011</guid>
+    <short-name>location11</short-name>
+    <full-name>Location 11</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000012</uid>
+    <guid>30000000-0000-0000-0000-000000000012</guid>
+    <short-name>location12</short-name>
+    <full-name>Location 12</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000013</uid>
+    <guid>30000000-0000-0000-0000-000000000013</guid>
+    <short-name>location13</short-name>
+    <full-name>Location 13</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000014</uid>
+    <guid>30000000-0000-0000-0000-000000000014</guid>
+    <short-name>location14</short-name>
+    <full-name>Location 14</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000015</uid>
+    <guid>30000000-0000-0000-0000-000000000015</guid>
+    <short-name>location15</short-name>
+    <full-name>Location 15</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000016</uid>
+    <guid>30000000-0000-0000-0000-000000000016</guid>
+    <short-name>location16</short-name>
+    <full-name>Location 16</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000017</uid>
+    <guid>30000000-0000-0000-0000-000000000017</guid>
+    <short-name>location17</short-name>
+    <full-name>Location 17</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000018</uid>
+    <guid>30000000-0000-0000-0000-000000000018</guid>
+    <short-name>location18</short-name>
+    <full-name>Location 18</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000019</uid>
+    <guid>30000000-0000-0000-0000-000000000019</guid>
+    <short-name>location19</short-name>
+    <full-name>Location 19</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000020</uid>
+    <guid>30000000-0000-0000-0000-000000000020</guid>
+    <short-name>location20</short-name>
+    <full-name>Location 20</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000021</uid>
+    <guid>30000000-0000-0000-0000-000000000021</guid>
+    <short-name>location21</short-name>
+    <full-name>Location 21</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000022</uid>
+    <guid>30000000-0000-0000-0000-000000000022</guid>
+    <short-name>location22</short-name>
+    <full-name>Location 22</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000023</uid>
+    <guid>30000000-0000-0000-0000-000000000023</guid>
+    <short-name>location23</short-name>
+    <full-name>Location 23</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000024</uid>
+    <guid>30000000-0000-0000-0000-000000000024</guid>
+    <short-name>location24</short-name>
+    <full-name>Location 24</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000025</uid>
+    <guid>30000000-0000-0000-0000-000000000025</guid>
+    <short-name>location25</short-name>
+    <full-name>Location 25</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000026</uid>
+    <guid>30000000-0000-0000-0000-000000000026</guid>
+    <short-name>location26</short-name>
+    <full-name>Location 26</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000027</uid>
+    <guid>30000000-0000-0000-0000-000000000027</guid>
+    <short-name>location27</short-name>
+    <full-name>Location 27</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000028</uid>
+    <guid>30000000-0000-0000-0000-000000000028</guid>
+    <short-name>location28</short-name>
+    <full-name>Location 28</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000029</uid>
+    <guid>30000000-0000-0000-0000-000000000029</guid>
+    <short-name>location29</short-name>
+    <full-name>Location 29</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000030</uid>
+    <guid>30000000-0000-0000-0000-000000000030</guid>
+    <short-name>location30</short-name>
+    <full-name>Location 30</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000031</uid>
+    <guid>30000000-0000-0000-0000-000000000031</guid>
+    <short-name>location31</short-name>
+    <full-name>Location 31</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000032</uid>
+    <guid>30000000-0000-0000-0000-000000000032</guid>
+    <short-name>location32</short-name>
+    <full-name>Location 32</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000033</uid>
+    <guid>30000000-0000-0000-0000-000000000033</guid>
+    <short-name>location33</short-name>
+    <full-name>Location 33</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000034</uid>
+    <guid>30000000-0000-0000-0000-000000000034</guid>
+    <short-name>location34</short-name>
+    <full-name>Location 34</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000035</uid>
+    <guid>30000000-0000-0000-0000-000000000035</guid>
+    <short-name>location35</short-name>
+    <full-name>Location 35</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000036</uid>
+    <guid>30000000-0000-0000-0000-000000000036</guid>
+    <short-name>location36</short-name>
+    <full-name>Location 36</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000037</uid>
+    <guid>30000000-0000-0000-0000-000000000037</guid>
+    <short-name>location37</short-name>
+    <full-name>Location 37</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000038</uid>
+    <guid>30000000-0000-0000-0000-000000000038</guid>
+    <short-name>location38</short-name>
+    <full-name>Location 38</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000039</uid>
+    <guid>30000000-0000-0000-0000-000000000039</guid>
+    <short-name>location39</short-name>
+    <full-name>Location 39</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000040</uid>
+    <guid>30000000-0000-0000-0000-000000000040</guid>
+    <short-name>location40</short-name>
+    <full-name>Location 40</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000041</uid>
+    <guid>30000000-0000-0000-0000-000000000041</guid>
+    <short-name>location41</short-name>
+    <full-name>Location 41</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000042</uid>
+    <guid>30000000-0000-0000-0000-000000000042</guid>
+    <short-name>location42</short-name>
+    <full-name>Location 42</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000043</uid>
+    <guid>30000000-0000-0000-0000-000000000043</guid>
+    <short-name>location43</short-name>
+    <full-name>Location 43</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000044</uid>
+    <guid>30000000-0000-0000-0000-000000000044</guid>
+    <short-name>location44</short-name>
+    <full-name>Location 44</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000045</uid>
+    <guid>30000000-0000-0000-0000-000000000045</guid>
+    <short-name>location45</short-name>
+    <full-name>Location 45</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000046</uid>
+    <guid>30000000-0000-0000-0000-000000000046</guid>
+    <short-name>location46</short-name>
+    <full-name>Location 46</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000047</uid>
+    <guid>30000000-0000-0000-0000-000000000047</guid>
+    <short-name>location47</short-name>
+    <full-name>Location 47</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000048</uid>
+    <guid>30000000-0000-0000-0000-000000000048</guid>
+    <short-name>location48</short-name>
+    <full-name>Location 48</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000049</uid>
+    <guid>30000000-0000-0000-0000-000000000049</guid>
+    <short-name>location49</short-name>
+    <full-name>Location 49</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000050</uid>
+    <guid>30000000-0000-0000-0000-000000000050</guid>
+    <short-name>location50</short-name>
+    <full-name>Location 50</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000051</uid>
+    <guid>30000000-0000-0000-0000-000000000051</guid>
+    <short-name>location51</short-name>
+    <full-name>Location 51</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000052</uid>
+    <guid>30000000-0000-0000-0000-000000000052</guid>
+    <short-name>location52</short-name>
+    <full-name>Location 52</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000053</uid>
+    <guid>30000000-0000-0000-0000-000000000053</guid>
+    <short-name>location53</short-name>
+    <full-name>Location 53</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000054</uid>
+    <guid>30000000-0000-0000-0000-000000000054</guid>
+    <short-name>location54</short-name>
+    <full-name>Location 54</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000055</uid>
+    <guid>30000000-0000-0000-0000-000000000055</guid>
+    <short-name>location55</short-name>
+    <full-name>Location 55</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000056</uid>
+    <guid>30000000-0000-0000-0000-000000000056</guid>
+    <short-name>location56</short-name>
+    <full-name>Location 56</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000057</uid>
+    <guid>30000000-0000-0000-0000-000000000057</guid>
+    <short-name>location57</short-name>
+    <full-name>Location 57</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000058</uid>
+    <guid>30000000-0000-0000-0000-000000000058</guid>
+    <short-name>location58</short-name>
+    <full-name>Location 58</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000059</uid>
+    <guid>30000000-0000-0000-0000-000000000059</guid>
+    <short-name>location59</short-name>
+    <full-name>Location 59</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000060</uid>
+    <guid>30000000-0000-0000-0000-000000000060</guid>
+    <short-name>location60</short-name>
+    <full-name>Location 60</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000061</uid>
+    <guid>30000000-0000-0000-0000-000000000061</guid>
+    <short-name>location61</short-name>
+    <full-name>Location 61</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000062</uid>
+    <guid>30000000-0000-0000-0000-000000000062</guid>
+    <short-name>location62</short-name>
+    <full-name>Location 62</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000063</uid>
+    <guid>30000000-0000-0000-0000-000000000063</guid>
+    <short-name>location63</short-name>
+    <full-name>Location 63</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000064</uid>
+    <guid>30000000-0000-0000-0000-000000000064</guid>
+    <short-name>location64</short-name>
+    <full-name>Location 64</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000065</uid>
+    <guid>30000000-0000-0000-0000-000000000065</guid>
+    <short-name>location65</short-name>
+    <full-name>Location 65</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000066</uid>
+    <guid>30000000-0000-0000-0000-000000000066</guid>
+    <short-name>location66</short-name>
+    <full-name>Location 66</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000067</uid>
+    <guid>30000000-0000-0000-0000-000000000067</guid>
+    <short-name>location67</short-name>
+    <full-name>Location 67</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000068</uid>
+    <guid>30000000-0000-0000-0000-000000000068</guid>
+    <short-name>location68</short-name>
+    <full-name>Location 68</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000069</uid>
+    <guid>30000000-0000-0000-0000-000000000069</guid>
+    <short-name>location69</short-name>
+    <full-name>Location 69</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000070</uid>
+    <guid>30000000-0000-0000-0000-000000000070</guid>
+    <short-name>location70</short-name>
+    <full-name>Location 70</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000071</uid>
+    <guid>30000000-0000-0000-0000-000000000071</guid>
+    <short-name>location71</short-name>
+    <full-name>Location 71</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000072</uid>
+    <guid>30000000-0000-0000-0000-000000000072</guid>
+    <short-name>location72</short-name>
+    <full-name>Location 72</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000073</uid>
+    <guid>30000000-0000-0000-0000-000000000073</guid>
+    <short-name>location73</short-name>
+    <full-name>Location 73</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000074</uid>
+    <guid>30000000-0000-0000-0000-000000000074</guid>
+    <short-name>location74</short-name>
+    <full-name>Location 74</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000075</uid>
+    <guid>30000000-0000-0000-0000-000000000075</guid>
+    <short-name>location75</short-name>
+    <full-name>Location 75</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000076</uid>
+    <guid>30000000-0000-0000-0000-000000000076</guid>
+    <short-name>location76</short-name>
+    <full-name>Location 76</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000077</uid>
+    <guid>30000000-0000-0000-0000-000000000077</guid>
+    <short-name>location77</short-name>
+    <full-name>Location 77</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000078</uid>
+    <guid>30000000-0000-0000-0000-000000000078</guid>
+    <short-name>location78</short-name>
+    <full-name>Location 78</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000079</uid>
+    <guid>30000000-0000-0000-0000-000000000079</guid>
+    <short-name>location79</short-name>
+    <full-name>Location 79</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000080</uid>
+    <guid>30000000-0000-0000-0000-000000000080</guid>
+    <short-name>location80</short-name>
+    <full-name>Location 80</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000081</uid>
+    <guid>30000000-0000-0000-0000-000000000081</guid>
+    <short-name>location81</short-name>
+    <full-name>Location 81</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000082</uid>
+    <guid>30000000-0000-0000-0000-000000000082</guid>
+    <short-name>location82</short-name>
+    <full-name>Location 82</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000083</uid>
+    <guid>30000000-0000-0000-0000-000000000083</guid>
+    <short-name>location83</short-name>
+    <full-name>Location 83</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000084</uid>
+    <guid>30000000-0000-0000-0000-000000000084</guid>
+    <short-name>location84</short-name>
+    <full-name>Location 84</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000085</uid>
+    <guid>30000000-0000-0000-0000-000000000085</guid>
+    <short-name>location85</short-name>
+    <full-name>Location 85</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000086</uid>
+    <guid>30000000-0000-0000-0000-000000000086</guid>
+    <short-name>location86</short-name>
+    <full-name>Location 86</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000087</uid>
+    <guid>30000000-0000-0000-0000-000000000087</guid>
+    <short-name>location87</short-name>
+    <full-name>Location 87</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000088</uid>
+    <guid>30000000-0000-0000-0000-000000000088</guid>
+    <short-name>location88</short-name>
+    <full-name>Location 88</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000089</uid>
+    <guid>30000000-0000-0000-0000-000000000089</guid>
+    <short-name>location89</short-name>
+    <full-name>Location 89</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000090</uid>
+    <guid>30000000-0000-0000-0000-000000000090</guid>
+    <short-name>location90</short-name>
+    <full-name>Location 90</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000091</uid>
+    <guid>30000000-0000-0000-0000-000000000091</guid>
+    <short-name>location91</short-name>
+    <full-name>Location 91</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000092</uid>
+    <guid>30000000-0000-0000-0000-000000000092</guid>
+    <short-name>location92</short-name>
+    <full-name>Location 92</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000093</uid>
+    <guid>30000000-0000-0000-0000-000000000093</guid>
+    <short-name>location93</short-name>
+    <full-name>Location 93</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000094</uid>
+    <guid>30000000-0000-0000-0000-000000000094</guid>
+    <short-name>location94</short-name>
+    <full-name>Location 94</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000095</uid>
+    <guid>30000000-0000-0000-0000-000000000095</guid>
+    <short-name>location95</short-name>
+    <full-name>Location 95</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000096</uid>
+    <guid>30000000-0000-0000-0000-000000000096</guid>
+    <short-name>location96</short-name>
+    <full-name>Location 96</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000097</uid>
+    <guid>30000000-0000-0000-0000-000000000097</guid>
+    <short-name>location97</short-name>
+    <full-name>Location 97</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000098</uid>
+    <guid>30000000-0000-0000-0000-000000000098</guid>
+    <short-name>location98</short-name>
+    <full-name>Location 98</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000099</uid>
+    <guid>30000000-0000-0000-0000-000000000099</guid>
+    <short-name>location99</short-name>
+    <full-name>Location 99</full-name>
+</record>
+<record type="location">
+    <uid>30000000-0000-0000-0000-000000000100</uid>
+    <guid>30000000-0000-0000-0000-000000000100</guid>
+    <short-name>location100</short-name>
+    <full-name>Location 100</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000001</uid>
+    <guid>40000000-0000-0000-0000-000000000001</guid>
+    <short-name>resource01</short-name>
+    <full-name>Resource 01</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000002</uid>
+    <guid>40000000-0000-0000-0000-000000000002</guid>
+    <short-name>resource02</short-name>
+    <full-name>Resource 02</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000003</uid>
+    <guid>40000000-0000-0000-0000-000000000003</guid>
+    <short-name>resource03</short-name>
+    <full-name>Resource 03</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000004</uid>
+    <guid>40000000-0000-0000-0000-000000000004</guid>
+    <short-name>resource04</short-name>
+    <full-name>Resource 04</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000005</uid>
+    <guid>40000000-0000-0000-0000-000000000005</guid>
+    <short-name>resource05</short-name>
+    <full-name>Resource 05</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000006</uid>
+    <guid>40000000-0000-0000-0000-000000000006</guid>
+    <short-name>resource06</short-name>
+    <full-name>Resource 06</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000007</uid>
+    <guid>40000000-0000-0000-0000-000000000007</guid>
+    <short-name>resource07</short-name>
+    <full-name>Resource 07</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000008</uid>
+    <guid>40000000-0000-0000-0000-000000000008</guid>
+    <short-name>resource08</short-name>
+    <full-name>Resource 08</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000009</uid>
+    <guid>40000000-0000-0000-0000-000000000009</guid>
+    <short-name>resource09</short-name>
+    <full-name>Resource 09</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000010</uid>
+    <guid>40000000-0000-0000-0000-000000000010</guid>
+    <short-name>resource10</short-name>
+    <full-name>Resource 10</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000011</uid>
+    <guid>40000000-0000-0000-0000-000000000011</guid>
+    <short-name>resource11</short-name>
+    <full-name>Resource 11</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000012</uid>
+    <guid>40000000-0000-0000-0000-000000000012</guid>
+    <short-name>resource12</short-name>
+    <full-name>Resource 12</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000013</uid>
+    <guid>40000000-0000-0000-0000-000000000013</guid>
+    <short-name>resource13</short-name>
+    <full-name>Resource 13</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000014</uid>
+    <guid>40000000-0000-0000-0000-000000000014</guid>
+    <short-name>resource14</short-name>
+    <full-name>Resource 14</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000015</uid>
+    <guid>40000000-0000-0000-0000-000000000015</guid>
+    <short-name>resource15</short-name>
+    <full-name>Resource 15</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000016</uid>
+    <guid>40000000-0000-0000-0000-000000000016</guid>
+    <short-name>resource16</short-name>
+    <full-name>Resource 16</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000017</uid>
+    <guid>40000000-0000-0000-0000-000000000017</guid>
+    <short-name>resource17</short-name>
+    <full-name>Resource 17</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000018</uid>
+    <guid>40000000-0000-0000-0000-000000000018</guid>
+    <short-name>resource18</short-name>
+    <full-name>Resource 18</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000019</uid>
+    <guid>40000000-0000-0000-0000-000000000019</guid>
+    <short-name>resource19</short-name>
+    <full-name>Resource 19</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000020</uid>
+    <guid>40000000-0000-0000-0000-000000000020</guid>
+    <short-name>resource20</short-name>
+    <full-name>Resource 20</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000021</uid>
+    <guid>40000000-0000-0000-0000-000000000021</guid>
+    <short-name>resource21</short-name>
+    <full-name>Resource 21</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000022</uid>
+    <guid>40000000-0000-0000-0000-000000000022</guid>
+    <short-name>resource22</short-name>
+    <full-name>Resource 22</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000023</uid>
+    <guid>40000000-0000-0000-0000-000000000023</guid>
+    <short-name>resource23</short-name>
+    <full-name>Resource 23</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000024</uid>
+    <guid>40000000-0000-0000-0000-000000000024</guid>
+    <short-name>resource24</short-name>
+    <full-name>Resource 24</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000025</uid>
+    <guid>40000000-0000-0000-0000-000000000025</guid>
+    <short-name>resource25</short-name>
+    <full-name>Resource 25</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000026</uid>
+    <guid>40000000-0000-0000-0000-000000000026</guid>
+    <short-name>resource26</short-name>
+    <full-name>Resource 26</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000027</uid>
+    <guid>40000000-0000-0000-0000-000000000027</guid>
+    <short-name>resource27</short-name>
+    <full-name>Resource 27</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000028</uid>
+    <guid>40000000-0000-0000-0000-000000000028</guid>
+    <short-name>resource28</short-name>
+    <full-name>Resource 28</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000029</uid>
+    <guid>40000000-0000-0000-0000-000000000029</guid>
+    <short-name>resource29</short-name>
+    <full-name>Resource 29</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000030</uid>
+    <guid>40000000-0000-0000-0000-000000000030</guid>
+    <short-name>resource30</short-name>
+    <full-name>Resource 30</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000031</uid>
+    <guid>40000000-0000-0000-0000-000000000031</guid>
+    <short-name>resource31</short-name>
+    <full-name>Resource 31</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000032</uid>
+    <guid>40000000-0000-0000-0000-000000000032</guid>
+    <short-name>resource32</short-name>
+    <full-name>Resource 32</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000033</uid>
+    <guid>40000000-0000-0000-0000-000000000033</guid>
+    <short-name>resource33</short-name>
+    <full-name>Resource 33</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000034</uid>
+    <guid>40000000-0000-0000-0000-000000000034</guid>
+    <short-name>resource34</short-name>
+    <full-name>Resource 34</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000035</uid>
+    <guid>40000000-0000-0000-0000-000000000035</guid>
+    <short-name>resource35</short-name>
+    <full-name>Resource 35</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000036</uid>
+    <guid>40000000-0000-0000-0000-000000000036</guid>
+    <short-name>resource36</short-name>
+    <full-name>Resource 36</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000037</uid>
+    <guid>40000000-0000-0000-0000-000000000037</guid>
+    <short-name>resource37</short-name>
+    <full-name>Resource 37</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000038</uid>
+    <guid>40000000-0000-0000-0000-000000000038</guid>
+    <short-name>resource38</short-name>
+    <full-name>Resource 38</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000039</uid>
+    <guid>40000000-0000-0000-0000-000000000039</guid>
+    <short-name>resource39</short-name>
+    <full-name>Resource 39</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000040</uid>
+    <guid>40000000-0000-0000-0000-000000000040</guid>
+    <short-name>resource40</short-name>
+    <full-name>Resource 40</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000041</uid>
+    <guid>40000000-0000-0000-0000-000000000041</guid>
+    <short-name>resource41</short-name>
+    <full-name>Resource 41</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000042</uid>
+    <guid>40000000-0000-0000-0000-000000000042</guid>
+    <short-name>resource42</short-name>
+    <full-name>Resource 42</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000043</uid>
+    <guid>40000000-0000-0000-0000-000000000043</guid>
+    <short-name>resource43</short-name>
+    <full-name>Resource 43</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000044</uid>
+    <guid>40000000-0000-0000-0000-000000000044</guid>
+    <short-name>resource44</short-name>
+    <full-name>Resource 44</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000045</uid>
+    <guid>40000000-0000-0000-0000-000000000045</guid>
+    <short-name>resource45</short-name>
+    <full-name>Resource 45</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000046</uid>
+    <guid>40000000-0000-0000-0000-000000000046</guid>
+    <short-name>resource46</short-name>
+    <full-name>Resource 46</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000047</uid>
+    <guid>40000000-0000-0000-0000-000000000047</guid>
+    <short-name>resource47</short-name>
+    <full-name>Resource 47</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000048</uid>
+    <guid>40000000-0000-0000-0000-000000000048</guid>
+    <short-name>resource48</short-name>
+    <full-name>Resource 48</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000049</uid>
+    <guid>40000000-0000-0000-0000-000000000049</guid>
+    <short-name>resource49</short-name>
+    <full-name>Resource 49</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000050</uid>
+    <guid>40000000-0000-0000-0000-000000000050</guid>
+    <short-name>resource50</short-name>
+    <full-name>Resource 50</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000051</uid>
+    <guid>40000000-0000-0000-0000-000000000051</guid>
+    <short-name>resource51</short-name>
+    <full-name>Resource 51</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000052</uid>
+    <guid>40000000-0000-0000-0000-000000000052</guid>
+    <short-name>resource52</short-name>
+    <full-name>Resource 52</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000053</uid>
+    <guid>40000000-0000-0000-0000-000000000053</guid>
+    <short-name>resource53</short-name>
+    <full-name>Resource 53</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000054</uid>
+    <guid>40000000-0000-0000-0000-000000000054</guid>
+    <short-name>resource54</short-name>
+    <full-name>Resource 54</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000055</uid>
+    <guid>40000000-0000-0000-0000-000000000055</guid>
+    <short-name>resource55</short-name>
+    <full-name>Resource 55</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000056</uid>
+    <guid>40000000-0000-0000-0000-000000000056</guid>
+    <short-name>resource56</short-name>
+    <full-name>Resource 56</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000057</uid>
+    <guid>40000000-0000-0000-0000-000000000057</guid>
+    <short-name>resource57</short-name>
+    <full-name>Resource 57</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000058</uid>
+    <guid>40000000-0000-0000-0000-000000000058</guid>
+    <short-name>resource58</short-name>
+    <full-name>Resource 58</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000059</uid>
+    <guid>40000000-0000-0000-0000-000000000059</guid>
+    <short-name>resource59</short-name>
+    <full-name>Resource 59</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000060</uid>
+    <guid>40000000-0000-0000-0000-000000000060</guid>
+    <short-name>resource60</short-name>
+    <full-name>Resource 60</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000061</uid>
+    <guid>40000000-0000-0000-0000-000000000061</guid>
+    <short-name>resource61</short-name>
+    <full-name>Resource 61</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000062</uid>
+    <guid>40000000-0000-0000-0000-000000000062</guid>
+    <short-name>resource62</short-name>
+    <full-name>Resource 62</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000063</uid>
+    <guid>40000000-0000-0000-0000-000000000063</guid>
+    <short-name>resource63</short-name>
+    <full-name>Resource 63</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000064</uid>
+    <guid>40000000-0000-0000-0000-000000000064</guid>
+    <short-name>resource64</short-name>
+    <full-name>Resource 64</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000065</uid>
+    <guid>40000000-0000-0000-0000-000000000065</guid>
+    <short-name>resource65</short-name>
+    <full-name>Resource 65</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000066</uid>
+    <guid>40000000-0000-0000-0000-000000000066</guid>
+    <short-name>resource66</short-name>
+    <full-name>Resource 66</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000067</uid>
+    <guid>40000000-0000-0000-0000-000000000067</guid>
+    <short-name>resource67</short-name>
+    <full-name>Resource 67</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000068</uid>
+    <guid>40000000-0000-0000-0000-000000000068</guid>
+    <short-name>resource68</short-name>
+    <full-name>Resource 68</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000069</uid>
+    <guid>40000000-0000-0000-0000-000000000069</guid>
+    <short-name>resource69</short-name>
+    <full-name>Resource 69</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000070</uid>
+    <guid>40000000-0000-0000-0000-000000000070</guid>
+    <short-name>resource70</short-name>
+    <full-name>Resource 70</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000071</uid>
+    <guid>40000000-0000-0000-0000-000000000071</guid>
+    <short-name>resource71</short-name>
+    <full-name>Resource 71</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000072</uid>
+    <guid>40000000-0000-0000-0000-000000000072</guid>
+    <short-name>resource72</short-name>
+    <full-name>Resource 72</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000073</uid>
+    <guid>40000000-0000-0000-0000-000000000073</guid>
+    <short-name>resource73</short-name>
+    <full-name>Resource 73</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000074</uid>
+    <guid>40000000-0000-0000-0000-000000000074</guid>
+    <short-name>resource74</short-name>
+    <full-name>Resource 74</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000075</uid>
+    <guid>40000000-0000-0000-0000-000000000075</guid>
+    <short-name>resource75</short-name>
+    <full-name>Resource 75</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000076</uid>
+    <guid>40000000-0000-0000-0000-000000000076</guid>
+    <short-name>resource76</short-name>
+    <full-name>Resource 76</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000077</uid>
+    <guid>40000000-0000-0000-0000-000000000077</guid>
+    <short-name>resource77</short-name>
+    <full-name>Resource 77</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000078</uid>
+    <guid>40000000-0000-0000-0000-000000000078</guid>
+    <short-name>resource78</short-name>
+    <full-name>Resource 78</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000079</uid>
+    <guid>40000000-0000-0000-0000-000000000079</guid>
+    <short-name>resource79</short-name>
+    <full-name>Resource 79</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000080</uid>
+    <guid>40000000-0000-0000-0000-000000000080</guid>
+    <short-name>resource80</short-name>
+    <full-name>Resource 80</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000081</uid>
+    <guid>40000000-0000-0000-0000-000000000081</guid>
+    <short-name>resource81</short-name>
+    <full-name>Resource 81</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000082</uid>
+    <guid>40000000-0000-0000-0000-000000000082</guid>
+    <short-name>resource82</short-name>
+    <full-name>Resource 82</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000083</uid>
+    <guid>40000000-0000-0000-0000-000000000083</guid>
+    <short-name>resource83</short-name>
+    <full-name>Resource 83</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000084</uid>
+    <guid>40000000-0000-0000-0000-000000000084</guid>
+    <short-name>resource84</short-name>
+    <full-name>Resource 84</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000085</uid>
+    <guid>40000000-0000-0000-0000-000000000085</guid>
+    <short-name>resource85</short-name>
+    <full-name>Resource 85</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000086</uid>
+    <guid>40000000-0000-0000-0000-000000000086</guid>
+    <short-name>resource86</short-name>
+    <full-name>Resource 86</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000087</uid>
+    <guid>40000000-0000-0000-0000-000000000087</guid>
+    <short-name>resource87</short-name>
+    <full-name>Resource 87</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000088</uid>
+    <guid>40000000-0000-0000-0000-000000000088</guid>
+    <short-name>resource88</short-name>
+    <full-name>Resource 88</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000089</uid>
+    <guid>40000000-0000-0000-0000-000000000089</guid>
+    <short-name>resource89</short-name>
+    <full-name>Resource 89</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000090</uid>
+    <guid>40000000-0000-0000-0000-000000000090</guid>
+    <short-name>resource90</short-name>
+    <full-name>Resource 90</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000091</uid>
+    <guid>40000000-0000-0000-0000-000000000091</guid>
+    <short-name>resource91</short-name>
+    <full-name>Resource 91</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000092</uid>
+    <guid>40000000-0000-0000-0000-000000000092</guid>
+    <short-name>resource92</short-name>
+    <full-name>Resource 92</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000093</uid>
+    <guid>40000000-0000-0000-0000-000000000093</guid>
+    <short-name>resource93</short-name>
+    <full-name>Resource 93</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000094</uid>
+    <guid>40000000-0000-0000-0000-000000000094</guid>
+    <short-name>resource94</short-name>
+    <full-name>Resource 94</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000095</uid>
+    <guid>40000000-0000-0000-0000-000000000095</guid>
+    <short-name>resource95</short-name>
+    <full-name>Resource 95</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000096</uid>
+    <guid>40000000-0000-0000-0000-000000000096</guid>
+    <short-name>resource96</short-name>
+    <full-name>Resource 96</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000097</uid>
+    <guid>40000000-0000-0000-0000-000000000097</guid>
+    <short-name>resource97</short-name>
+    <full-name>Resource 97</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000098</uid>
+    <guid>40000000-0000-0000-0000-000000000098</guid>
+    <short-name>resource98</short-name>
+    <full-name>Resource 98</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000099</uid>
+    <guid>40000000-0000-0000-0000-000000000099</guid>
+    <short-name>resource99</short-name>
+    <full-name>Resource 99</full-name>
+</record>
+<record type="resource">
+    <uid>40000000-0000-0000-0000-000000000100</uid>
+    <guid>40000000-0000-0000-0000-000000000100</guid>
+    <short-name>resource100</short-name>
+    <full-name>Resource 100</full-name>
+</record>
+</directory>

From c8377aa8b086dd6d0fbf91c14acec03701b6814f Mon Sep 17 00:00:00 2001
From: Giorgio Azzinnaro <giorgio.azzinnaro@gmail.com>
Date: Sun, 10 Jun 2018 14:08:38 +0200
Subject: [PATCH 19/19] some basic documentation on root README

---
 README.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.rst b/README.rst
index 5ad203ce3..c0f187dba 100644
--- a/README.rst
+++ b/README.rst
@@ -87,3 +87,16 @@ Start the server using the bin/run script, and use the -n option to bypass depen
     Starting server...
 
 The server should then start up and bind to port 8008 for HTTP and 8443 for HTTPS. You should then be able to connect to the server using your web browser (eg. Safari, Firefox) or with a CalDAV client (eg. Calendar).
+
+
+==========================
+Docker
+==========================
+
+A Dockerfile is provided to build an image that may be run in production.
+An example docker-compose file is provided in contrib/docker.
+
+PostgreSQL and Memcached are required as external services.
+
+Configuration may be altered to make use of an LDAP server,
+or XML files, as noted above.
\ No newline at end of file