LDAP users cannot access CalDAV calendars shared with LDAP group on CalDAV clients?

Hey all.

So we’ve got an internal Nextcloud instance running that we’re hoping to transition to fully for our day-to-day groupware - this includes migrating from our existing Baikal CalDAV+CardDAV server, and using Nextcloud for this purpose. Obviously, because it’s really nice and has a nice web interface for managing contacts and calendars in-browser, in addition to being able to connect reliably to CalDAV and CardDAV clients.

ONE problem, however, is that we’re (obviously) using our internal LDAP server (FreeIPA) as the authentication source for Nextcloud. Now, that works fine. We’re real happy with it. But we also have some shared, organizational and per-department calendars that have been shared with LDAP groups corresponding to the organization and the various departments… and users cannot seem to access those calendars via their LDAP credentials when connecting to them from CalDAV clients.

Specifically, we have a user, “Calendar”, who has created these calendars, and then shared them with the LDAP groups Nextcloud sees. Then, in Mozilla Thunderbird, with the internal share link, users are unable to use their LDAP credentials to access those calendars, they get an error message:

Could not find calendars at this location. Please check your settings.

I’ve tried with multiple variations of my credentials, including uid, uid@domain, etc. None work. Interestingly, uid along with my LDAP password works just fine for the personal calendar that exists on my user account - but it cannot connect to and see the other calendars that have been shared with me, which is frustrating.

The EXTERNAL share link, however, seems to work, although then the calendar it finds is named something ridiculous. For example, instead of “Sales”, it’s discovered as “uKQXwOxjRfTd”, which is… entirely unhelpful. No events even show up. Also, obviously, members of these departments need to have read AND write access to these calendars, and they do not have that ability.