aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README-stackrpms.md46
-rw-r--r--infcloud.spec5
2 files changed, 48 insertions, 3 deletions
diff --git a/README-stackrpms.md b/README-stackrpms.md
index ee7b042..b0da7c5 100644
--- a/README-stackrpms.md
+++ b/README-stackrpms.md
@@ -5,4 +5,48 @@ The rpm deploys infcloud to /usr/share/infcloud. The easiest way to use this on
sudo ln -s /usr/share/infcloud/radicale_infcloud/web /var/www/html/calendar
-The config.js is now stored in /etc/infcloud/. After updating it, be sure to run /usr/sbin/update-infcloud-cache
+The config.js is now stored in /etc/infcloud/. After updating it, be sure to run `/usr/sbin/update-infcloud-cache`.
+
+For a whole radicale+infcloud setup, an apache httpd VirtualHost entry WITHOUT TLS could resemble:
+
+ <VirtualHost *:80>
+ ServerName calendar.example.com
+ RewriteEngine On
+ RewriteRule ^/radicale$ /radicale/ [R,L]
+ <Location "/radicale/">
+ ProxyPreserveHost On
+ Order deny,allow
+ Deny from all
+ AuthType Basic
+ AuthName "LDAP protected"
+ AuthBasicProvider ldap
+ AuthLDAPGroupAttribute member
+ AuthLDAPSubGroupClass group
+ # If anonymous search is disabled, provide dn and pw.
+ #AuthLDAPBindDN uid=service-account,cn=users,cn=accounts,dc=ipa,dc=example,dc=com
+ #AuthLDAPBindPassword mypw
+ AuthLDAPGroupAttributeIsDN On
+ AuthLDAPURL "ldaps://dns1.ipa.example.com:636 dns2.ipa.example.com:636/cn=users,cn=accounts,dc=ipa,dc=example,dc=com?uid,memberof,gecos?sub?(objectClass=person)"
+ #?sub?(objectClass=*)
+ Require valid-user
+ Satisfy any
+ # My radical set up uses HTTP_X_REMOTE_USER as username for authentication
+ RequestHeader set X_REMOTE_USER "%{AUTHENTICATE_uid}e"
+ # This does not populate correctly. Probably the ldap memberOf attribute is derived and not real?
+ RequestHeader set X_GROUPS "%{AUTHENTICATE_memberOf}e"
+ # This populates correctly
+ RequestHeader set X_GECOS "%{AUTHENTICATE_gecos}e"
+ ProxyPass http://localhost:5232/ retry=20 connectiontimeout=300 timeout=300
+ ProxyPassReverse http://localhost:5232/
+ RequestHeader set X-Script-Name /radicale
+ </Location>
+ </VirtualHost>
+
+Relevant config options for radicale (file `/etc/radicale/config`) include:
+
+ [server]
+ hosts = 127.0.0.1:5232
+ [auth]
+ type = http_x_remote_user
+ [web]
+ type = internal
diff --git a/infcloud.spec b/infcloud.spec
index d7e8b27..125e12b 100644
--- a/infcloud.spec
+++ b/infcloud.spec
@@ -10,8 +10,8 @@ License: AGPL 3.0
URL: https://Unrud/RadicaleInfCloud
Source0: https://gitlab.com/bgstack15/%{pname}/-/archive/%{branch}/%{pname}-%{branch}.tar.gz
-BuildRequires: python3
-Requires: python3
+#BuildRequires: python3
+#Requires: python3
%description
This is the RadicaleInfCloud fork of InfCloud, a
@@ -36,6 +36,7 @@ ln -s %{_sysconfdir}/%{name}/config.js %{buildroot}%{_datadir}/%{name}/radicale_
%files
%{_datadir}/%{name}
%{_sysconfdir}/%{name}
+%{_sbindir}/*
%doc README-stackrpms.md
%changelog
bgstack15