From 800cd902266a17a8f58b7573914e8d961e675c9b Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Tue, 17 May 2022 19:42:39 -0400 Subject: update readme and spec --- README-stackrpms.md | 46 +++++++++++++++++++++++++++++++++++++++++++++- infcloud.spec | 5 +++-- 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/README-stackrpms.md b/README-stackrpms.md index ee7b042..b0da7c5 100644 --- a/README-stackrpms.md +++ b/README-stackrpms.md @@ -5,4 +5,48 @@ The rpm deploys infcloud to /usr/share/infcloud. The easiest way to use this on sudo ln -s /usr/share/infcloud/radicale_infcloud/web /var/www/html/calendar -The config.js is now stored in /etc/infcloud/. After updating it, be sure to run /usr/sbin/update-infcloud-cache +The config.js is now stored in /etc/infcloud/. After updating it, be sure to run `/usr/sbin/update-infcloud-cache`. + +For a whole radicale+infcloud setup, an apache httpd VirtualHost entry WITHOUT TLS could resemble: + + + ServerName calendar.example.com + RewriteEngine On + RewriteRule ^/radicale$ /radicale/ [R,L] + + ProxyPreserveHost On + Order deny,allow + Deny from all + AuthType Basic + AuthName "LDAP protected" + AuthBasicProvider ldap + AuthLDAPGroupAttribute member + AuthLDAPSubGroupClass group + # If anonymous search is disabled, provide dn and pw. + #AuthLDAPBindDN uid=service-account,cn=users,cn=accounts,dc=ipa,dc=example,dc=com + #AuthLDAPBindPassword mypw + AuthLDAPGroupAttributeIsDN On + AuthLDAPURL "ldaps://dns1.ipa.example.com:636 dns2.ipa.example.com:636/cn=users,cn=accounts,dc=ipa,dc=example,dc=com?uid,memberof,gecos?sub?(objectClass=person)" + #?sub?(objectClass=*) + Require valid-user + Satisfy any + # My radical set up uses HTTP_X_REMOTE_USER as username for authentication + RequestHeader set X_REMOTE_USER "%{AUTHENTICATE_uid}e" + # This does not populate correctly. Probably the ldap memberOf attribute is derived and not real? + RequestHeader set X_GROUPS "%{AUTHENTICATE_memberOf}e" + # This populates correctly + RequestHeader set X_GECOS "%{AUTHENTICATE_gecos}e" + ProxyPass http://localhost:5232/ retry=20 connectiontimeout=300 timeout=300 + ProxyPassReverse http://localhost:5232/ + RequestHeader set X-Script-Name /radicale + + + +Relevant config options for radicale (file `/etc/radicale/config`) include: + + [server] + hosts = 127.0.0.1:5232 + [auth] + type = http_x_remote_user + [web] + type = internal diff --git a/infcloud.spec b/infcloud.spec index d7e8b27..125e12b 100644 --- a/infcloud.spec +++ b/infcloud.spec @@ -10,8 +10,8 @@ License: AGPL 3.0 URL: https://Unrud/RadicaleInfCloud Source0: https://gitlab.com/bgstack15/%{pname}/-/archive/%{branch}/%{pname}-%{branch}.tar.gz -BuildRequires: python3 -Requires: python3 +#BuildRequires: python3 +#Requires: python3 %description This is the RadicaleInfCloud fork of InfCloud, a @@ -36,6 +36,7 @@ ln -s %{_sysconfdir}/%{name}/config.js %{buildroot}%{_datadir}/%{name}/radicale_ %files %{_datadir}/%{name} %{_sysconfdir}/%{name} +%{_sbindir}/* %doc README-stackrpms.md %changelog -- cgit