1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# README for InfCloud for Stackrpms
## Usage
The rpm deploys infcloud to /usr/share/infcloud. The easiest way to use this on your web server is to set up a symlink in your web root directory:
sudo ln -s /usr/share/infcloud/radicale_infcloud/web /var/www/html/calendar
The config.js is now stored in /etc/infcloud/. After updating it, be sure to run `/usr/sbin/update-infcloud-cache`.
For a whole radicale+infcloud setup, an apache httpd VirtualHost entry WITHOUT TLS could resemble:
<VirtualHost *:80>
ServerName calendar.example.com
RewriteEngine On
RewriteRule ^/radicale$ /radicale/ [R,L]
<Location "/radicale/">
ProxyPreserveHost On
Order deny,allow
Deny from all
AuthType Basic
AuthName "LDAP protected"
AuthBasicProvider ldap
AuthLDAPGroupAttribute member
AuthLDAPSubGroupClass group
# If anonymous search is disabled, provide dn and pw.
#AuthLDAPBindDN uid=service-account,cn=users,cn=accounts,dc=ipa,dc=example,dc=com
#AuthLDAPBindPassword mypw
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL "ldaps://dns1.ipa.example.com:636 dns2.ipa.example.com:636/cn=users,cn=accounts,dc=ipa,dc=example,dc=com?uid,memberof,gecos?sub?(objectClass=person)"
#?sub?(objectClass=*)
Require valid-user
Satisfy any
# My radical set up uses HTTP_X_REMOTE_USER as username for authentication
RequestHeader set X_REMOTE_USER "%{AUTHENTICATE_uid}e"
# This does not populate correctly. Probably the ldap memberOf attribute is derived and not real?
RequestHeader set X_GROUPS "%{AUTHENTICATE_memberOf}e"
# This populates correctly
RequestHeader set X_GECOS "%{AUTHENTICATE_gecos}e"
ProxyPass http://localhost:5232/ retry=20 connectiontimeout=300 timeout=300
ProxyPassReverse http://localhost:5232/
RequestHeader set X-Script-Name /radicale
</Location>
</VirtualHost>
Relevant config options for radicale (file `/etc/radicale/config`) include:
[server]
hosts = 127.0.0.1:5232
[auth]
type = http_x_remote_user
[web]
type = internal
## History
2022-05-19 patch added for perUserAdditionalResources in config.js.
|