aboutsummaryrefslogtreecommitdiff
path: root/README-stackrpms.md
blob: a08639d9ee4cf817595259fe1713e409276e517b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# README for InfCloud for Stackrpms

## Usage
The rpm deploys infcloud to /usr/share/infcloud. The easiest way to use this on your web server is to set up a symlink in your web root directory:

    sudo ln -s /usr/share/infcloud/radicale_infcloud/web /var/www/html/calendar

The config.js is now stored in /etc/infcloud/. After updating it, be sure to run `/usr/sbin/update-infcloud-cache`.

For a whole radicale+infcloud setup, an apache httpd VirtualHost entry WITHOUT TLS could resemble:

   <VirtualHost *:80>
      ServerName calendar.example.com
      RewriteEngine On
      RewriteRule ^/radicale$ /radicale/ [R,L]
      <Location "/radicale/">
         ProxyPreserveHost On
         Order deny,allow
         Deny from all
         AuthType Basic
         AuthName "LDAP protected"
         AuthBasicProvider ldap
         AuthLDAPGroupAttribute member
         AuthLDAPSubGroupClass group
         # If anonymous search is disabled, provide dn and pw.
         #AuthLDAPBindDN uid=service-account,cn=users,cn=accounts,dc=ipa,dc=example,dc=com
         #AuthLDAPBindPassword mypw
         AuthLDAPGroupAttributeIsDN On
         AuthLDAPURL "ldaps://dns1.ipa.example.com:636 dns2.ipa.example.com:636/cn=users,cn=accounts,dc=ipa,dc=example,dc=com?uid,memberof,gecos?sub?(objectClass=person)"
         #?sub?(objectClass=*)
         Require valid-user
         Satisfy any
         # My radical set up uses HTTP_X_REMOTE_USER as username for authentication
         RequestHeader set X_REMOTE_USER "%{AUTHENTICATE_uid}e"
         # This does not populate correctly. Probably the ldap memberOf attribute is derived and not real?
         RequestHeader set X_GROUPS "%{AUTHENTICATE_memberOf}e"
         # This populates correctly
         RequestHeader set X_GECOS "%{AUTHENTICATE_gecos}e"
         ProxyPass        http://localhost:5232/ retry=20 connectiontimeout=300 timeout=300
         ProxyPassReverse http://localhost:5232/
         RequestHeader    set X-Script-Name /radicale
      </Location>
   </VirtualHost>

Relevant config options for radicale (file `/etc/radicale/config`) include:

   [server]
   hosts = 127.0.0.1:5232
   [auth]
   type = http_x_remote_user
   [web]
   type = internal

## History
2022-05-19 patch added for perUserAdditionalResources in config.js.
bgstack15