https://wiki.davical.org/api.php?action=feedcontributions&user=Fsfs&feedformat=atomDavical - User contributions [en]2024-03-29T06:20:34ZUser contributionsMediaWiki 1.40.1https://wiki.davical.org/index.php?title=Release_Notes/1.1.11&diff=3839Release Notes/1.1.112022-10-04T21:33:37Z<p>Fsfs: </p>
<hr />
<div>{{released|2022-10-04|1.1.10}}{{TOCright}}<br />
<br />
This is a bugfix release that adds compatibility with PHP 8.1 and Postgresql 14.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.63 was released as well and is recommended for PHP 8.1<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Tasks show up in Free/Busy (#257)<br />
* php compatibility: Creating principal fails on 8.1 (#271)<br />
* PHP 8 deprecations: htmlspecialchars in always.php (#266)<br />
* PHP 8: "Exception [0] array_flip(): Argument #1 ($array) must be of type array, null given" at principal-edit.php (#260)<br />
* Exception in inc/iSchedule.php, Argument #1 must be of type Countable|array (#252)<br />
* Users with passwords containing a quotation mark cannot login (#259)<br />
* Create new users, impossible... (#250)<br />
* Wrong FreeBusy duration when the DTSTART of the event is the same as the DTEND (#247)<br />
* Remove deprecated get_magic_quotes* function call from setup.php (234)<br />
* "Login failure" when password contains HTML special characters (#229)<br />
<br />
=== Other Changes ===<br />
* Changes to Gitlab CI, unit and regression tests<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.11: [https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz]<br />
<br />
AWL 0.63: [https://www.davical.org/downloads/awl_0.63.orig.tar.xz https://www.davical.org/downloads/awl_0.63.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* None known.<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.11&diff=3838Release Notes/1.1.112022-10-04T21:32:10Z<p>Fsfs: </p>
<hr />
<div>{{released|2022-10-04|1.1.10}}{{TOCright}}<br />
<br />
This is a bugfix release that adds compatibility with PHP 8.1 and Postgresql 14.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.63 was released as well and is recommended for PHP 8.1<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Tasks show up in Free/Busy (#257)<br />
* php compatibility: Creating principal fails on 8.1 (#271)<br />
* PHP 8 deprecations: htmlspecialchars in always.php (#266)<br />
* PHP 8: "Exception [0] array_flip(): Argument #1 ($array) must be of type array, null given" at principal-edit.php (#260)<br />
* Exception in inc/iSchedule.php, Argument #1 must be of type Countable|array (#252)<br />
* Users with passwords containing a quotation mark cannot login (#259)<br />
* Create new users, impossible... (#250)<br />
* Wrong FreeBusy duration when the DTSTART of the event is the same as the DTEND (#247)<br />
* Remove deprecated get_magic_quotes* function call from setup.php (234)<br />
* "Login failure" when password contains HTML special characters (#229)<br />
<br />
=== Other Changes ===<br />
* Changes to Gitlab CI, unit and regression tests<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.11: [https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz]<br />
<br />
AWL 0.62: [https://www.davical.org/downloads/awl_0.63.orig.tar.xz https://www.davical.org/downloads/awl_0.63.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* None known.<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.11&diff=3837Release Notes/1.1.112022-10-04T21:12:00Z<p>Fsfs: Created page with "{{released|2022-10-04|1.1.10}}{{TOCright}} This is a bugfix release that adds compatibility with PHP 8.1 and Postgresql 14. == Prerequisites for Upgrade == === Upgrades of Other Software === * AWL 0.63 was released as well and is recommended for PHP 8.1 == Changes == === Bug Fixes === * Tasks show up in Free/Busy (#257) * php compatibility: Creating principal fails on 8.1 (#271) * PHP 8 deprecations: htmlspecialchars in always.php (#266) * PHP 8: "Exception [0] array..."</p>
<hr />
<div>{{released|2022-10-04|1.1.10}}{{TOCright}}<br />
<br />
This is a bugfix release that adds compatibility with PHP 8.1 and Postgresql 14.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.63 was released as well and is recommended for PHP 8.1<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Tasks show up in Free/Busy (#257)<br />
* php compatibility: Creating principal fails on 8.1 (#271)<br />
* PHP 8 deprecations: htmlspecialchars in always.php (#266)<br />
* PHP 8: "Exception [0] array_flip(): Argument #1 ($array) must be of type array, null given" at principal-edit.php (#260)<br />
* Exception in inc/iSchedule.php, Argument #1 must be of type Countable|array (#252)<br />
* Users with passwords containing a quotation mark cannot login (#259)<br />
* Create new users, impossible... (#250)<br />
* Wrong FreeBusy duration when the DTSTART of the event is the same as the DTEND (#247)<br />
* Remove deprecated get_magic_quotes* function call from setup.php (234)<br />
* "Login failure" when password contains HTML special characters (#229)<br />
<br />
=== Other Changes ===<br />
* Changes to Gitlab CI, unit and regression tests<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.11: [https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz https://www.davical.org/downloads/davical_1.1.11.orig.tar.xz]<br />
<br />
AWL 0.62: [https://www.davical.org/downloads/awl_0.62.orig.tar.xz https://www.davical.org/downloads/awl_0.62.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* None known.<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3836Main Page2022-10-04T20:54:49Z<p>Fsfs: 1.1.11</p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.11|1.1.11]].</div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3820Main Page2021-03-02T01:16:21Z<p>Fsfs: 1.1.10</p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.10|1.1.10]].</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.10&diff=3819Release Notes/1.1.102021-03-02T01:15:40Z<p>Fsfs: Created page with "{{released|2021-03-01|1.1.9.3}}{{TOCright}} This release is primarily about bugfixes and improvements to our testing infrastructure. Notable changes include the addition of t..."</p>
<hr />
<div>{{released|2021-03-01|1.1.9.3}}{{TOCright}}<br />
<br />
This release is primarily about bugfixes and improvements to our testing infrastructure.<br />
Notable changes include the addition of the $c->list_everyone configuration option to limit the display of other users in the web interface, much improved addressbook queries, and readiness for PHP8.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.62 is necessary for the addressbook query fixes<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* freebusy: events with recurrence rule are sometimes counted one too many times<br />
* cardquery: ensure restriction to target collection remains in force<br />
* restrict listing of external calendars to Admin users<br />
* return a nicer error message if no user is found for Free/Busy via email<br />
* awl: many fixes to the handling of param-filter and prop-filter in addressbook queries (#20, #21, !15, !16, !17, !18, !19, !20)<br />
* awl: correctly set a postgresql search_path, if configured (#23)<br />
* lots of added and updated regression tests, more CI tests, improvements to timezone testing<br />
<br />
=== Other Changes ===<br />
* Add $c->list_everyone option to limit the display of other users in the web interface to those that the current user has access to. The default (all users are listed) remains unchanged (#59)<br />
* eliminate a few instances of syntax deprecated or obsoleted by PHP 8 <br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.10: [https://www.davical.org/downloads/davical_1.1.10.orig.tar.xz https://www.davical.org/downloads/davical_1.1.10.orig.tar.xz]<br />
<br />
AWL 0.62: [https://www.davical.org/downloads/awl_0.62.orig.tar.xz https://www.davical.org/downloads/awl_0.62.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* None known.<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.9.3&diff=3802Release Notes/1.1.9.32020-04-26T16:07:56Z<p>Fsfs: Created page with "{{released|2020-04-13|1.1.9.2}}{{TOCright}} This release updates the dependency on AWL, which had two security fixes. == Prerequisites for Upgrade == === Upgrades of Other..."</p>
<hr />
<div>{{released|2020-04-13|1.1.9.2}}{{TOCright}}<br />
<br />
This release updates the dependency on AWL, which had two security fixes.<br />
<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.61<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes (in AWL) ===<br />
* Drop LSIDLogin function (fix: AWL#18, CVE-2020-11729)<br />
* Disallow current time as a session key (fix: AWL#19, CVE-2020-11728)<br />
<br />
=== Other Changes ===<br />
* Make olson_from_tzstring faster by caching timezone_identifiers_list<br />
* prevent deprecation warnings on current PHP and a test failure with PHPUnit 8<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.9.3: [https://www.davical.org/downloads/davical_1.1.9.3.orig.tar.xz https://www.davical.org/downloads/davical_1.1.9.3.orig.tar.xz]<br />
<br />
AWL 0.61: [https://www.davical.org/downloads/awl_0.61.orig.tar.xz https://www.davical.org/downloads/awl_0.61.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* None<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3801Main Page2020-04-26T15:52:46Z<p>Fsfs: 1.1.9.3</p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.9.3|1.1.9.3]].</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings&diff=3778Configuration/Authentication Settings2019-01-29T07:20:58Z<p>Fsfs: more commas</p>
<hr />
<div>== Internal Authentication ==<br />
<br />
No special configuration should be needed for DAViCal's built-in user and group management.<br />
<br />
== External Authentication ==<br />
<br />
=== Using OpenLDAP ===<br />
<br />
See [[Configuration/Authentication_Settings/LDAP|LDAP Configuration]] for some detailed examples of configuring DAViCal to use an LDAP server for an authentication source. Here is a brief OpenLDAP working example, however that'd go in your <tt>/etc/davical/<servername>-conf.php</tt> config file:<br />
<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net',<br />
'port' => '389',<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
'passDN'=> 'xxxxxxxx',<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net',<br />
'filterUsers' => 'objectClass=InetOrgPerson',<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net',<br />
'filterGroups' => 'objectClass=posixGroup',<br />
'mapping_field' => array('username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'email' =>'mail',<br />
),<br />
'group_mapping_field' => array(<br />
'username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid',<br />
),<br />
'group_member_dnfix' => true,<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2)),<br />
'scope' => 'subtree', <br />
);<br />
include_once('drivers_ldap.php');<br />
<br />
<br />
'''NB:''' it's important to remember to install the LDAP modules for PHP (the <tt>php-ldap</tt> package under debian/ubuntu).<br />
<br />
=== Using ActiveDirectory ===<br />
<br />
See [[Configuration/Authentication_Settings/Active_Directory]] for an example configuration.<br />
<br />
=== Using a different 'AWL' database ===<br />
<br />
The "AWL" library contains the basic database structure for user data which is used by DAViCal, and it is possible to use this data from a different database. This plugin is written more-or-less as an example of how to write an authentication plugin, but may be useful.<br />
<br />
=== When the Webserver does the authentication ===<br />
<br />
It is quite common that the webserver can do the authentication for you, and you just want DAViCal to trust the username that the webserver will pass through.<br />
<br />
In this case you can set something like:<br />
<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
<br />
to match the types of authentication which your server is providing to PHP as "$_SERVER['AUTH_TYPE']". DAViCal will then trust the value received as $_SERVER['REMOTE_USER'] (or, beginning with 1.1.2, $_SERVER['REDIRECT_REMOTE_USER']) to be correct.<br />
<br />
The above will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
One could also set an array to accept different types, e.g.:<br />
$c->authenticate_hook['server_auth_type'] = array('Negotiate','Basic');<br />
but of course, these types must exist (it seems Negotiate does not).<br />
<br />
This does not work together with the ldap_driver (at least in davical 1.0.2). You may get it working with the $c->authenticate_hook['config']['i_use_mode_kerberos'] = "i_know_what_i_am_doing" though.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings&diff=3777Configuration/Authentication Settings2019-01-29T07:19:51Z<p>Fsfs: fix $188</p>
<hr />
<div>== Internal Authentication ==<br />
<br />
No special configuration should be needed for DAViCal's built-in user and group management.<br />
<br />
== External Authentication ==<br />
<br />
=== Using OpenLDAP ===<br />
<br />
See [[Configuration/Authentication_Settings/LDAP|LDAP Configuration]] for some detailed examples of configuring DAViCal to use an LDAP server for an authentication source. Here is a brief OpenLDAP working example, however that'd go in your <tt>/etc/davical/<servername>-conf.php</tt> config file:<br />
<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net',<br />
'port' => '389',<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
'passDN'=> 'xxxxxxxx',<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net',<br />
'filterUsers' => 'objectClass=InetOrgPerson',<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net',<br />
'filterGroups' => 'objectClass=posixGroup',<br />
'mapping_field' => array('username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'email' =>'mail'<br />
),<br />
'group_mapping_field' => array(<br />
'username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
),<br />
'group_member_dnfix' => true,<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2)),<br />
'scope' => 'subtree', <br />
);<br />
include_once('drivers_ldap.php');<br />
<br />
<br />
'''NB:''' it's important to remember to install the LDAP modules for PHP (the <tt>php-ldap</tt> package under debian/ubuntu).<br />
<br />
=== Using ActiveDirectory ===<br />
<br />
See [[Configuration/Authentication_Settings/Active_Directory]] for an example configuration.<br />
<br />
=== Using a different 'AWL' database ===<br />
<br />
The "AWL" library contains the basic database structure for user data which is used by DAViCal, and it is possible to use this data from a different database. This plugin is written more-or-less as an example of how to write an authentication plugin, but may be useful.<br />
<br />
=== When the Webserver does the authentication ===<br />
<br />
It is quite common that the webserver can do the authentication for you, and you just want DAViCal to trust the username that the webserver will pass through.<br />
<br />
In this case you can set something like:<br />
<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
<br />
to match the types of authentication which your server is providing to PHP as "$_SERVER['AUTH_TYPE']". DAViCal will then trust the value received as $_SERVER['REMOTE_USER'] (or, beginning with 1.1.2, $_SERVER['REDIRECT_REMOTE_USER']) to be correct.<br />
<br />
The above will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
One could also set an array to accept different types, e.g.:<br />
$c->authenticate_hook['server_auth_type'] = array('Negotiate','Basic');<br />
but of course, these types must exist (it seems Negotiate does not).<br />
<br />
This does not work together with the ldap_driver (at least in davical 1.0.2). You may get it working with the $c->authenticate_hook['config']['i_use_mode_kerberos'] = "i_know_what_i_am_doing" though.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).</div>Fsfshttps://wiki.davical.org/index.php?title=Debugging&diff=3776Debugging2018-11-22T22:27:05Z<p>Fsfs: source is on gitlab now</p>
<hr />
<div>== Debugging Installation Problems ==<br />
First, make sure your problem is not described in the [[Frequently_Asked_Questions|FAQ]]!<br />
<br />
Second, if you have a particular error message, try typing it into Google, or into the search box on this wiki.<br />
<br />
Third, ask on [[IRC]] or on the [[DAViCal_Mailing_Lists|Mailing List]]<br />
<br />
=== Debug Logging ===<br />
<br />
DAViCal supports extensive debug logging, including many flags which are generally not useful for debugging actual live issues. In particular do NOT use the 'all' debug setting unless a developer recommends it as this level of debugging is so verbose as to be useless (megabytes / minute on even a lightly loaded server) and can cause further errors unrelated to the problem you are attempting to solve.<br />
<br />
The most useful debugging level for resolving CalDAV problems is:<br />
<br />
$c->dbg = array( 'statistics' => 1, 'request' => 1, 'response' => 1 );<br />
<br />
This will cause the following to be written into the PHP error log (which by default will be the Apache error log):<br />
* Complete request headers & body.<br />
* Complete response headers & body.<br />
* A line of statistics after each response has been sent.<br />
<br />
=== Restricting Logging to a Single Client ===<br />
<br />
It may be that you want the logging to be restricted to only a single client that is experiencing the problem, or just to limit the amount of logged data to understand the problem without all of the interspersed logging for unrelated clients. DAViCal's config file is PHP code, so this can be done relatively easily by something like the following:<br />
<br />
$c->dbg = array(); // default debug logging to off<br />
if ( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] == '172.18.219.2' )<br />
$c->dbg = array( 'statistics' => 1, 'request' => 1, 'response' => 1 );<br />
<br />
If you know that the problem applies for a particular user, and is only related to what happens to authenticated requests, you could use a different variable for the user, as follows:<br />
<br />
$c->dbg = array(); // default debug logging to off<br />
if ( (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] == 'andrew')<br />
|| (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] == 'andrew') )<br />
$c->dbg = array( 'statistics' => 1, 'request' => 1, 'response' => 1 );<br />
<br />
=== Debug Config Options ===<br />
If you want to debug you have to set to 1 one of this variable<br />
and then you can look at the error log of PHP for example :<br />
$c->dbg["ALL"] = 1;<br />
and then:<br />
tail -f /var/log/apache2/error_log<br />
(or wherever PHP errors are logged).<br />
<br />
==== List of Config Options ====<br />
$c->dbg["ALL"] = 1;<br />
$c->dbg["request"] = 1; // The request headers & content<br />
$c->dbg['response'] = 1; // The response headers & content<br />
$c->dbg["component"] = 1;<br />
$c->dbg['caldav'] = 1;<br />
$c->dbg['querystring'] = 1;<br />
$c->dbg['icalendar'] = 1;<br />
$c->dbg['ics'] = 1;<br />
$c->dbg['login'] = 1;<br />
$c->dbg['options'] = 1;<br />
$c->dbg['get'] = 1;<br />
$c->dbg['put'] = 1;<br />
$c->dbg['propfind'] = 1;<br />
$c->dbg['proppatch'] = 1;<br />
$c->dbg['report'] = 1;<br />
$c->dbg['principal'] = 1;<br />
$c->dbg['user'] = 1;<br />
$c->dbg['vevent'] = 1;<br />
$c->dbg['rrule'] = 1;<br />
<br />
By default 'davical' used to prefix debugging messages but will only need to change<br />
if you are running multiple DAViCal servers logging into the same place.<br />
$c->sysabbr = 'davical';<br />
<br />
As yet we only support quite a limited range of options. When we see clients looking<br />
for more than this we will work to support them further. So we can see clients trying<br />
to use such methods there is a configuration option to override and allow lying about<br />
what is available.<br />
<br />
Example:<br />
$c->override_allowed_methods = "PROPPATCH,OPTIONS, GET, HEAD, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR, LOCK, UNLOCK, REPORT"<br />
<br />
'''Don't muck with this unless you are trying to write code to support a new option!'''<br />
$c->override_allowed_methods = "PROPPATCH, OPTIONS, GET, HEAD, PUT, DELETE, PROPFIND, MKCOL, MKCALENDAR, LOCK, UNLOCK, REPORT"<br />
<br />
Source: [https://gitlab.com/davical-project/davical/blob/master/config/debug-config.php debug-config.php]</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.7&diff=3769Release Notes/1.1.72018-01-16T22:33:02Z<p>Fsfs: </p>
<hr />
<div>{{released|2018-01-12|1.1.6}}{{TOCright}}<br />
<br />
This release implements management of calendar delegations via CalDAV, for example with iCal. It also makes some necessary changes to keep the Debian packages buildable.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.59 is available but not required (no functional changes for DAViCal)<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Apache config: add PT to follow alias<br />
* UI: create external bindings with type set (fix: #132)<br />
* Fix group-member-set and group-membership queries on proxy resources<br />
* Correctly handle durations without units like "PT"<br />
* Fix common etag match code, use it everywhere<br />
<br />
=== Other Changes ===<br />
* Document $c->hide_bound and $c->disable_caldav_proxy_propfind_collections config options, as well as the most important debug options<br />
* Advertise support for CalDAV principal-match REPORT<br />
* Implement managing calendar delegations from iCal (caldav-proxy)<br />
* LDAP sync: reactivate users present in LDAP, use php ldap explode in order to be compatible with any DN (!42, !43)<br />
* Improved handling of modifications to attendees' instances of events<br />
* Various updates to API documentation and code cleanup<br />
* Switch to doxygen for api docs<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.7: [https://www.davical.org/downloads/davical_1.1.7.orig.tar.xz https://www.davical.org/downloads/davical_1.1.7.orig.tar.xz]<br />
<br />
AWL 0.59: [https://www.davical.org/downloads/awl_0.59.orig.tar.xz https://www.davical.org/downloads/awl_0.59.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* fetching of newly-added external calendars ([https://gitlab.com/davical-project/davical/commit/81874649f7f32798acf8d6de59b870865f8c2153 handle initial NULL of collection.modified])<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3768Main Page2018-01-15T15:39:42Z<p>Fsfs: link 1.1.7</p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.7|1.1.7]].</div>Fsfshttps://wiki.davical.org/index.php?title=Downloading&diff=3767Downloading2018-01-15T15:38:55Z<p>Fsfs: link to www.davical.org/downloads/</p>
<hr />
<div>{{TOCright}}<br />
The latest DAViCal release is generally available for download from:<br />
https://www.davical.org/downloads/<br />
<br />
Andrew's Web Libraries, which DAViCal depends on, is available from the same location.<br />
<br />
See [[Developer Setup]] for cloning and running from git repositories.<br />
<br />
== Pre-built Distribution Files ==<br />
<br />
=== Debian / Ubuntu ===<br />
<br />
==== Debian ====<br />
<br />
Jessie has AWL 0.55 and DAViCal 1.1.3.1, while Stretch has AWL 0.57 and DAViCal 1.1.5. Packages can be installed directly with apt-get. You may want to consider the backports repository for newer versions and bugfixes.<br />
<br />
==== Raspberry Pi2 Raspbian ====<br />
<br />
You can find a very detailed how-to here: [[Raspberry_Pi2_Raspbian]].<br />
<br />
==== Ubuntu ====<br />
<br />
DAViCal and AWL have been synced from Debian and are present already.<br />
<br />
==== Older / Other DEB-based releases ====<br />
<br />
While older DAViCal packages are present in several releases of Ubuntu and Debian, you may want to consider installing the most recent version to benefit from bug and compatibility fixes. For this purpose, we maintain a '''davical-current''' repository, which can be added to your sources.list through a three-step process described at '''https://people.debian.org/~fsfs/davical-current/setup.sh'''<br />
<br />
=== Gentoo ===<br />
<br />
An ebuild should be available within the 'sunrise' overlay.<br />
<br />
=== Red Hat and other RPM-based releases ===<br />
<br />
It is possible that DAViCal will appear in the Fedora repository at some point. In the meantime, it is probably best to install from the sources.<br />
<br />
=== FreeBSD ===<br />
<br />
There are ports of DAViCal which are updated from time to time.<br />
<br />
== Installing from Source ==<br />
<br />
=== Tar archives ===<br />
DAViCal is not a compiled package, so there is generally very little to be gained from installing from source, however you can do this by downloading the relevant .tar.xz files (both DAViCal and AWL) from the above location.<br />
<br />
=== Installing from Git ===<br />
<br />
If you want to follow the cutting edge and help develop and test DAViCal, you can clone from the above mentioned gitlab repositories as follows:<br />
git clone https://gitlab.com/davical-project/awl.git<br />
git clone https://gitlab.com/davical-project/davical.git<br />
<br />
For more information read [[Developer Setup]] and [[Helping with DAViCal]].</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.7&diff=3766Release Notes/1.1.72018-01-15T15:33:31Z<p>Fsfs: Created page with "{{released|2018-01-12|1.1.6}}{{TOCright}} This release implements management of calendar delegations via CalDAV, for example with iCal. It also makes some necessary changes t..."</p>
<hr />
<div>{{released|2018-01-12|1.1.6}}{{TOCright}}<br />
<br />
This release implements management of calendar delegations via CalDAV, for example with iCal. It also makes some necessary changes to keep the Debian packages buildable.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Upgrades of Other Software ===<br />
* AWL 0.59 is available but not required (no functional changes for DAViCal)<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Apache config: add PT to follow alias<br />
* UI: create external bindings with type set (fix: #132)<br />
* Fix group-member-set and group-membership queries on proxy resources<br />
* Correctly handle durations without units like "PT"<br />
* Fix common etag match code, use it everywhere<br />
<br />
=== Other Changes ===<br />
* Document $c->hide_bound and $c->disable_caldav_proxy_propfind_collections config options, as well as the most important debug options<br />
* Advertise support for CalDAV principal-match REPORT<br />
* Implement managing calendar delegations from iCal (caldav-proxy, )<br />
* LDAP sync: reactivate users present in LDAP, use php ldap explode in order to be compatible with any DN (!42, !43)<br />
* Improved handling of modifications to attendees' instances of events<br />
* Various updates to API documentation and code cleanup<br />
* Switch to doxygen for api docs<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.7: [https://www.davical.org/downloads/davical_1.1.7.orig.tar.xz https://www.davical.org/downloads/davical_1.1.7.orig.tar.xz]<br />
<br />
AWL 0.59: [https://www.davical.org/downloads/awl_0.59.orig.tar.xz https://www.davical.org/downloads/awl_0.59.orig.tar.xz]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* fetching of newly-added external calendars ([https://gitlab.com/davical-project/davical/commit/81874649f7f32798acf8d6de59b870865f8c2153 handle initial NULL of collection.modified])<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=RFC_Compliance/WebDAV_Tickets&diff=3765RFC Compliance/WebDAV Tickets2018-01-07T09:07:00Z<p>Fsfs: /* Manually Adding Tickets */ web UI is there</p>
<hr />
<div>{{Languages|RFC Compliance/WebDAV Tickets}}<br />
== Ticket-Based Access Control in DAViCal ==<br />
<br />
From 0.9.9 DAViCal will include an implementation of some elements of {{Ticket ACLs for WebDAV}}.<br />
<br />
DAViCal will generally be following the line taken by Cosmo's implementation of this spec, which is lightly documented [http://chandlerproject.org/Projects/CosmoTickets here]<br />
<br />
=== Deviations from Spec ===<br />
<br />
In order to promote interoperability, DAViCal aligns with Cosmo as much as possible. The spec differences are as follows:<br />
<br />
* Visit limits are not supported. Regardless of what is requested, DAViCal always returns a value of infinity. Cosmo (& Xythos, apparently) behave the same way. In DAViCal the <visit> parameter is optional, which may not be the case in Cosmo & Xythos.<br />
<br />
* The custom XML namespace http://www.xythos.com/namespaces/StorageServer is used for XML elements defined by the spec (ticketdiscovery, ticketinfo, id and timeout). While DAViCal will ''accept'' requests with ticketdiscovery, ticketinfo, id and timeout in either the 'DAV:' or 'http://www.xythos.com/namespaces/StorageServer' namespaces, the 'http://www.xythos.com/namespaces/StorageServer' namespace will be used on all responses.<br />
<br />
* If different ticket ids are included in the request headers and URL, the id in the URL is used (the one from the Ticket header is ignored, even if the ticket identified by the URL is not found by the server). <br />
<br />
* If a DELTICKET request is received for a resource on which the requesting user does not have appropriate access privileges, DAViCal returns a 403 (Forbidden) response. Example: User A owns resource X and creates ticket 123 on it. User B does not have privileges on resource X but attempts to delete the ticket.<br />
<br />
* In order to issue a MKTICKET or DELTICKET, DAViCal requires the requesting user to have DAV::bind / DAV::unbind privilege on the target collection, or on the containing collection (for resources). In the case of a DELTICKET, they can also delete the ticket if they own it, regardless of their privileges to the underlying resource. Cosmo only allows the owner or root to perform these actions.<br />
<br />
* The draft does not specify what might control access to the tickets. DAViCal will return all tickets for a PROPFIND of the ticketdiscovery property if the accessing user has the DAV::read-acl privilege to the resource. Otherwise only tickets actually owned by the accessing user, or which are specified in the request header, will be listed.<br />
<br />
== Current Status ==<br />
<br />
{|<br />
|-<br />
!style="text-align:left"|Section<br />
!style="text-align:left"|Feature<br />
!Requirement<br />
!Status towards release of 0.9.9<br />
|-<br />
|style="vertical-align:top"|2.<br />
|MKTICKET method<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|-<br />
|style="vertical-align:top"|2.<br />
|ticket header/parameter permission handling<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}.<br />
|-<br />
|style="vertical-align:top"|2.<br />
|PROPFIND ticketdiscovery<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|-<br />
|style="vertical-align:top"|2.<br />
|DELTICKET method<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|}<br />
<br />
== Client Support ==<br />
<br />
In theory no client-side support is needed, <s>if DAViCal had elements in the administrative UI that would provide an interface to the tickets</s>, as DAViCal has a section in the administrative UI dedicated to managing tickets.<br />
<br />
For now the only client that is believed to possibly provide an interface to issuing tickets is Chandler, although possibly Chandler does not attempt this through the MKTICKET interface, which would be truly sad.<br />
<br />
The work for adding Ticket support to DAViCal was undertaken under contract from [http://dotcal.com/ dotCal] who use tickets as a component of their mechanisms for providing access to otherwise private calendars, and who are in the process of migrating their backend server from Cosmo to a DAViCal with expected completion by the end of March 2010.<br />
<br />
== Examples ==<br />
=== Successful MKTICKET on collection ===<br />
Request:<br />
MKTICKET /caldav.php/user1/home/ HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<D:ticketinfo xmlns:D="DAV:" ><br />
<D:privilege><D:read/></D:privilege><br />
<D:timeout>Second-3600</D:timeout><br />
<D:visits>1</D:visits><br />
</D:ticketinfo><br />
<br />
Response:<br />
HTTP/1.1 200 OK<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Ticket: Oiai12eS<br />
ETag: "5e7528c8e464f8cd4b7b7671e194659d"<br />
Content-Length: 537<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<prop xmlns="DAV:" xmlns:T="http://www.xythos.com/namespaces/StorageServer" xmlns:C="urn:ietf:params:xml:ns:caldav"><br />
<T:ticketdiscovery><br />
<T:ticketinfo><br />
<T:id>Oiai12eS</T:id><br />
<owner><br />
<href>/caldav.php/user1/</href><br />
</owner><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<T:timeout>Second-3600</T:timeout><br />
<T:visits>infinity</T:visits><br />
</T:ticketinfo><br />
</T:ticketdiscovery><br />
</prop><br />
<br />
=== Successful MKTICKET on resource ===<br />
Request:<br />
MKTICKET /caldav.php/user1/home/4aaf8f37-f232-4c8e-a72e-e171d4c4fe54.ics HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<D:ticketinfo xmlns:D="DAV:" ><br />
<D:privilege><D:write/></D:privilege><br />
<D:timeout>Second-86400</D:timeout><br />
</D:ticketinfo><br />
<br />
Response:<br />
HTTP/1.1 200 OK<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Ticket: c4X8Qnox<br />
ETag: "3795b8fb42a81c589077f6a63e86a1ce"<br />
Content-Length: 622<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<prop xmlns="DAV:" xmlns:T="http://www.xythos.com/namespaces/StorageServer" xmlns:C="urn:ietf:params:xml:ns:caldav"><br />
<T:ticketdiscovery><br />
<T:ticketinfo><br />
<T:id>c4X8Qnox</T:id><br />
<owner><br />
<href>/caldav.php/user1/</href><br />
</owner><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<write/><br />
<write-properties/><br />
<write-content/><br />
<bind/><br />
<unbind/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<T:timeout>Second-86400</T:timeout><br />
<T:visits>infinity</T:visits><br />
</T:ticketinfo><br />
</T:ticketdiscovery><br />
</prop><br />
<br />
=== Failed MKTICKET - insufficient privileges ===<br />
Response:<br />
HTTP/1.1 403 Forbidden<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Content-Length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<error xmlns="DAV:"><br />
<need-privileges><br />
<resource><br />
<href>/caldav.php/user4/home/</href><br />
<privilege><br />
<bind/><br />
</privilege><br />
</resource><br />
</need-privileges><br />
</error><br />
<br />
=== Successful PROPFIND for ticketdiscovery ===<br />
Request:<br />
PROPFIND /caldav.php/user1/home/ HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8"?><br />
<propfind xmlns="DAV:"<br />
xmlns:T="http://www.xythos.com/namespaces/StorageServer"><br />
<prop><br />
<current-user-privilege-set/><br />
<T:ticketdiscovery/><br />
</prop><br />
</propfind><br />
Response:<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<multistatus xmlns="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"<br />
xmlns:TKT="http://www.xythos.com/namespaces/StorageServer"><br />
<response><br />
<href>/caldav.php/user1/home/</href><br />
<propstat><br />
<prop><br />
<current-user-privilege-set><br />
<privilege><br />
<all/><br />
</privilege><br />
<privilege><br />
<read/><br />
</privilege><br />
<privilege><br />
<unlock/><br />
</privilege><br />
<privilege><br />
<read-acl/><br />
</privilege><br />
<privilege><br />
<read-current-user-privilege-set/><br />
</privilege><br />
<privilege><br />
<write-acl/><br />
</privilege><br />
<privilege><br />
<C:read-free-busy/><br />
</privilege><br />
<privilege><br />
<write/><br />
</privilege><br />
<privilege><br />
<write-properties/><br />
</privilege><br />
<privilege><br />
<write-content/><br />
</privilege><br />
<privilege><br />
<bind/><br />
</privilege><br />
<privilege><br />
<unbind/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver-invite/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver-reply/><br />
</privilege><br />
<privilege><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<privilege><br />
<C:schedule-send/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-invite/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-reply/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-freebusy/><br />
</privilege><br />
</current-user-privilege-set><br />
<TKT:ticketdiscovery><br />
<TKT:ticketinfo><br />
<TKT:id>Oiai12eS</TKT:id><br />
<TKT:owner><br />
<href>/caldav.php/user1/</href><br />
</TKT:owner><br />
<TKT:timeout>Seconds-3573</TKT:timeout><br />
<TKT:visits>infinity</TKT:visits><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
</TKT:ticketinfo><br />
</TKT:ticketdiscovery><br />
</prop><br />
<status>HTTP/1.1 200 OK</status><br />
</propstat><br />
</response><br />
</multistatus><br />
<br />
=== Successful DELTICKET ===<br />
Request:<br />
DELTICKET /caldav.php/user1/home/4aaf8f37-f232-4c8e-a72e-e171d4c4fe54.ics HTTP/1.1<br />
Host: regression.host<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
Response:<br />
HTTP/1.1 204 No Content<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Content-Length: 0<br />
Content-Type: text/plain; charset="utf-8"<br />
<br />
=== Manually Adding Tickets To The Database ===<br />
<br />
If you don't have a client that supports tickets and you don't want to use the Web GUI, you can also manipulate the database directly and create your own tickets via the psql command line interface like so:<br />
<br />
# Read / FreeBusy<br />
insert into access_ticket <br />
( ticket_id, dav_owner_id, privileges, target_collection_id )<br />
values (<br />
'abcdefg',<br />
5,<br />
'000000000001001000100001',<br />
25<br />
);<br />
<br />
where <br />
<br />
* "abcdefg" is your hard-to-guess random string of characters<br />
* 5 is the principal_id of the user who owns the collection<br />
* 25 is the collection_id of the collection you're granting access to<br />
* the privileges string is a bit(24) string that represents the permissions you want to grant. <br />
<br />
(See some example values in the privileges column of your own "grants" table, or see the function function privilege_to_bits in inc/always.php.in)<br />
<br />
Someone can then access your collection with the ticket, using the URL structure described in [[Public collections]].</div>Fsfshttps://wiki.davical.org/index.php?title=RFC_Compliance/WebDAV_Tickets&diff=3764RFC Compliance/WebDAV Tickets2018-01-07T09:04:22Z<p>Fsfs: /* Client Support */ we have a UI now</p>
<hr />
<div>{{Languages|RFC Compliance/WebDAV Tickets}}<br />
== Ticket-Based Access Control in DAViCal ==<br />
<br />
From 0.9.9 DAViCal will include an implementation of some elements of {{Ticket ACLs for WebDAV}}.<br />
<br />
DAViCal will generally be following the line taken by Cosmo's implementation of this spec, which is lightly documented [http://chandlerproject.org/Projects/CosmoTickets here]<br />
<br />
=== Deviations from Spec ===<br />
<br />
In order to promote interoperability, DAViCal aligns with Cosmo as much as possible. The spec differences are as follows:<br />
<br />
* Visit limits are not supported. Regardless of what is requested, DAViCal always returns a value of infinity. Cosmo (& Xythos, apparently) behave the same way. In DAViCal the <visit> parameter is optional, which may not be the case in Cosmo & Xythos.<br />
<br />
* The custom XML namespace http://www.xythos.com/namespaces/StorageServer is used for XML elements defined by the spec (ticketdiscovery, ticketinfo, id and timeout). While DAViCal will ''accept'' requests with ticketdiscovery, ticketinfo, id and timeout in either the 'DAV:' or 'http://www.xythos.com/namespaces/StorageServer' namespaces, the 'http://www.xythos.com/namespaces/StorageServer' namespace will be used on all responses.<br />
<br />
* If different ticket ids are included in the request headers and URL, the id in the URL is used (the one from the Ticket header is ignored, even if the ticket identified by the URL is not found by the server). <br />
<br />
* If a DELTICKET request is received for a resource on which the requesting user does not have appropriate access privileges, DAViCal returns a 403 (Forbidden) response. Example: User A owns resource X and creates ticket 123 on it. User B does not have privileges on resource X but attempts to delete the ticket.<br />
<br />
* In order to issue a MKTICKET or DELTICKET, DAViCal requires the requesting user to have DAV::bind / DAV::unbind privilege on the target collection, or on the containing collection (for resources). In the case of a DELTICKET, they can also delete the ticket if they own it, regardless of their privileges to the underlying resource. Cosmo only allows the owner or root to perform these actions.<br />
<br />
* The draft does not specify what might control access to the tickets. DAViCal will return all tickets for a PROPFIND of the ticketdiscovery property if the accessing user has the DAV::read-acl privilege to the resource. Otherwise only tickets actually owned by the accessing user, or which are specified in the request header, will be listed.<br />
<br />
== Current Status ==<br />
<br />
{|<br />
|-<br />
!style="text-align:left"|Section<br />
!style="text-align:left"|Feature<br />
!Requirement<br />
!Status towards release of 0.9.9<br />
|-<br />
|style="vertical-align:top"|2.<br />
|MKTICKET method<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|-<br />
|style="vertical-align:top"|2.<br />
|ticket header/parameter permission handling<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}.<br />
|-<br />
|style="vertical-align:top"|2.<br />
|PROPFIND ticketdiscovery<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|-<br />
|style="vertical-align:top"|2.<br />
|DELTICKET method<br />
|style="text-align:center"|{{MUST}}<br />
|{{Done|0.9.9}}<br />
|}<br />
<br />
== Client Support ==<br />
<br />
In theory no client-side support is needed, <s>if DAViCal had elements in the administrative UI that would provide an interface to the tickets</s>, as DAViCal has a section in the administrative UI dedicated to managing tickets.<br />
<br />
For now the only client that is believed to possibly provide an interface to issuing tickets is Chandler, although possibly Chandler does not attempt this through the MKTICKET interface, which would be truly sad.<br />
<br />
The work for adding Ticket support to DAViCal was undertaken under contract from [http://dotcal.com/ dotCal] who use tickets as a component of their mechanisms for providing access to otherwise private calendars, and who are in the process of migrating their backend server from Cosmo to a DAViCal with expected completion by the end of March 2010.<br />
<br />
== Examples ==<br />
=== Successful MKTICKET on collection ===<br />
Request:<br />
MKTICKET /caldav.php/user1/home/ HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<D:ticketinfo xmlns:D="DAV:" ><br />
<D:privilege><D:read/></D:privilege><br />
<D:timeout>Second-3600</D:timeout><br />
<D:visits>1</D:visits><br />
</D:ticketinfo><br />
<br />
Response:<br />
HTTP/1.1 200 OK<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Ticket: Oiai12eS<br />
ETag: "5e7528c8e464f8cd4b7b7671e194659d"<br />
Content-Length: 537<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<prop xmlns="DAV:" xmlns:T="http://www.xythos.com/namespaces/StorageServer" xmlns:C="urn:ietf:params:xml:ns:caldav"><br />
<T:ticketdiscovery><br />
<T:ticketinfo><br />
<T:id>Oiai12eS</T:id><br />
<owner><br />
<href>/caldav.php/user1/</href><br />
</owner><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<T:timeout>Second-3600</T:timeout><br />
<T:visits>infinity</T:visits><br />
</T:ticketinfo><br />
</T:ticketdiscovery><br />
</prop><br />
<br />
=== Successful MKTICKET on resource ===<br />
Request:<br />
MKTICKET /caldav.php/user1/home/4aaf8f37-f232-4c8e-a72e-e171d4c4fe54.ics HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<D:ticketinfo xmlns:D="DAV:" ><br />
<D:privilege><D:write/></D:privilege><br />
<D:timeout>Second-86400</D:timeout><br />
</D:ticketinfo><br />
<br />
Response:<br />
HTTP/1.1 200 OK<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Ticket: c4X8Qnox<br />
ETag: "3795b8fb42a81c589077f6a63e86a1ce"<br />
Content-Length: 622<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<prop xmlns="DAV:" xmlns:T="http://www.xythos.com/namespaces/StorageServer" xmlns:C="urn:ietf:params:xml:ns:caldav"><br />
<T:ticketdiscovery><br />
<T:ticketinfo><br />
<T:id>c4X8Qnox</T:id><br />
<owner><br />
<href>/caldav.php/user1/</href><br />
</owner><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<write/><br />
<write-properties/><br />
<write-content/><br />
<bind/><br />
<unbind/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<T:timeout>Second-86400</T:timeout><br />
<T:visits>infinity</T:visits><br />
</T:ticketinfo><br />
</T:ticketdiscovery><br />
</prop><br />
<br />
=== Failed MKTICKET - insufficient privileges ===<br />
Response:<br />
HTTP/1.1 403 Forbidden<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Content-Length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<error xmlns="DAV:"><br />
<need-privileges><br />
<resource><br />
<href>/caldav.php/user4/home/</href><br />
<privilege><br />
<bind/><br />
</privilege><br />
</resource><br />
</need-privileges><br />
</error><br />
<br />
=== Successful PROPFIND for ticketdiscovery ===<br />
Request:<br />
PROPFIND /caldav.php/user1/home/ HTTP/1.1<br />
Host: regression.host<br />
Content-length: xxx<br />
Content-Type: text/xml; charset="utf-8"<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
<br />
<?xml version="1.0" encoding="utf-8"?><br />
<propfind xmlns="DAV:"<br />
xmlns:T="http://www.xythos.com/namespaces/StorageServer"><br />
<prop><br />
<current-user-privilege-set/><br />
<T:ticketdiscovery/><br />
</prop><br />
</propfind><br />
Response:<br />
<?xml version="1.0" encoding="utf-8" ?><br />
<multistatus xmlns="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"<br />
xmlns:TKT="http://www.xythos.com/namespaces/StorageServer"><br />
<response><br />
<href>/caldav.php/user1/home/</href><br />
<propstat><br />
<prop><br />
<current-user-privilege-set><br />
<privilege><br />
<all/><br />
</privilege><br />
<privilege><br />
<read/><br />
</privilege><br />
<privilege><br />
<unlock/><br />
</privilege><br />
<privilege><br />
<read-acl/><br />
</privilege><br />
<privilege><br />
<read-current-user-privilege-set/><br />
</privilege><br />
<privilege><br />
<write-acl/><br />
</privilege><br />
<privilege><br />
<C:read-free-busy/><br />
</privilege><br />
<privilege><br />
<write/><br />
</privilege><br />
<privilege><br />
<write-properties/><br />
</privilege><br />
<privilege><br />
<write-content/><br />
</privilege><br />
<privilege><br />
<bind/><br />
</privilege><br />
<privilege><br />
<unbind/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver-invite/><br />
</privilege><br />
<privilege><br />
<C:schedule-deliver-reply/><br />
</privilege><br />
<privilege><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
<privilege><br />
<C:schedule-send/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-invite/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-reply/><br />
</privilege><br />
<privilege><br />
<C:schedule-send-freebusy/><br />
</privilege><br />
</current-user-privilege-set><br />
<TKT:ticketdiscovery><br />
<TKT:ticketinfo><br />
<TKT:id>Oiai12eS</TKT:id><br />
<TKT:owner><br />
<href>/caldav.php/user1/</href><br />
</TKT:owner><br />
<TKT:timeout>Seconds-3573</TKT:timeout><br />
<TKT:visits>infinity</TKT:visits><br />
<privilege><br />
<read/><br />
<read-current-user-privilege-set/><br />
<C:read-free-busy/><br />
<C:schedule-query-freebusy/><br />
</privilege><br />
</TKT:ticketinfo><br />
</TKT:ticketdiscovery><br />
</prop><br />
<status>HTTP/1.1 200 OK</status><br />
</propstat><br />
</response><br />
</multistatus><br />
<br />
=== Successful DELTICKET ===<br />
Request:<br />
DELTICKET /caldav.php/user1/home/4aaf8f37-f232-4c8e-a72e-e171d4c4fe54.ics HTTP/1.1<br />
Host: regression.host<br />
Authorization: Basic dGVzdHVzZXI6dGVzdHVzZXI=<br />
Response:<br />
HTTP/1.1 204 No Content<br />
Date: Dow, 01 Jan 2000 00:00:00 GMT<br />
DAV: 1, 2, access-control, calendar-access, calendar-schedule, extended-mkcol, calendar-proxy<br />
Content-Length: 0<br />
Content-Type: text/plain; charset="utf-8"<br />
<br />
=== Manually Adding Tickets ===<br />
<br />
If you don't have a client that supports tickets, but don't mind manually manipulating the database, you can create your own tickets via the psql command line interface until DAViCal has support for doing this in the Web GUI.<br />
<br />
# Read / FreeBusy<br />
insert into access_ticket <br />
( ticket_id, dav_owner_id, privileges, target_collection_id )<br />
values (<br />
'abcdefg',<br />
5,<br />
'000000000001001000100001',<br />
25<br />
);<br />
<br />
where <br />
<br />
* "abcdefg" is your hard-to-guess random string of characters<br />
* 5 is the principal_id of the user who owns the collection<br />
* 25 is the collection_id of the collection you're granting access to<br />
* the privileges string is a bit(24) string that represents the permissions you want to grant. <br />
<br />
(See some example values in the privileges column of your own "grants" table, or see the function function privilege_to_bits in inc/always.php.in)<br />
<br />
Someone can then access your collection with the ticket, using the URL structure described in [[Public collections]].</div>Fsfshttps://wiki.davical.org/index.php?title=Problems_and_Solutions&diff=3763Problems and Solutions2017-11-29T16:14:59Z<p>Fsfs: </p>
<hr />
<div>{{Languages|Problems and Solutions}}<br />
{{TOCright}} <br />
<br />
==Installation==<br />
<br />
=== Database-script fails because of missing libraries (No Perl YAML) ===<br />
<br />
During the installation process DAViCal runs the database upgrade script in order to apply the correct permissions for the application and dba users to the database tables and sequences. The most common reason that this program might not work is that you don't have the YAML library for Perl installed.<br />
<br />
For Debian and related distributions you should install the ''libyaml-perl'' and ''libdbd-pg-perl'' packages - they should arealdy be there if you installed the .deb because it is a dependency.<br />
<br />
For RedHat and related distributions there should be a simple way to find an RPM of the package.<br />
<br />
Otherwise you should visit CPAN and install the YAML libraries manually.<br />
<br />
* Note: this error can also occur on Fedora systems even though YAML and DBD::Pg are installed. Type ''"yum install -y perl-YAML perl-DBD-Pg"'' (as root) to install them if they're not already present.<br />
* Note: on OpenBSD 4.8 the DBI module may need to be installed along with YAML and DBD::Pg.<br />
<br />
=== Unix Socket Directory ===<br />
<br />
The PostgreSQL default for the unix_socket_directory variable is ''/tmp''. DAViCal expects the Debian path of ''/var/run/postgresql''. Other distributions and bugs in Debian/Ubuntu can lead you to get the wrong path. Change the ''unix_socket_directory'' variable in ''/etc/postgresql/8.4/main/postgresql.conf''.<br />
<br />
The error message that would be triggered by this would look something like:<br />
DBI connect('dbname=davical','davical_dba',...) failed: could not connect to server: '''No such file or directory''' <br />
Is the server running locally and accepting <br />
connections on '''Unix domain socket''' "'''/var/run/postgresql/'''.s.PGSQL.5432"? at /usr/share/davical/dba/update-davical-database line 244 <br />
Can't connect to database davical at /usr/share/davical/dba/update-davical-database line 244<br />
<br />
You will see this error if the user you are trying to run the <pre>dba/create_database.sh</pre> script as cannot access the database in order to create database users for the application and create the 'davical' database.<br />
<br />
=== No Database Rights ===<br />
<br />
There are several variations on resolving the issue:<br />
* Database on Local Server (you need to grant access to it)<br />
* Database on Remote Server (you need to tell the script where it is)<br />
<br />
==== Database on Local Server ====<br />
If the database for DAViCal is on the local server then you will need to edit the pg_hba.conf file to give appropriate permissions to the database administration user (usually 'davical_dba') as well as giving permissions to the application user (usually 'davical_app').<br />
<br />
Note that this only gives permissions for those users to connect to the database. DAViCal will restrict the rights of those database users to the specific minimum access needed for them to do their jobs. The davical_dba user does not need rights to create databases or users, but it does need to own all the tables.<br />
<br />
The ''dba/create_database.sh'' script will need to be run by a user who '''does''' have the right to create users and databases, however. Normally this is the 'postgres' user.<br />
<br />
==== Database on Remote Server or non-default port ====<br />
<br />
If the database is on a remote server then (as well as having to grant permissions, as above) you will need to set a few environment variables (PGPORT, PGHOST, PGCLUSTER) in order that the correct database server is used. Also check out the User Contributions for a modified version of the ''create_database.sh'' script.<br />
<br />
===I have to log in to every page===<br />
<br />
This indicates that your browser is not getting or accepting the session cookie for some reason. The cause can be several things:<br />
# There could be an error message coming from PHP before it sends the "Cookie" header back. Look at the source of the page, or in the webserver error log for clues. Take care not to add any new line characters after ?> in the config file in /etc/davical/*-conf.php! If you have extra characters after the ?> at the end of your DAViCal configuration file you need to remove them. While you're at it, remove the ?> as well so it doesn't happen again! The problem is that this causes the output to the browser to be started before DAViCal has sent it's session cookie. So the browser never receives the session cookie, and never actually manages to log in for more than the single page.<br />
# Your browser might be rejecting the cookie. Check in the privacy settings for your browser that it allows the cookie.<br />
<br />
===I get a blank page===<br />
<br />
Unfortunately several different reasons can trigger that behaviour.<br />
<br />
# <u>The most likely cause for this to happen is a typo in one of your PHP configuration pages</u>, like a missing semicolon or an unclosed hyphen.<br />
# If you didn't install DAViCal via a package manager check if you meet all the given [[DAViCal_Dependencies|dependencies]].<br />
# Check if you indeed created a configuration file for DAViCal (''/etc/davical/config.php''), also check your symbolic links in that directory if any.<br />
# Make sure your configuration is pointing to the right database and you're using the right database name and user.<br />
<br />
Finally, your PHP installation might be configured to only interpret scripts in a directory specifically dedicated to web contents (i.e. ''/var/www'') - which is good, btw.<br />
<br />
To solve this problem, you must allow PHP to interpret scripts from ''davical'' and ''awl''. To do so, just add the following line to a ''.htaccess'' file in ''/usr/share/davical/htdocs'' or to your VirtualHost configuration:<br />
<br />
<pre>php_admin_value open_basedir /usr/share/davical:/usr/share/awl/inc:/etc/davical<br />
</pre><br />
<br />
'''''Note:''''' Some sites mistakenly state that ''open_basedir "1"'' is sufficient. It is not, and is frequently the '''cause''' of this problem!<br />
<br />
==Authentication==<br />
<br />
===HTTP authentications fails on me===<br />
<br />
It seems the username for HTTP-auth needs to be lowercase, even though the username in the admin interface contains uppercase letters. See also [http://sourceforge.net/tracker/index.php?func=detail&aid=1709192&group_id=179845&atid=890785 this bug report].<br />
<br />
If you experience problems authenticating to caldav.php and you have mod_fastcgi or mod_fcgi, please see https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers how to pass on the necessary headers.<br />
<br />
==DB Errors During Upgrade==<br />
===Permission Denied errors during Upgrade===<br />
Check that you're not facing this [[Issues/Wrong table owner]].<br />
<br />
==Upgrading from Debian Lenny to Squeeze==<br />
<br />
If you get blank pages from the server and HTTP 500 errors in the access log but nothing in the error.log after an upgrade from Debian Lenny to Squeeze, check the php_value entries in the virtual host, as the format seems to have changed. The new entries have to look like:<br />
<br />
php_value include_path /usr/share/awl/inc<br />
php_flag magic_quotes_gpc off<br />
php_flag register_globals off<br />
php_value error_reporting "E_ALL & ~E_NOTICE"<br />
php_value default_charset "utf-8"</div>Fsfshttps://wiki.davical.org/index.php?title=Problems_and_Solutions&diff=3762Problems and Solutions2017-11-29T16:13:50Z<p>Fsfs: authentication issues: mod_fcgi needs to receive auth headers</p>
<hr />
<div>{{Languages|Problems and Solutions}}<br />
{{TOCright}} <br />
<br />
==Installation==<br />
<br />
=== Database-script fails because of missing libraries (No Perl YAML) ===<br />
<br />
During the installation process DAViCal runs the database upgrade script in order to apply the correct permissions for the application and dba users to the database tables and sequences. The most common reason that this program might not work is that you don't have the YAML library for Perl installed.<br />
<br />
For Debian and related distributions you should install the ''libyaml-perl'' and ''libdbd-pg-perl'' packages - they should arealdy be there if you installed the .deb because it is a dependency.<br />
<br />
For RedHat and related distributions there should be a simple way to find an RPM of the package.<br />
<br />
Otherwise you should visit CPAN and install the YAML libraries manually.<br />
<br />
* Note: this error can also occur on Fedora systems even though YAML and DBD::Pg are installed. Type ''"yum install -y perl-YAML perl-DBD-Pg"'' (as root) to install them if they're not already present.<br />
* Note: on OpenBSD 4.8 the DBI module may need to be installed along with YAML and DBD::Pg.<br />
<br />
=== Unix Socket Directory ===<br />
<br />
The PostgreSQL default for the unix_socket_directory variable is ''/tmp''. DAViCal expects the Debian path of ''/var/run/postgresql''. Other distributions and bugs in Debian/Ubuntu can lead you to get the wrong path. Change the ''unix_socket_directory'' variable in ''/etc/postgresql/8.4/main/postgresql.conf''.<br />
<br />
The error message that would be triggered by this would look something like:<br />
DBI connect('dbname=davical','davical_dba',...) failed: could not connect to server: '''No such file or directory''' <br />
Is the server running locally and accepting <br />
connections on '''Unix domain socket''' "'''/var/run/postgresql/'''.s.PGSQL.5432"? at /usr/share/davical/dba/update-davical-database line 244 <br />
Can't connect to database davical at /usr/share/davical/dba/update-davical-database line 244<br />
<br />
You will see this error if the user you are trying to run the <pre>dba/create_database.sh</pre> script as cannot access the database in order to create database users for the application and create the 'davical' database.<br />
<br />
=== No Database Rights ===<br />
<br />
There are several variations on resolving the issue:<br />
* Database on Local Server (you need to grant access to it)<br />
* Database on Remote Server (you need to tell the script where it is)<br />
<br />
==== Database on Local Server ====<br />
If the database for DAViCal is on the local server then you will need to edit the pg_hba.conf file to give appropriate permissions to the database administration user (usually 'davical_dba') as well as giving permissions to the application user (usually 'davical_app').<br />
<br />
Note that this only gives permissions for those users to connect to the database. DAViCal will restrict the rights of those database users to the specific minimum access needed for them to do their jobs. The davical_dba user does not need rights to create databases or users, but it does need to own all the tables.<br />
<br />
The ''dba/create_database.sh'' script will need to be run by a user who '''does''' have the right to create users and databases, however. Normally this is the 'postgres' user.<br />
<br />
==== Database on Remote Server or non-default port ====<br />
<br />
If the database is on a remote server then (as well as having to grant permissions, as above) you will need to set a few environment variables (PGPORT, PGHOST, PGCLUSTER) in order that the correct database server is used. Also check out the User Contributions for a modified version of the ''create_database.sh'' script.<br />
<br />
===I have to log in to every page===<br />
<br />
This indicates that your browser is not getting or accepting the session cookie for some reason. The cause can be several things:<br />
# There could be an error message coming from PHP before it sends the "Cookie" header back. Look at the source of the page, or in the webserver error log for clues. Take care not to add any new line characters after ?> in the config file in /etc/davical/*-conf.php! If you have extra characters after the ?> at the end of your DAViCal configuration file you need to remove them. While you're at it, remove the ?> as well so it doesn't happen again! The problem is that this causes the output to the browser to be started before DAViCal has sent it's session cookie. So the browser never receives the session cookie, and never actually manages to log in for more than the single page.<br />
# Your browser might be rejecting the cookie. Check in the privacy settings for your browser that it allows the cookie.<br />
<br />
===I get a blank page===<br />
<br />
Unfortunately several different reasons can trigger that behaviour.<br />
<br />
# <u>The most likely cause for this to happen is a typo in one of your PHP configuration pages</u>, like a missing semicolon or an unclosed hyphen.<br />
# If you didn't install DAViCal via a package manager check if you meet all the given [[DAViCal_Dependencies|dependencies]].<br />
# Check if you indeed created a configuration file for DAViCal (''/etc/davical/config.php''), also check your symbolic links in that directory if any.<br />
# Make sure your configuration is pointing to the right database and you're using the right database name and user.<br />
<br />
Finally, your PHP installation might be configured to only interpret scripts in a directory specifically dedicated to web contents (i.e. ''/var/www'') - which is good, btw.<br />
<br />
To solve this problem, you must allow PHP to interpret scripts from ''davical'' and ''awl''. To do so, just add the following line to a ''.htaccess'' file in ''/usr/share/davical/htdocs'' or to your VirtualHost configuration:<br />
<br />
<pre>php_admin_value open_basedir /usr/share/davical:/usr/share/awl/inc:/etc/davical<br />
</pre><br />
<br />
'''''Note:''''' Some sites mistakenly state that ''open_basedir "1"'' is sufficient. It is not, and is frequently the '''cause''' of this problem!<br />
<br />
==Authentication==<br />
<br />
===HTTP authentications fails on me===<br />
<br />
It seems the username for HTTP-auth needs to be lowercase, even though the username in the admin interface contains uppercase letters. See also [http://sourceforge.net/tracker/index.php?func=detail&aid=1709192&group_id=179845&atid=890785 this bug report].<br />
<br />
If you use mod_fastcgi or mod_fcgi, see https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers how to pass on the necessary headers for caldav.php to work.<br />
<br />
==DB Errors During Upgrade==<br />
===Permission Denied errors during Upgrade===<br />
Check that you're not facing this [[Issues/Wrong table owner]].<br />
<br />
==Upgrading from Debian Lenny to Squeeze==<br />
<br />
If you get blank pages from the server and HTTP 500 errors in the access log but nothing in the error.log after an upgrade from Debian Lenny to Squeeze, check the php_value entries in the virtual host, as the format seems to have changed. The new entries have to look like:<br />
<br />
php_value include_path /usr/share/awl/inc<br />
php_flag magic_quotes_gpc off<br />
php_flag register_globals off<br />
php_value error_reporting "E_ALL & ~E_NOTICE"<br />
php_value default_charset "utf-8"</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.6&diff=3761Release Notes/1.1.62017-10-25T20:45:39Z<p>Fsfs: mention a Postgres 10 bug</p>
<hr />
<div>{{released|2017-10-25|1.1.5}}{{TOCright}}<br />
<br />
This release adds Postgresql 10 compatibility and fixes a long-standing regression that prevented the synchronization of deleted events.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Database Upgrade ===<br />
* Run dba/upgrade-davical-database to get Postgresql-10-compatible functions<br />
<br />
=== Upgrades of Other Software ===<br />
* AWL 0.58 is required for best PHP7 compatibility<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Only one set of angle brackets around cannot-modify-protected-property error tag (#112)<br />
* Fix sync of deleted events when hide_todo is set (#100)<br />
* Modify hide_older_than logic to allow through recurring events (#103)<br />
* Fix modified mapping in the LDAP driver (#108)<br />
* Do not output unescaped XML special characters in if-match error message (#113)<br />
* Don't crash on principal-property-search REPORT without a proper match clause (#114)<br />
* Various CardDAV and CalDAV fixes highlighted by caldav-tester<br />
* Fix $SERVER variable names used when operating behind a proxy (!38)<br />
* Use modern class constructors that even work with PHP7 (fixes: #119)<br />
* Card search invalid when negate-condition="no" (#126)<br />
* Propagate database error to client (#127)<br />
* Add a log entry for login failures (#105)<br />
<br />
=== Other Changes ===<br />
* Updates to the test suites, which are mostly passing now<br />
* Improved logging in certain error conditions<br />
* Set $c->external_ua_string to fetch external calendars posing as a certain user-agent (#115)<br />
* Improve parsing of RFC5545 durations<br />
* Improve support for /principals/users/..., /principals/resources/... and /__uids__/... URLs<br />
* Improve use of create-database.sh and update-davical-database with non-default values (see #124)<br />
* Experimental $c->enable_attendee_group_resolution will resolve attendee group names to a list of individual users (from !21)<br />
* Add support for calendar-user-type (!39)<br />
* Update caldav_functions.sql for Postgresql 10 (#129)<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.6: [https://gitlab.com/davical-project/davical/tags/r1.1.6 https://gitlab.com/davical-project/davical/tags/r1.1.6]<br />
<br />
AWL 0.58: [https://gitlab.com/davical-project/awl/tags/r0.58 https://gitlab.com/davical-project/awl/tags/r0.58]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3760Main Page2017-10-25T17:48:58Z<p>Fsfs: 1.1.6 released</p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.6|1.1.6]].</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.6&diff=3759Release Notes/1.1.62017-10-25T17:46:55Z<p>Fsfs: Created page with "{{released|2017-10-25|1.1.5}}{{TOCright}} This release adds Postgresql 10 compatibility and fixes a long-standing regression that prevented the synchronization of deleted eve..."</p>
<hr />
<div>{{released|2017-10-25|1.1.5}}{{TOCright}}<br />
<br />
This release adds Postgresql 10 compatibility and fixes a long-standing regression that prevented the synchronization of deleted events.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Database Upgrade ===<br />
* Run dba/upgrade-davical-database to get Postgresql-10-compatible functions<br />
<br />
=== Upgrades of Other Software ===<br />
* AWL 0.58 is required for best PHP7 compatibility<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Only one set of angle brackets around cannot-modify-protected-property error tag (#112)<br />
* Fix sync of deleted events when hide_todo is set (#100)<br />
* Modify hide_older_than logic to allow through recurring events (#103)<br />
* Fix modified mapping in the LDAP driver (#108)<br />
* Do not output unescaped XML special characters in if-match error message (#113)<br />
* Don't crash on principal-property-search REPORT without a proper match clause (#114)<br />
* Various CardDAV and CalDAV fixes highlighted by caldav-tester<br />
* Fix $SERVER variable names used when operating behind a proxy (!38)<br />
* Use modern class constructors that even work with PHP7 (fixes: #119)<br />
* Card search invalid when negate-condition="no" (#126)<br />
* Propagate database error to client (#127)<br />
* Add a log entry for login failures (#105)<br />
<br />
=== Other Changes ===<br />
* Updates to the test suites, which are mostly passing now<br />
* Improved logging in certain error conditions<br />
* Set $c->external_ua_string to fetch external calendars posing as a certain user-agent (#115)<br />
* Improve parsing of RFC5545 durations<br />
* Improve support for /principals/users/..., /principals/resources/... and /__uids__/... URLs<br />
* Improve use of create-database.sh and update-davical-database with non-default values (see #124)<br />
* Experimental $c->enable_attendee_group_resolution will resolve attendee group names to a list of individual users (from !21)<br />
* Add support for calendar-user-type (!39)<br />
* Update caldav_functions.sql for Postgresql 10<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.6: [https://gitlab.com/davical-project/davical/tags/r1.1.6 https://gitlab.com/davical-project/davical/tags/r1.1.6]<br />
<br />
AWL 0.58: [https://gitlab.com/davical-project/awl/tags/r0.58 https://gitlab.com/davical-project/awl/tags/r0.58]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Move_events_to_a_different_collection&diff=3753Move events to a different collection2017-06-19T06:40:03Z<p>Fsfs: mention archive-old-events.php in preference to sql</p>
<hr />
<div>== using a script ==<br />
<br />
''archive-old-events.php'' (in the scripts directory in git, or included in the Debian package as /usr/share/davical/scripts/archive-old-events.php from 1.1.4) can be used by the administrator to move events into an archive collection.<br />
<br />
Call with something like e.g.:<br />
<br />
scripts/archive-old-events.php -a archive -p karora -c calendar -o P-93D<br />
<br />
Usage:<br />
archive-old-events.php [-s server.domain.tld] -p principal [other options]<br />
<br />
-a <archive_suffix> Appendeded (after a '-') to the name of the original calendar to give<br />
the archive calendar name. Default 'archive'.<br />
-o <duration> Archive events completed this much prior to the current<br />
date. Default 'P-190D'<br />
-p <principal> The name of the principal to do the archiving for (required).<br />
-c <collection> The name of the collection to do the archiving for (required).<br />
-s <server> The servername to be used to identify the DAViCal configuration file.<br />
<br />
-d xxx Enable debugging where 'xxx' is a comma-separated list of debug subsystems<br />
<br />
<br />
<br />
<br />
<br />
== Moving Events to an Archive Collection ==<br />
<br />
'''Note: this information may be outdated or incomplete.''' Use of the above script is recommended!<br />
<br />
To archive some old events by deleting them, or by moving them to another collection, you can use some SQL like the following.<br />
<br />
You need to update caldav_data table (calendar_item will be maintained<br />
with a trigger) with the new path, and the new collection_id.<br />
<br />
Here's an example moving non-repeating events, prior to the 1st of<br />
January, from /user1/home/ (collection_id 10 for me) to /user1/archive/<br />
(collection_id 1429 for me):<br />
<br />
<br />
UPDATE caldav_data<br />
SET dav_name = replace( caldav_data.dav_name, '/user1/home/', '/user1/archive/'),<br />
collection_id = 1429 <br />
FROM calendar_item<br />
WHERE caldav_data.dav_id = calendar_item.dav_id<br />
AND caldav_data.collection_id = 10<br />
AND rrule IS NULL<br />
AND dtstart < '2010-01-01';<br />
<br />
<br />
For that to work you would need to have created the 'archive' calendar<br />
first, of course, and then something like:<br />
<br />
SELECT dav_name, collection_id FROM collection<br />
WHERE dav_name IN ( '/user1/home/', '/user1/archive/');<br />
<br />
to find out the collection IDs.<br />
<br />
You could also replace the collection_id finding in above, but it does perhaps make the SQL a little more<br />
obscure...<br />
<br />
UPDATE caldav_data <br />
SET dav_name = replace( caldav_data.dav_name, '/user1/home/', '/user1/archive/'),<br />
collection_id = (SELECT collection_id FROM collection<br />
WHERE dav_name = '/user1/archive/') <br />
FROM calendar_item<br />
WHERE caldav_data.dav_id = calendar_item.dav_id<br />
AND caldav_data.collection_id = (SELECT collection_id FROM collection<br />
WHERE dav_name = '/user1/home/')<br />
AND rrule IS NULL<br />
AND dtstart < '2010-01-01';<br />
<br />
<br />
Unfortunately repeating events in this way is *a lot* more complicated,<br />
because you only want to move the ones that have finished, which means<br />
expanding all the instances and working out whether they have<br />
finished... It's probably easier to just manually move them in the<br />
calendar itself.</div>Fsfshttps://wiki.davical.org/index.php?title=Permissions&diff=3752Permissions2017-06-12T12:02:06Z<p>Fsfs: reference LDAP group sync settings, caldav scheduling is RFC now</p>
<hr />
<div>{{TOCright}}<br />
== Overview ==<br />
<br />
For a general overview on Users, Resources and Groups and some configuration examples please refer to the information given on the [http://davical.org/administration.php DAViCal project website]. This page here will only try to deliver some background information to the instructions given on the website.<br />
<br />
Essentially the permissions are divided into two parts, from a user perspective:<br />
<br />
* Groups - ways of grouping a set of users together.<br />
* Grants - ways of providing access to a user, or a group of users.<br />
<br />
DAViCal also implements a concept of "default privileges", so that as well as granting specific privileges to a user or group, you may grant privileges to 'everyone'.<br />
<br />
=== Grouping ===<br />
<br />
A 'group' is in effect any user, although in a normal installation these will be users who are specially set up to mediate between an individual and a set of permissions. The group (or someone with administrative rights to the group) controls who is a member. Groups may also be members of other groups, although multiple levels of nesting can add significant overhead and it is recommended that you keep this shallow.<br />
<br />
=== Granting ===<br />
<br />
The permissions which can be granted are fine-grained and directly map to the DAV privileges defined in RFC3744, and to the other privileges from CalDAV and so forth. All permissions are stored as a bitmap, so permission operations & tests are much simpler logical '''''AND''''' or '''''OR''''' operations.<br />
<br />
=== Collection-level Privileges ===<br />
<br />
While grants can still be applied between users, as with relationships in older DAViCal versions, then can now also be applied to collections, so a user might grant more public rights to one [calendar] collection, while restricting access to another.<br />
<br />
== Questions ==<br />
<br />
=== How do I make new users members of a default group on creation ===<br />
''Prior to 0.9.8 it was possible to make new users automatically be set up with some default relationships. How do I do this now?''<br />
* From 0.9.8 you should configure the targets of any default access to grant privileges by default. This is much more flexible, and means that an individual user might configure an individual calendar to have global access.<br />
* You can also configure the set of default privileges which are granted by new users (to everyone) by setting the [[Configuration/settings/default_privileges|'''$c->default_privileges''']] value in your configuration file with something like:<br />
$c->default_privileges = array('read-free-busy', 'schedule-deliver');<br />
(i.e. to allow free-busy access from anyone, which is the default). The names of all of the privileges which can be used in the array are listed below.<br />
<br />
Note that these default privileges are only what is assigned when a new principal (i.e. a user, group or resource) is created. If you change this default it won't apply to any previously created principals.<br />
<br />
=== How can I translate my LDAP Groups into DAViCal groups ===<br />
Since 0.9.9, the LDAP driver can sync LDAP groups to DAViCal: [[Configuration/Authentication_Settings/LDAP_groups]]<br />
<br />
=== Do members inherit the access rights of the group user? ===<br />
Yes. Group membership is transitive (each member of a group receives the privileges granted to that group) and additive (if you are a member of several groups, each granted different privileges to the same resource, your effective privileges will include all of the privileges granted to any of the groups you are a member of.<br />
<br />
So members of a 'resource administrators' group granted write access to a set of resources might also be members of a 'resource users' group which only has read access granted to it, and the administrators will receive read+write access as a result.<br />
<br />
=== Do other group members gain access to my collections? ===<br />
Group members will only gain access to your collections if you grant them access to your collections. They won't gain access by default. All access is granted either through explicit '''''Grants''''' by a collection or a principal, or through setting the default privileges on a collection or a principal.<br />
<br />
=== Further Reading ===<br />
<br />
Take a look at [[Permissions/Examples]] for some more examples of how to do particular things within the new permissions model, and look into [[Configuration/settings/default_privileges]] for details of setting the default privileges granted by new users.<br />
<br />
== What the Privileges Mean ==<br />
<br />
The DAV permissions are as follows: <br />
* read <br />
* write-properties <br />
* write-content <br />
* unlock <br />
* read-acl <br />
* read-current-user-privilege-set <br />
* write-acl <br />
* bind <br />
* unbind <br />
<br />
Some permissions are aggregate:<br />
* write - aggregate of write-properties, write-content, bind & unbind<br />
* all - aggregate of all permissions<br />
<br />
Since none of those cover what might be desirable for Freebusy there is an additional one defined by CalDAV, which is: <br />
* CALDAV:read-free-busy <br />
<br />
Furthermore, {{CalDAV Scheduling RFC}} adds several further CalDAV permissions:<br />
* CALDAV:schedule-deliver-invite<br />
* CALDAV:schedule-deliver-reply<br />
* CALDAV:schedule-query-freebusy<br />
* CALDAV:schedule-send-invite<br />
* CALDAV:schedule-send-reply<br />
* CALDAV:schedule-send-freebusy<br />
<br />
Two more aggregate permissions are also added with this RFC:<br />
* CALDAV:schedule-deliver - CALDAV:schedule-deliver-invite, CALDAV:schedule-deliver-reply and CALDAV:schedule-query-freebusy<br />
* CALDAV:schedule-send - CALDAV:schedule-send-invite, CALDAV:schedule-send-reply and CALDAV:schedule-send-freebusy<br />
<br />
=== read ===<br />
Grants basic read access to the principal or collection.<br />
<br />
=== write-properties ===<br />
Grants access to update properties of the principal or collection. In DAViCal, when granted to a user principal, this will only grant access to update properties of the principal's collections and not the user principal itself. When granted to a group or resource principal this will grant access to update the principal properties.<br />
<br />
=== write-content ===<br />
Grants access to write content (i.e. update data) to the collection, or collections of the principal.<br />
<br />
=== unlock ===<br />
Grants access to write content (i.e. update data) to the collection, or collections of the principal.<br />
<br />
=== read-acl ===<br />
Grants access to read ACLs on the collection, or collections of the principal.<br />
<br />
=== read-current-user-privilege-set ===<br />
Grants access to read the current user's privileges on the collection, or collections of the principal.<br />
<br />
=== write-acl ===<br />
Grants access to writing ACLs on the collection, or collections of the principal.<br />
<br />
=== bind ===<br />
Grants access to creating resources in the collection, or in collections of the principal. Created resources may be new collections, although it is an error to create collections within calendar collections.<br />
<br />
=== unbind ===<br />
Grants access to deleting resources (including collections) from the collection, or from collections of the principal.<br />
<br />
=== CALDAV:read-free-busy ===<br />
Grants other users the privilege to query my free/busy, via the CalDAV free-busy-query report.<br />
<br />
=== CALDAV:schedule-deliver ===<br />
<br />
These privileges will typically be granted wholesale within a small busines or workgroup environment, where everyone should be able to schedule meetings.<br />
<br />
==== CALDAV:schedule-deliver-invite ====<br />
Grants other users the privilege to deliver invitations to me.<br />
<br />
==== CALDAV:schedule-deliver-reply ====<br />
Grants other users the privilege to deliver replies to invitations I sent to them.<br />
<br />
==== CALDAV:schedule-query-freebusy ====<br />
Grants other users the privilege to query my free/busy, via the methods defined in the scheduling extensions to CalDAV.<br />
<br />
=== CALDAV:schedule-send ===<br />
<br />
These privileges will typically be granted by a person to their assistant, or to the people in their team, or direct manager, who might be expected to schedule meetings on their behalf. You would expect these to be granted along with the 'write-content', 'bind' and 'unbind' privileges.<br />
<br />
==== CALDAV:schedule-send-invite ====<br />
Grants other users the privilege to send invitations on my behalf.<br />
<br />
==== CALDAV:schedule-send-reply ====<br />
Grants other users the privilege to reply to invitations on my behalf.<br />
<br />
==== CALDAV:schedule-send-freebusy ====<br />
Grants other users the privilege to send freebusy queries on my behalf.<br />
<br />
== Notes ==<br />
=== iCal Does Not See Granted Calendars ===<br />
Apple iCal only sees delegations at the principal level, so if you are using iCal and you wish to grant access to only a subset of your collections it is necessary to first grant access by default to the principal, and then set narrower privileges on each individual collection which you want to restrict access to.<br />
<br />
At present iCal will '''''not''''' see the calendar if you grant a default of restricted privileges at the principal level, and grant broader specific privileges to individual calendars.</div>Fsfshttps://wiki.davical.org/index.php?title=Template:CalDAV_Scheduling_RFC&diff=3751Template:CalDAV Scheduling RFC2017-06-12T12:00:33Z<p>Fsfs: update draft to RFC</p>
<hr />
<div>'''[http://tools.ietf.org/html/rfc6638 CalDAV Scheduling Extensions to WebDAV (RFC6638)]'''</div>Fsfshttps://wiki.davical.org/index.php?title=External_Bind&diff=3750External Bind2017-05-29T21:37:03Z<p>Fsfs: mention external binds are possible through the admin UI from 1.1.5</p>
<hr />
<div>starting with version 0.9.9.5 it is now possible to import a remote calendar that is available from the web. To enable this feature you must add the ''external_refresh configuration'' parameter:<br />
/*<br />
* External subscription (BIND) minimum refresh interval<br />
* Required if you want to enable remote binding ( webcal subscriptions )<br />
* Default: none<br />
*/<br />
$c->external_refresh = 60; // Minutes<br />
<br />
That is the minimum time period to wait between checks to see if the remote file has been updated, it will only be refreshed when <br />
# client tries to look at the calendar, <br />
# the last update was more than $c->external_refresh minutes ago,<br />
# the remote server indicates the file has been updated it will reimport the calendar.<br />
<br />
Note that you need the ''php5-curl package'' (Debian/Ubuntu, other distros might call it differently) for this to work otherwise you get 500 errors when querying the calendar.<br />
<br />
With that setting in place it is now possible to bind a remote calendar. This can be done easily under "Bindings to other collections" on the principal page of the Admin UI (available from version 1.1.5).<br />
<br />
<br />
== Manually setting up an External Bind ==<br />
<br />
Prior to version 1.1.5, External Binds can only be set up through a CalDAV BIND request.<br />
That request should look similar to the following:<br />
<br />
BIND https://example.org/caldav.php/user/<br />
<br />
<?xml version="1.0" encoding="utf-8"?><br />
<dav:bind xmlns:dav="DAV:"><br />
<dav:segment>Melbourne Rebels 2011 Fixtures</dav:segment><dav:href>http://www.me.com/ca/sharesubscribe/1.282129618/731F31CB-B333-43A7-9A79-78F785CDF767.ics</dav:href></dav:bind><br />
<br />
That request will create a calendar named "Melbourne Rebels 2011 Fixtures" in https://example.org/caldav.php/user/ with the contents imported from http://www.me.com/ca/sharesubscribe/1.282129618/731F31CB-B333-43A7-9A79-78F785CDF767.ics.<br />
<br />
One can generate such a request with curl using the following:<br />
<br />
USERNAME=yourusername<br />
CALENDAR=http://mycal.example.net/calendar/caldav.php/yourusername/<br />
REMOTE=http://www.example.org/calendar/file.ics<br />
CALNAME="Remote Calendar"<br />
curl --basic --user '${USERNAME}' -X BIND -H 'Content-Type: text/xml;charset="UTF-8"' --url '${CALENDAR}' -d '<?xml version="1.0" encoding="utf-8"?><bind xmlns="DAV:"><segment>${CALNAME}</segment><href>${REMOTE}</href></bind>'<br />
<br />
<br />
== Performance considerations ==<br />
<br />
This can generate a fair amount of load on the server, so I wouldn't suggest using a lot of these with a short refresh interval. They are shared between users based on the md5 of the remote url, so five users subscribing to the same calendar will all see the same data. Finally there is currently no provision for removing them or the data when no one actually bound to them, since no one is requesting updates they will just be taking space in the database the following should list them so they can be cleaned up.<br />
<br />
select dav_name from collection where parent_container='/.external/' and collection_id not in ( select bound_source_id from dav_binding where external_url is not null);</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.5&diff=3748Release Notes/1.1.52017-05-10T15:53:36Z<p>Fsfs: </p>
<hr />
<div>{{released|2017-01-23|1.1.4}}{{TOCright}}<br />
<br />
This release contains a lot of bug fixes, a command-line interface for administering DAViCal, and support for feeding monitoring and performance data.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Database Upgrade ===<br />
* Add/Alter tables for dealing with remote attendee handling<br />
* Sequence counters for reporting metrics for monitoring<br />
* Database version is now 1.3.2<br />
<br />
=== Upgrades of Other Software ===<br />
* AWL 0.57 is required.<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Fetch external resources ignores the external_refresh setting (#92)<br />
* Temporary Password Sent (#94)<br />
* psql functions not found (#26)<br />
* "modified" attribute can't be mapped to LDAP schema (#99)<br />
* Broken handling of CATEGORIES (#82)<br />
* Config: $c->local_tzid not used and even throwing an error? (#35)<br />
* PHP options 'open_basedir' / 'allow_url_fopen' are not handled properly (#57)<br />
* add_member problems when PATH_INFO is not set (#96)<br />
* "redeclaration" an other apigen errors (#85)<br />
* Cannot delete collections within a group, despite sufficient priviliges (#47)<br />
* "Call to undefined method Principal::fullname()" (#101)<br />
* Infinite loop when finding delegates (#48)<br />
* Davical returns 404 on group-member-set (#88)<br />
* Updated external resources don't update the sync_token (#93)<br />
* Support for X-Forwarded-Proto (#87)<br />
* use https for the current_davical_version check (#1) as well as in many other places<br />
* support for bulk addressbook import (#74)<br />
* default_relationships now working with all auth drivers, including internal auth (#75)<br />
* Logout does not work when a LSID cookie is there (#56)<br />
* don't show logout button, when non-session/cookie based login is used (#67)<br />
* DAViCal session is not disabled after logout (#65)<br />
* ldap group import: unset group after import (!35)<br />
* ldap: allow admins to manually toggle the uniqueMember fix via config (#102)<br />
* user name from external authentication is mangled up (AWL #1, #2)<br />
* Fix a regression with backslash-escaping of backslashes and semicolons in some properties (AWL)<br />
<br />
=== Other Changes ===<br />
* Add support for a /metrics.php endpoint which can be scraped by Prometheus for collecting monitoring and performance data<br />
* scripts/davical-cli: a command-line interface to DAViCal<br />
* Various fixes and improvements to the web UI: correct tooltips, no edit or delete buttons shown when user is not allowed to edit, no ticket column shown without write access, add an editor to create internal and external bindings (#90), unbreak locale selection (user-selected locale must be present/installed on the server OS)<br />
* Support "Prefer: return=minimal" as specified in RFC7240 in addition to previous "return-minimal"<br />
* New config options: $c->default_query_warning_threshold, $c->trust_x_forwarded, many existing options documented in example config<br />
* Add filtering to debug logging, so it can be limited to certain users or IP addresses: $c->dbg_filter["remoteIP"][] and $c->dbg_filter["authenticatedUser"][]<br />
* Updates to regression test suite, now mostly functional again<br />
* General cleanup around deprecated functions and funny whitespace<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.5: [https://gitlab.com/davical-project/davical/tags/r1.1.5 https://gitlab.com/davical-project/davical/tags/r1.1.5]<br />
<br />
AWL 0.57: [https://gitlab.com/davical-project/awl/tags/r0.57 https://gitlab.com/davical-project/awl/tags/r0.57]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
* Fix sync of deleted events when hide_todo is set (#100) https://gitlab.com/davical-project/davical/commit/1c174f4b78<br />
* Fix modified mapping in the LDAP driver, a regression introduced in 1.1.5 (#108) https://gitlab.com/davical-project/davical/commit/e0b8ecada<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Synology_DS211&diff=3747Synology DS2112017-05-05T14:47:55Z<p>Fsfs: #704069</p>
<hr />
<div>=Synology DS 211 with DSM 5.0=<br />
<br />
From Daniel via the [https://sourceforge.net/p/davical/mailman/message/32515648/ DAViCal-General mailing list]:<br />
<br />
Experiences with installing DAViCal on a Synology DS211 with DSM 5.0. My starting point was a script previously published by CyberLine on GitHub Gist (https://gist.github.com/CyberLine/3755721/). Unfortunately, the script would not work out of the box, so here is what I had to do. Please note that the following is not meant to be run as a script. Rather, use it as copy-paste base for your terminal.<br />
<br />
* Install bootstrap package first.<br />
** See: http://forum.synology.com/wiki/index.php/How_to_Install_Bootstrap<br />
<br />
* The installation of optware-devel is buggy because of a conflict between wget-ssl and wget. It is not possible to just uninstall wget, because it is needed for ipkg. So, first fetch the new wget-ssl, then remove the old and install the new:<br />
wget http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/wget-ssl_1.12-2_arm.ipk<br />
ipkg remove wget && ipkg install wget-ssl_1.12-2_arm.ipk<br />
<br />
* Now, install system tools and second postgres<br />
ipkg install perl perl-dbi make sed postgresql binutils busybox optware-devel<br />
<br />
* Patch postgres config for non conflicting if not exists<br />
if [ "0" == $(egrep '^port = 5433$' /opt/var/pgsql/data/postgresql.conf | wc -l) ]; then<br />
echo "port = 5433" >> /opt/var/pgsql/data/postgresql.conf<br />
fi;<br />
<br />
* Install needed host entries for DAViCal<br />
if [ "0" == $(grep davical /opt/var/pgsql/data/pg_hba.conf | wc -l) ]; then<br />
echo -a "local davical davical_app trust\nlocal davical davical_dba trust" >> /opt/var/pgsql/data/pg_hba.conf<br />
fi;<br />
<br />
* Start the installed postgres cluster<br />
/opt/etc/init.d/S98postgresql start<br />
<br />
* Install needed perl packages. <br />
Installation of CPAN does not work out of the box ("Can't locate CPAN/Meta/Requirements.pm"). I solved this by:<br />
cpan CPAN::Meta<br />
This will draw in a number of other dependencies, just confirm all dialogs. This step takes a looong time!<br />
* Now, the following should work:<br />
cpan -fi CPAN YAML<br />
<br />
* Build the perl package for davical installation<br />
mkdir -p /usr/local/etc/davical<br />
wget http://search.cpan.org/CPAN/authors/id/T/TU/TURNSTEP/DBD-Pg-2.19.3.tar.gz -O - | tar -xz -C /usr/local<br />
cd /usr/local/DBD-Pg-2.19.3 && perl Makefile.PL LD=/opt/bin/ld && make && make install<br />
<br />
* Edit vhost file /opt/etc/apache2/conf.d/davical.vhost<br />
Alias /cal /opt/share/davical/htdocs<br />
<Directory /opt/share/davical/htdocs/><br />
AllowOverride None<br />
</Directory><br />
(i.e., no php directives, no virtual host!)<br />
<br />
* If you prefer a virtual host, create one in the DSM web interface linking to the sub directory "cal".<br />
<br />
* Check for needed open_basedir modification.<br />
I did this manually in DSM web interface, adding this to the open_basedir directive:<br />
/opt/share/davical:/opt/share/awl/inc:/usr/local/etc/davical/<br />
This will then be in /etc/php/conf.d/user-settings.ini<br />
<br />
* Append davical.vhost to the user apache if not exists<br />
if [ "0" == $(egrep '^Include /opt/etc/apache2/conf.d/davical.vhost' /etc/httpd/conf/httpd.conf-user | wc -l) ]; then<br />
echo "Include /opt/etc/apache2/conf.d/davical.vhost" >> /etc/httpd/conf/httpd.conf-user<br />
fi;<br />
<br />
* Restart the user apache<br />
/usr/syno/sbin/synoservicecfg --restart httpd-user<br />
<br />
* Install davical if not exists<br />
if [ ! -e "/opt/share/davical" ]; then<br />
wget http://debian.mcmillan.net.nz/packages/davical/davical-1.1.1.tar.gz -O - | tar -xz -C /opt/share/<br />
mv /opt/share/davical-1.1.1/ /opt/share/davical/<br />
else<br />
echo "davical installation exists. nothing to do."<br />
fi;<br />
<br />
* Install needed "awl" if not exists<br />
if [ ! -e "/opt/share/awl/" ]; then<br />
wget http://debian.mcmillan.net.nz/packages/awl/awl-0.53.tar.gz -O - | tar -xz -C /opt/share/<br />
mv /opt/share/awl-0.53/ /opt/share/awl/<br />
else<br />
echo "awl installation exists. nothing to do.";<br />
fi;<br />
<br />
* Install davical database if not exists<br />
if [ "0" == $(psql -p 5433 -l template1 postgres | grep davical | wc -l) ]; then<br />
PGPORT=5433 PGUSER=postgres /opt/share/davical/dba/create-database.sh<br />
fi;<br />
<br />
* Adjust connect string in DAViCal config (/opt/share/davical/config/example-config.php):<br />
$c->pg_connect[] = "dbname=davical port=5433 user=davical_app host=localhost";<br />
<br />
* Soft link sample config files for each interface if not exists<br />
for ADDR in $(ip -4 addr list | grep inet | awk '{print $2}' | awk -F '/' '{print $1}'); do<br />
if [ ! -e "/usr/local/etc/davical/$ADDR-conf.php" ]; then<br />
ln -s /opt/share/davical/config/example-config.php /usr/local/etc/davical/$ADDR-conf.php<br />
fi;<br />
done;<br />
* Make also a softlink for possible DNS entries you want to use (.../your.domain.tld-conf.php).<br />
<br />
Now, the installation should work. Point your browser to your diskstation IP/cal and complete DAViCal setup.<br />
<br />
<br />
==Using the DSM LDAP server for user management==<br />
Add the following to your config /opt/share/davical/config/example-config.php:<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'localhost', //host name of your LDAP Server<br />
'port' => '389', //port<br />
'protocolVersion' => '3', //Version of LDAP protocol to use<br />
'baseDNUsers'=> 'cn=users,dc=xxx,dc=xxx', //where to look at valid user<br />
'filterUsers' => 'objectClass=inetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'cn=groups,dc=xxx,dc=xxx', //where to look for groups<br />
'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers<br />
'mapping_field' => array("username" => "cn",<br />
"modified" => "modifyTimestamp",<br />
"fullname" => "gecos" ,<br />
"email" =>"mail"<br />
), //used to create the user based on his ldap properties<br />
'group_mapping_field' => array("username" => "cn",<br />
"modified" => "modifyTimestamp",<br />
"fullname" => "description" ,<br />
"members" =>"memberUid"<br />
), //used to create the group based on the ldap properties<br />
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),<br />
);<br />
$c->do_not_sync_from_ldap = array( 'admin' => true ); // do not affect admin account on ldap sync<br />
include('drivers_ldap.php');<br />
<br />
<br />
Finally, in order to get LDAP to work, I had to edit the file /opt/share/davical/inc/Principal.php.<br />
The reason is that Postgres on my DiskStation is really old (v 8.2.13) and does not seem to support some type casting used on LDAP sync.<br />
Otherwise, on importing LDAP users, I get plenty of errors in the style "cannot write to database".<br />
So what I did was to simply comment out line 540:<br />
// $param_name = 'cast('.$param_name.' as text)::BIT(24)';<br />
I know this is really ugly but seemed to solve my issues.</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration_settings&diff=3746Configuration settings2017-05-05T14:36:15Z<p>Fsfs: #704069</p>
<hr />
<div>{{TOCright}}<br />
As well as reading the details below, also consider looking at [[Configuration/settings]] which is the index into the wiki pages listing each individual setting, and where these settings will be maintained more exhaustively in the future.<br />
<br />
== Mandatory Settings ==<br />
<br />
=== pg_connect ===<br />
<br />
Ex : <code>$c->pg_connect[] = 'dbname=davical port=5432 user=general'</code><br />
<br />
The application will attempt to connect to the database, successively applying connection parameters from the array in $c->pg_connect.<br />
<br />
used in the web interface but also the caldav Server<br />
<br />
<pre><br />
$c->pg_connect[] = "dbname=davical user=davical_app";<br />
</pre><br />
<br />
As well as setting ''dbanme'' and ''user'', PostgreSQL accepts values for ''port'', ''host'', ''password'' and maybe even more - check the PostgreSQL docs if you need something really odd.<br />
<br />
'''Note:''' From version 0.9.9.4 there is an alternate syntax available (though the old one will continue to work) which is:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical port=5432 host=dbhost', 'dbuser' => 'davical_app', 'dbpass' => 'fred' );<br />
Or, for a local DB on the default port with trustauthentication:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical', 'dbuser' => 'davical_app' );<br />
<br />
<br />
== Desirable ==<br />
=== system_name ===<br />
<br />
See [[Configuration/settings/system_name|here]].<br />
<br />
=== Domain Settings ===<br />
<br />
See [[Configuration/settings/domain_name|here]].<br />
<br />
=== Localization ===<br />
<br />
<pre><br />
/**<br />
* The default locale will be "en";<br />
* If you are in a non-English locale, you can set the default_locale<br />
* configuration to one of the supported locales.<br />
*<br />
* Supported Locales (at present, see: "select * from supported_locales ;" for a full list)<br />
*<br />
* "de_DE", "en_NZ", "es_AR", "fr_FR", "nl_NL", "ru_RU"<br />
*<br />
* If you want locale support you probably know more about configuring it than me, but<br />
* at this stage it should be noted that all translations are UTF-8, and pages are<br />
* served as UTF-8, so you will need to ensure that the UTF-8 versions of these locales<br />
* are supported on your system.<br />
*<br />
* People interested in providing new translations are directed to the Wiki:<br />
* http://rscds.sourceforge.net/moin/TranslatingRscds<br />
**/<br />
// $c->default_locale = "en_NZ";<br />
</pre><br />
<br />
=== hide_TODO ===<br />
<br />
See [[Configuration/settings/hide_TODO|here]].<br />
<br />
=== readonly_webdav_collections ===<br />
<br />
See [[Configuration/settings/readonly_webdav_collections|here]].<br />
<br />
=== admin_email ===<br />
<br />
See [[Configuration/settings/admin_email|here]].<br />
<br />
=== default_relationships ===<br />
<br />
See [[Configuration/settings/default_relationships|here]].<br />
<br />
== Probably Not Needed ==<br />
=== enable_row_linking ===<br />
default=true<br />
<br />
If true the admin web interface will have link on name to access details<br />
<br />
The "enable_row_linking" option controls whether javascript is used to make the entire row clickable in browse lists in the administration pages. Since this didn't work with Konqueror at some point in the past you may want to set this to false if people experience problems using the DAViCal administration pages.<br />
<br />
<pre><br />
$c->enable_row_linking = true;<br />
</pre><br />
<br />
=== local_styles ===<br />
These should be an array of style sheets with a path specified relative to the root directory. These settings can be used for overriding display styles in the admin interface.<br />
<br />
e.g. : $c->local_styles = array('/css/my.css');<br />
<br />
<pre><br />
$c->local_styles = array();<br />
$c->print_styles = array();<br />
</pre><br />
<br />
=== home_calendar_name ===<br />
<br />
See [[Configuration/settings/home_calendar_name|here]].<br />
<br />
== Probably a Bad Idea ==<br />
=== collections_always_exist ===<br />
The "collections_always_exist" value defines whether a MKCALENDAR command is needed to create a calendar collection before calendar resources can be stored in it. This should not be required since each created user will have a calendar created for them. The default is 'false'.<br />
<br />
<pre><br />
// $c->collections_always_exist = true;<br />
</pre><br />
<br />
=== hide_alarm ===<br />
<br />
See [[Configuration/settings/hide_alarm|here]].<br />
<br />
=== allow_get_email_visibility ===<br />
<br />
See [[Configuration/settings/allow_get_email_visibility|here]].<br />
<br />
== External Authentication Sources ==<br />
<br />
To allow specifying another way to control access by authenticating the user against external authentication sources such as LDAP (the default is the PgSQL DB), $c->authenticate_hook['call'] should be set to the name of a user-defined function (usually included from one of the drivers_*.php files) that will be called like this:<br />
call_user_func( $c->authenticate_hook['call'], $username, $password )<br />
<br />
This login mechanism is used in 2 places:<br />
* for the web interface in: index.php that calls DAViCalSession.php that extends Session.php (from AWL libraries)<br />
* for the caldav client in: caldav.php that calls BasicAuthSession.php<br />
Both Session.php and BasicAuthSession.php check against the authenticate_hook['call'], although for BasicAuthSession.php this will be for every request. For Session.php this will only occur once during login.<br />
<br />
$c->authenticate_hook['config'] should be set up with any configuration data needed by the authentication driver.<br />
<br />
In case the login via the external authentication method is just optional (e.g. to allow access to users that are not covered by that method, but are manually created in davical), the method has to be marked as optional<br />
$c->authenticate_hook['optional']=true;<br />
<br />
[[Auth_Plugin|AuthPlugins.php]] contains implementations of two example authentication hooks, auth_external (still used for BASIC auth) and auth_other_awl.<br />
<br />
=== General Example ===<br />
<br />
<pre><br />
/*<br />
* Other AWL hook<br />
*/<br />
require_once('auth-functions.php');<br />
<br />
$c->authenticate_hook['call'] = 'AuthExternalAwl';<br />
$c->authenticate_hook['config'] = array(<br />
// A PgSQL database connection string for the database containing user records<br />
'connection' => 'dbname=wrms host=otherhost port=5433 user=general',<br />
// Which columns should be fetched from the database<br />
'columns' => "user_no, active, email_ok, joined, last_update AS updated, last_used, username, password, fullname, email",<br />
// a WHERE clause to limit the records returned.<br />
'where' => "active AND org_code=7"<br />
);<br />
</pre><br />
<br />
=== LDAP / OpenLDAP ===<br />
<br />
<pre><br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net', //host name of your LDAP Server<br />
'port' => '389', //port<br />
<br />
/* For the initial bind to be anonymous leave bindDN and passDN<br />
commented out */<br />
// DN to bind to this server enabling to perform request<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
// Password of the previous bindDN to bind to this server enabling to perform request<br />
'passDN'=> 'xxxxxxxx',<br />
<br />
'protocolVersion' => '3', //Version of LDAP protocol to use<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user<br />
'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM<br />
'filterGroups' => 'objectClass=groupOfUniqueNames', //not used ATM<br />
/** /!\ "username" should be set and "modified" must be set **/<br />
'mapping_field' => array("username" => "uid",<br />
"modified" => "modifyTimestamp",<br />
"fullname" => "cn" ,<br />
"email" =>"mail"<br />
), //used to create the user based on his ldap properties<br />
/** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/<br />
'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),<br />
/** foreach key set start and length in the string provided by ldap<br />
example for openLDAP timestamp : 20070503162215Z **/<br />
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),<br />
<br />
'startTLS' => 'yes', // Require that TLS is used for LDAP?<br />
// If ldap_start_tls is not working, it is probably<br />
// because php wants to validate the server's<br />
// certificate. Try adding "TLS_REQCERT never" to the<br />
// ldap configuration file that php uses (e.g. /etc/ldap.conf<br />
// or /etc/ldap/ldap.conf). Of course, this lessens security!<br />
<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree.<br />
// Allowed values: base, onelevel, subtree.<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Apache Module does the Authentication ===<br />
<br />
In this situation we just want to pull the username from the headers that Apache gives us. You can use this for Kerberos or many other forms of authentication just fine.<br />
<br />
<pre><br />
/*<br />
* Use Apache-supplied headers and believe them<br />
*/<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
</pre><br />
<br />
This will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
The ''server_auth_type'' setting must match the value provided by the webserver in the '''AUTH_TYPE''' environment variable. DAViCal will look for the username of the authenticated user in the '''REMOTE_USER''' (and beginning with 1.1.2 '''REDIRECT_REMOTE_USER''') environment variable.<br />
<br />
Note that this method does not pull any account details from anywhere, so you will still need to create an account in DAViCal for each username that will authenticate in this way - just that the password on that account will be ignored and authentication will happen through the authentication method that Apache is configured with.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).<br />
<br />
=== Active Directory (AD) ===<br />
<br />
<pre><br />
/*<br />
* Use the following LDAP example if you are using Active Directory<br />
*<br />
* You will need to change host, passDN and DOMAIN in bindDN and baseDNUsers.<br />
*/<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'ldap://ldap.example.net',<br />
'bindDN' => 'auth@DOMAIN',<br />
'passDN' => 'secret',<br />
'baseDNUsers' => 'dc=DOMAIN,dc=local',<br />
'protocolVersion' => 3,<br />
'optReferrals' => 0,<br />
'filterUsers' => '(&(objectcategory=person)(objectclass=user)(givenname=*))',<br />
'mapping_field' => array("username" => "uid",<br />
"fullname" => "cn" ,<br />
"email" => "mail"),<br />
'default_value' => array("date_format_type" => "E","locale" => "en_NZ"),<br />
'format_updated' => array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Pluggable Authentication Modules (PAM) ===<br />
Allows directly authenticating existing system users. There are two options: PWauth or Squid.<br />
<br />
Both methods require that the password is transmitted in plain-text. Requiring encrypted connections with TLS is strongly recommended. PWauth's wiki page on [http://code.google.com/p/pwauth/wiki/Risks security risks] is recommended reading before offering to authenticate system users.<br />
<br />
Setting the email_base is required, but whether it is used or not depends on how accounts are authenticated on the system.<br />
<br />
<br />
==== PWauth ====<br />
Installing the Debian/Ubuntu package (available in each distribution's respective 'universe' repositories) will offer authentication against PAM out of the box.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the PWauth helper program.<br />
*/<br />
$c->authenticate_hook['call'] = 'PWAUTH_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'path' => '/usr/sbin/pwauth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_pwauth_pam.php');<br />
</pre><br />
<br />
Other distributions may have alternate paths to the helper program. Locate it using the ''whereis'' command after installing.<br />
<br />
==== Squid ====<br />
Requires that Squid is configured to offer PAM authentication. Not covered by this documentation.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the Squid helper script.<br />
*/<br />
$c->authenticate_hook['call'] = 'SQUID_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'script' => '/usr/bin/pam_auth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_squid_pam.php');<br />
</pre></div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/LDAP_groups&diff=3745Configuration/Authentication Settings/LDAP groups2017-05-05T14:33:46Z<p>Fsfs: #704069</p>
<hr />
<div>Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see [[Configuration/Authentication Settings/LDAP|LDAP Configuration]] for base configuration details).<br />
Import/sync users and groups via the Administration > Import Calendars menu in the web interface.<br />
Once you have users syncing from LDAP you should be able to sync groups with the following settings.<br />
<br />
<pre><br />
'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups<br />
'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames<br />
'group_mapping_field' => array('username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
), //used to create the group based on the ldap properties<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree ( applies to BOTH user and group mappings )<br />
</pre><br />
<br />
Explanation of parameters:<br />
{{Tlist}}<br />
{{TRlist}}baseDNGroups<br />
{{TDlist}}The base DN to look in for valid groups<br />
{{TRlist}}filterGroups<br />
{{TDlist}}A filter which must pass for this to be a valid group<br />
{{TRlist}}group_mapping_field<br />
{{TDlist}}An array of DAViCal field names vs. their LDAP mappings<br />
{{TRlist}}scope<br />
{{TDlist}}The search scope for all LDAP searches(users and groups)<br />
|}<br />
<br />
Note: the sync operations should be safe to use if you have made changes in LDAP and want those changes reflected in DAViCal.<br />
<br />
== Troubleshooting ==<br />
<br />
If you do not see a message near the top of the page when syncing try running a search with another ldap tool.<br />
<pre><br />
'baseDNGroups' => 'ou=Groups,dc=company,dc=com',<br />
'filterGroups' => 'objectClass=posixGroup'<br />
'scope' => 'subtree'<br />
</pre><br />
<br />
could be tested with<br />
<pre><br />
ldapsearch -h localhost -D "binddn" -W -s sub -b 'ou=Groups,dc=company,dc=com' 'objectClass=posixGroup'<br />
</pre></div>Fsfshttps://wiki.davical.org/index.php?title=Main_Page&diff=3739Main Page2017-01-25T09:26:51Z<p>Fsfs: </p>
<hr />
<div><div style="width:80%"><p style="font-weight:bold;font-size:2.5em;color:#103050;text-align:center;">DAViCal Wiki</p></div><br />
This is a wiki to provide information and help about the DAViCal CalDAV & CardDAV Server. Pages are grouped into several main areas: <br />
{| style="width: 100%; border-spacing:15px;border-collapse:separate"<br />
|- valign="top"<br />
|style="width:25%;border: 1px solid rgb(191, 238, 255); background-color: rgb(239, 251, 255);"| '''About DAViCal'''<br />
* [[Features]]<br />
* [[Getting Help]]<br />
* [[CalDAV Clients]]<br />
* [[CardDAV Clients]]<br />
* [[Multiple Calendars]]<br />
* [[Free Busy]]<br />
* [[Useful Links]]<br />
|style="width:25%;border: 1px solid rgb(255, 199, 191); background-color: rgb(255, 241, 239);"|'''Admin Documentation'''<br />
* [[Downloading|Download]]<br />
* [[Installation Stuff|Installation]]<br />
* [[Configuration]]<br />
* [[Upgrading]]<br />
* [[Backups]]<br />
* [[Frequently Asked Questions]]<br />
* [[Release Notes]]<br />
* [[Support]]<br />
|style="width:25%;border: 1px solid #8CACBB; background-color: #EEEEFF;"| '''Developer Documentation'''<br />
* [[Developer Setup]]<br />
* [[DAV]]<br />
* [[Database|Database Information]]<br />
* [[Pluggable Authentication]]<br />
* [[User Contributions]]<br />
* [[RFC Compliance]]<br />
* [[Client/DAViCal interaction]]<br />
* [[Release Checklist]]<br />
* [[Road Map]]<br />
|style="width:25%;border: 1px solid rgb(255, 255, 102); background-color: rgb(255, 250, 229);"| '''Help DAViCal Without Coding'''<br />
* [[Translating DAViCal]]<br />
* [[Helping with DAViCal]] <br />
* [[Provide some Data]]<br />
* [[Suggest Features]]<br />
* [[Editing the Wiki]]<br />
* [[Community Support]]<br />
|}<br />
<br />
The current stable release of DAViCal is [[Release_Notes/1.1.5|1.1.5]].</div>Fsfshttps://wiki.davical.org/index.php?title=Downloading&diff=3738Downloading2017-01-25T09:26:33Z<p>Fsfs: </p>
<hr />
<div>{{TOCright}}<br />
The latest DAViCal release is generally available for download from:<br />
https://gitlab.com/davical-project/davical/tags<br />
<br />
Andrew's Web Libraries, which DAViCal depends on, is similarly available from:<br />
https://gitlab.com/davical-project/awl/tags<br />
<br />
Both these sources are of the full Git repository, which includes the website and other pieces you may not need. We hope to have a better packaged distribution again in the near future.<br />
<br />
== Pre-built Distribution Files ==<br />
<br />
=== Debian / Ubuntu ===<br />
<br />
==== Debian ====<br />
<br />
Jessie has AWL 0.55 and DAViCal 1.1.3.1, and Stretch is going to be released with AWL 0.57 and DAViCal 1.1.5. Packages can be installed directly with apt-get. You may want to consider the backports repository for newer versions and bugfixes.<br />
<br />
==== Raspberry Pi2 Raspbian ====<br />
<br />
You can find a very detailed how-to here: [[Raspberry_Pi2_Raspbian]].<br />
<br />
==== Ubuntu ====<br />
<br />
DAViCal and AWL have been synced from Debian and are present already.<br />
<br />
==== Older / Other DEB-based releases ====<br />
<br />
While older DAViCal packages are present in several releases of Ubuntu and Debian, you may want to consider installing the most recent version to benefit from bug and compatibility fixes. For this purpose, we maintain a '''davical-current''' repository, which can be added to your sources.list through a three-step process described at '''https://people.debian.org/~fsfs/davical-current/setup.sh'''<br />
<br />
=== Gentoo ===<br />
<br />
An ebuild should be available within the 'sunrise' overlay.<br />
<br />
=== Red Hat and other RPM-based releases ===<br />
<br />
It is possible that DAViCal will appear in the Fedora repository at some point. In the meantime, it is probably best to install from the sources.<br />
<br />
=== FreeBSD ===<br />
<br />
There are ports of DAViCal which are updated from time to time.<br />
<br />
== Installing from Source ==<br />
<br />
=== Tar archives ===<br />
DAViCal is not a compiled package, so there is generally very little to be gained from installing from source, however you can do this by downloading the relevant .tar.gz files (both DAViCal and AWL) from the above location.<br />
<br />
=== Installing from Git ===<br />
<br />
If you want to follow the cutting edge and help develop and test DAViCal, you can clone from the above mentioned gitlab repositories as follows:<br />
git clone https://gitlab.com/davical-project/awl.git<br />
git clone https://gitlab.com/davical-project/davical.git<br />
<br />
For more information read [[Developer Setup]] and [[Helping with DAViCal]].</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.5&diff=3737Release Notes/1.1.52017-01-25T09:20:43Z<p>Fsfs: add last-minute changes, finalize</p>
<hr />
<div>{{released|2017-01-23|1.1.4}}{{TOCright}}<br />
<br />
This release contains a lot of bug fixes, a command-line interface for administering DAViCal, and support for feeding monitoring and performance data.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Database Upgrade ===<br />
* Add/Alter tables for dealing with remote attendee handling<br />
* Sequence counters for reporting metrics for monitoring<br />
* Database version is now 1.3.2<br />
<br />
=== Upgrades of Other Software ===<br />
* AWL 0.57 is required.<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Fetch external resources ignores the external_refresh setting (#92)<br />
* Temporary Password Sent (#94)<br />
* psql functions not found (#26)<br />
* "modified" attribute can't be mapped to LDAP schema (#99)<br />
* Broken handling of CATEGORIES (#82)<br />
* Config: $c->local_tzid not used and even throwing an error? (#35)<br />
* PHP options 'open_basedir' / 'allow_url_fopen' are not handled properly (#57)<br />
* add_member problems when PATH_INFO is not set (#96)<br />
* "redeclaration" an other apigen errors (#85)<br />
* Cannot delete collections within a group, despite sufficient priviliges (#47)<br />
* "Call to undefined method Principal::fullname()" (#101)<br />
* Infinite loop when finding delegates (#48)<br />
* Davical returns 404 on group-member-set (#88)<br />
* Updated external resources don't update the sync_token (#93)<br />
* Support for X-Forwarded-Proto (#87)<br />
* use https for the current_davical_version check (#1) as well as in many other places<br />
* support for bulk addressbook import (#74)<br />
* default_relationships now working with all auth drivers, including internal auth (#75)<br />
* Logout does not work when a LSID cookie is there (#56)<br />
* don't show logout button, when non-session/cookie based login is used (#67)<br />
* DAViCal session is not disabled after logout (#65)<br />
* ldap group import: unset group after import (!35)<br />
* ldap: allow admins to manually toggle the uniqueMember fix via config (#102)<br />
* user name from external authentication is mangled up (AWL #1, #2)<br />
* Fix a regression with backslash-escaping of backslashes and semicolons in some properties (AWL)<br />
<br />
=== Other Changes ===<br />
* Add support for a /metrics.php endpoint which can be scraped by Prometheus for collecting monitoring and performance data<br />
* scripts/davical-cli: a command-line interface to DAViCal<br />
* Various fixes and improvements to the web UI: correct tooltips, no edit or delete buttons shown when user is not allowed to edit, no ticket column shown without write access, add an editor to create internal and external bindings (#90), unbreak locale selection (user-selected locale must be present/installed on the server OS)<br />
* Support "Prefer: return=minimal" as specified in RFC7240 in addition to previous "return-minimal"<br />
* New config options: $c->default_query_warning_threshold, $c->trust_x_forwarded, many existing options documented in example config<br />
* Add filtering to debug logging, so it can be limited to certain users or IP addresses: $c->dbg_filter["remoteIP"][] and $c->dbg_filter["authenticatedUser"][]<br />
* Updates to regression test suite, now mostly functional again<br />
* General cleanup around deprecated functions and funny whitespace<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.5: [https://gitlab.com/davical-project/davical/tags/r1.1.5 https://gitlab.com/davical-project/davical/tags/r1.1.5]<br />
<br />
AWL 0.57: [https://gitlab.com/davical-project/awl/tags/r0.57 https://gitlab.com/davical-project/awl/tags/r0.57]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/LDAP&diff=3736Configuration/Authentication Settings/LDAP2017-01-19T10:27:30Z<p>Fsfs: add group_member_dnfix</p>
<hr />
<div>DAViCal supports LDAP Authentication. This page provides configuration settings and an example of configuring DAViCal with LDAP at version 0.9.3 and newer (the code itself sits in <tt>inc/drivers_ldap.php</tt>).<br />
<br />
Some authentication examples, including LDAP, are also shown in [[Configuration]], and in the ''config'' directory in the tarball.<br />
<br />
For LDAP Authentication, it's important to install the LDAP modules for PHP (the <tt>php5-ldap</tt> package under debian/ubuntu). <br />
<br />
== Introduction ==<br />
<br />
DAViCal has it's own user database. Even if you configure DAViCal to authenticate against your LDAP server, all it's going to do is trying to synchronize it's own database with the part of your LDAP tree you specified. The reason for that is simply, that DAViCal will always try to protect it's data and it won't take a missing LDAP user as enough of a reason to purge all his calendars and contacts. Instead it will render him 'inactive', so if you really wan't to get rid of a user you'll have to delete him twice: in your LDAP structure and via the DAViCal admin interface.<br />
<br />
When a user logs in for the first time, an SQL record is created from the LDAP data using the mappings above: a cn entry in LDAP becomes username in SQL, all other attributes are mapped accordingly to your configuration file. If LDAP authentication is activated and configured DAViCal won't save the users password in the database! LDAP is to do the authentication after all. That also means that if you loose your LDAP data for some reason, your users won't be able to access their calendar or contacts either (but at least they'll still be there, which should be good news for you at this point.)<br />
<br />
You import/sync users and groups via the "Administration --> Tools --> Sync with LDAP" menu in the web interface. It will check both, the users in your LDAP tree and the ones in it's own database. As said, if a user is absent in LDAP but active in DAViCal it will render him 'inactive' and thereby deny him access to any calendar ressources. Does the user exist on both sides, DAViCal will try to update the user according to the changes in its LDAP attributes, if any. If DAViCal finds users in your LDAP that it doesn't know about it will create a new user in it's SQL database. Therefor you should try to be precise when you define the user tree in the LDAP section of your DAViCal configuration - otherwise you'll end up with all sorts of useless accounts and ressources in your DAViCal database.<br />
<br />
Support for group import was added in 0.9.9. You'll need the <tt>baseDNGroups</tt>, <tt>filterGroups</tt> and <tt>group_mapping_field</tt> set in the config to import groups (see the example below or the <tt>example-config.php</tt> in the source).<br />
<br />
== Supported features ==<br />
<br />
{{Tlist}}<br />
{{TRlist}}OpenLDAP and ActiveDirectory support<br />
{{TDlist}}<br />
{{TRlist}}SSL, TLS and Unix socket support all in URI notation<br />
{{TDlist}}e.g. ldapi:// over Unix socket, ldaps://:636 over SSL and ldap://:389 over TLS<br />
{{TRlist}}Support for both anonymous and non-anonymous bind<br />
{{TDlist}}<br />
{{TRlist}}No dependency at all on the schema that is being used<br />
{{TDlist}}you define the attribute mapping<br />
{{TRlist}}Group Mapping<br />
{{TDlist}}see [[LDAP_groups]] for slightly more information<br />
{{TRlist}}Support for filtered LDAP searches<br />
{{TDlist}}allows to save bandwith and ressources by querying the LDAP server for a smaller subset of information<br />
{{TRlist}}Support for both the native application authentication and LDAP<br />
{{TDlist}}the current authentication hook allows for authentication to fall back to the local database<br />
{{TRlist}}User defined timeout durations for LDAP connections<br />
{{TDlist}}<br />
{{TRlist}}User sync via CRON script<br />
{{TDlist}}<br />
|}<br />
<br />
== LDAP Settings ==<br />
<br />
The settings for the LDAP connection go in the config file <tt>/etc/davical/config.php</tt> (or perhaps <tt>/etc/davical/<servername>-conf.php</tt>).<br />
<br />
<pre><br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => '<LDAP SERVER>', //host name of your LDAP Server, use URI notation for LDAP over SSL on port 636<br />
'port' => '<PORT>', //port<br />
'bindDN' => '<BIND-CONTAINER/USERNAME>', //DN to bind request to this server (if required)<br />
'passDN' => '<PASSWORD>', //Password of request bind<br />
'baseDNUsers' => 'cn=Users,dc=company,dc=com', //where to look for valid user<br />
'filterUsers' => 'objectClass=inetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups<br />
'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames<br />
'protocolVersion' => 3, //important for simple auth (no sasl)<br />
'optReferrals' => 0, //whether to automatically follow referrals returned by the LDAP server<br />
'networkTimeout' => 10, //timeout in seconds<br />
// 'startTLS' => true, //securing your LDAP connection<br />
'mapping_field' => array(<br />
'username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn', //"Common Name"<br />
// 'user_no' => 'uidNumber', //set DAViCal user no to match Unix uid from LDAP (may cause sql_from_object problems if these user ids do not actually match...)<br />
'email' => 'mail', <br />
// 'active' => , //switch calendar users on/off via ldap attribute<br />
)<br />
'group_mapping_field' => array('username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
), //used to create the group based on the ldap properties<br />
'group_member_dnfix' => true, // if your "members" field contains the full DN and needs to be truncated to just the uid<br />
'default_value' => array("date_format_type" => "E","locale" => "en_EN"),<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2)), // map LDAP "modifyTimestamp" field to SQL "updated" field<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree (BOTH, user and group mappings)<br />
);<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
Explanation of parameters:<br />
{{Tlist}}<br />
{{TRlist}}host<br />
{{TDlist}}The hostname of the LDAP server. Use DNS names or IP addresses or use URI notation for more specific ways to connect (e.g. ldap over SSL)<br />
{{TRlist}}port<br />
{{TDlist}}The port to connect to the LDAP server on<br />
{{TRlist}}bindDN<br />
{{TDlist}}The DN to bind to - leave this empty for anonymous authentication<br />
{{TRlist}}passDN<br />
{{TDlist}}The password for the bind - leave this empty for anonymous authentication<br />
{{TRlist}}baseDNUsers<br />
{{TDlist}}The base DN to look in for valid users<br />
{{TRlist}}filterUsers<br />
{{TDlist}}A filter which must pass for this to be a valid user<br />
{{TRlist}}baseDNGroups<br />
{{TDlist}}The base DN to look in for valid group<br />
{{TRlist}}filterGroups<br />
{{TDlist}}A filter which must pass for this to be a valid group<br />
{{TRlist}}mapping_field<br />
{{TDlist}}An array of DAViCal field names vs. their LDAP mappings<br />
{{TRlist}}group_mapping_field<br />
{{TDlist}}An array of DAViCal field names vs. their LDAP mappings<br />
{{TRlist}}default_value<br />
{{TDlist}}An array of DAViCal field names vs. fixed default values<br />
{{TRlist}}format_updated<br />
{{TDlist}}An array, keyed on Y, m, d, H, M and S with the values being arrays of (start,length) for substring operations on the DAViCal 'updated' field sourced from LDAP.<br />
{{TRlist}}scope<br />
{{TDlist}}The search scope for all LDAP searches (users and groups). Allowed values: base, onelevel, subtree.<br />
|}<br />
<br />
== Working Example ==<br />
<br />
If your OpenLDAP server allows authentication from Apache 2.0 with an httpd config like:<br />
<br />
<pre><br />
<IfModule mod_auth_ldap.c><br />
AuthLDAPURL ldap://ldap.example.com/o=example<br />
AuthName "Example Inc. users"<br />
AuthType Basic<br />
</IfModule><br />
order deny,allow<br />
deny from all<br />
require valid-user<br />
satisfy any<br />
</pre><br />
<br />
Then the following config allows authentication from DAViCal via LDAP:<br />
<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net',<br />
'port' => '389',<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
'passDN'=> 'xxxxxxxx',<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net',<br />
'filterUsers' => 'objectClass=InetOrgPerson',<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net',<br />
'filterGroups' => 'objectClass=posixGroup',<br />
'mapping_field' => array('username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'email' => 'mail'<br />
),<br />
'group_mapping_field' => array(<br />
'username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
),<br />
'group_member_dnfix' => true,<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2))<br />
'scope' => 'subtree', <br />
);<br />
include_once('drivers_ldap.php');<br />
<br />
== Kerberos Authentication ==<br />
<br />
You can use mod_auth_kerb in apache to get kerberos authentication for your davical accounts. Apache-Config Snippet:<br />
<pre><br />
<Directory /usr/share/davical/htdocs/><br />
AuthType Kerberos<br />
AuthName "Calendar Login"<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
<br />
Require valid-user<br />
# the following is available since mod_auth_kerb 5.4, it maps full kerberos principal "foo@FOOBAR.COM" to "foo"<br />
KrbLocalUserMapping On <br />
</Directory><br />
</pre><br />
<br />
The ldap configuration has to be extended with a:<br />
<br />
<pre><br />
$c->authenticate_hook['config'] = array(<br />
// ...<br />
'i_use_mode_kerberos' => "i_know_what_i_am_doing",<br />
// ...<br />
);<br />
</pre><br />
<br />
== Updating User Information from LDAP ==<br />
<br />
This option will only appear in the tools section of the admin web interface if you have configured DAViCal to operate with your LDAP server.<br />
<br />
It allows you to synchronise the DAViCal user database with the LDAP one. Normally this should be unecessary, since a synchronisation happens for a user when their information in DAViCal is older than that from LDAP, but it can be useful to use to prepopulate DAViCal so that you can configure groups and grants before people log in and use their calendars.<br />
<br />
== Prevent single users from being synced from LDAP ==<br />
<br />
If there is some user you do not want to sync from LDAP, put their username in this list:<br />
<br />
For example:<br />
<br />
$c->do_not_sync_from_ldap = array( 'admin' => true, 'mrbond' => true );<br />
<br />
This would set user's 'admin' & 'mrbond' to not be synchronised from your LDAP data. This can be useful if you want to retain a DAViCal specific Administrative user without having a user of that name in your LDAP database, or any other reason you can think up for wanting to have DAViCal users who are not in LDAP...<br />
<br />
== Fallback to internal authentication on failure ==<br />
<br />
In some cases it is desirable that you fallback to DAViCal's internal authentication when external authentication fails. You<br />
might desire this if you have some locally configured users in addition to the majority who are in the LDAP server.<br />
<br />
In such a case you can set:<br />
<br />
$c->authenticate_hook['optional'] = true;<br />
<br />
in your configuration file. This doesn't make authentication optional: everyone will still need a username and password! It just means<br />
that for someone who is not present in the external authentication system their credentials will then be checked against the internal<br />
system and they'll be allowed in if that matches then.<br />
<br />
{{AvailableFrom|0.9.8.4}}<br />
<br />
[[Category:Configuration]]</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings&diff=3735Configuration/Authentication Settings2017-01-19T10:23:39Z<p>Fsfs: add group_member_dnfix</p>
<hr />
<div>== Internal Authentication ==<br />
<br />
No special configuration should be needed for DAViCal's built-in user and group management.<br />
<br />
== External Authentication ==<br />
<br />
=== Using OpenLDAP ===<br />
<br />
See [[Configuration/Authentication_Settings/LDAP|LDAP Configuration]] for some detailed examples of configuring DAViCal to use an LDAP server for an authentication source. Here is a brief OpenLDAP working example, however that'd go in your <tt>/etc/davical/<servername>-conf.php</tt> config file:<br />
<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net',<br />
'port' => '389',<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
'passDN'=> 'xxxxxxxx',<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net',<br />
'filterUsers' => 'objectClass=InetOrgPerson',<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net',<br />
'filterGroups' => 'objectClass=posixGroup',<br />
'mapping_field' => array('username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'email' =>'mail'<br />
),<br />
'group_mapping_field' => array(<br />
'username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
),<br />
'group_member_dnfix' => true,<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2))<br />
'scope' => 'subtree', <br />
);<br />
include_once('drivers_ldap.php');<br />
<br />
<br />
'''NB:''' it's important to remember to install the LDAP modules for PHP (the <tt>php5-ldap</tt> package under debian/ubuntu).<br />
<br />
=== Using ActiveDirectory ===<br />
<br />
See [[Configuration/Authentication_Settings/Active_Directory]] for an example configuration.<br />
<br />
=== Using a different 'AWL' database ===<br />
<br />
The "AWL" library contains the basic database structure for user data which is used by DAViCal, and it is possible to use this data from a different database. This plugin is written more-or-less as an example of how to write an authentication plugin, but may be useful.<br />
<br />
=== When the Webserver does the authentication ===<br />
<br />
It is quite common that the webserver can do the authentication for you, and you just want DAViCal to trust the username that the webserver will pass through.<br />
<br />
In this case you can set something like:<br />
<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
<br />
to match the types of authentication which your server is providing to PHP as "$_SERVER['AUTH_TYPE']". DAViCal will then trust the value received as $_SERVER['REMOTE_USER'] (or, beginning with 1.1.2, $_SERVER['REDIRECT_REMOTE_USER']) to be correct.<br />
<br />
The above will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
One could also set an array to accept different types, e.g.:<br />
$c->authenticate_hook['server_auth_type'] = array('Negotiate','Basic');<br />
but of course, these types must exist (it seems Negotiate does not).<br />
<br />
This does not work together with the ldap_driver (at least in davical 1.0.2). You may get it working with the $c->authenticate_hook['config']['i_use_mode_kerberos'] = "i_know_what_i_am_doing" though.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).</div>Fsfshttps://wiki.davical.org/index.php?title=Release_Notes/1.1.5&diff=3732Release Notes/1.1.52017-01-09T13:22:20Z<p>Fsfs: Created page with "{{released|2017-01-XX|1.1.4}}{{TOCright}} This release contains a lot of bug fixes, a commandline interface for administering DAViCal, and support for feeding monitoring and..."</p>
<hr />
<div>{{released|2017-01-XX|1.1.4}}{{TOCright}}<br />
<br />
This release contains a lot of bug fixes, a commandline interface for administering DAViCal, and support for feeding monitoring and performance data.<br />
<br />
== Prerequisites for Upgrade ==<br />
=== Database Upgrade ===<br />
* Add/Alter tables for dealing with remote attendee handling<br />
* Sequence counters for reporting metrics for monitoring<br />
<br />
=== Upgrades of Other Software ===<br />
* AWL 0.57 is required.<br />
<br />
== Changes ==<br />
<br />
=== Bug Fixes ===<br />
* Fetch external resources ignores the external_refresh setting (#92)<br />
* Temporary Password Sent (#94)<br />
* psql functions not found (#26)<br />
* "modified" attribute can't be mapped to LDAP schema (#99)<br />
* Broken handling of CATEGORIES (#82)<br />
* Config: $c->local_tzid not used and even throwing an error? (#35)<br />
* PHP options 'open_basedir' / 'allow_url_fopen' are not handled properly (#57)<br />
* add_member problems when PATH_INFO is not set (#96)<br />
* "redeclaration" an other apigen errors (#85)<br />
* Cannot delete collections within a group, despite sufficient priviliges (#47)<br />
* "Call to undefined method Principal::fullname()" (#101)<br />
* Infinite loop when finding delegates (#48)<br />
* Davical returns 404 on group-member-set (#88)<br />
* Updated external resources don't update the sync_token (#93)<br />
* Support for X-Forwarded-Proto (#87)<br />
* use https for the current_davical_version check (#1)<br />
* support for bulk addressbook import (#74)<br />
* default_relationships now working with all auth drivers, including internal auth (#75)<br />
* Logout does not work when a LSID cookie is there (#56)<br />
* don't show logout button, when non-session/cookie based login is used (#67)<br />
* DAViCal session is not disabled after logout (#65)<br />
* ldap group import: unset group after import (!35)<br />
* user name from external authentication is mangled up (AWL #1, #2)<br />
* Fix a regression with backslash-escaping of backslashes and semicolons in some properties (AWL)<br />
<br />
=== Other Changes ===<br />
* Add support for a /metrics.php endpoint which can be scraped by Prometheus for collecting monitoring and performance data<br />
* scripts/davical-cli: a command-line interface to DAViCal<br />
* No edit buttons shown in Admin interface when user is not allowed to edit<br />
* Support "Prefer: return=minimal" as specified in RFC7240 in addition to previous "return-minimal"<br />
* New config options: $c->default_query_warning_threshold, $c->trust_x_forwarded<br />
* Add filtering to debug logging, so it can be limited to certain users or IP addresses: $c->dbg_filter["remoteIP"][] and $c->dbg_filter["authenticatedUser"][]<br />
* Updates to regression test suite, now mostly functional again<br />
* General cleanup around deprecated functions and funny whitespaces<br />
<br />
== Downloading DAViCal ==<br />
<br />
DAViCal 1.1.5: [https://gitlab.com/davical-project/davical/tags/r1.1.5 https://gitlab.com/davical-project/davical/tags/r1.1.5]<br />
<br />
AWL 0.57: [https://gitlab.com/davical-project/awl/tags/r0.57 https://gitlab.com/davical-project/awl/tags/r0.57]<br />
<br />
See [[Downloading]]<br />
<br />
== Known Issues ==<br />
=== Subsequently Fixed in Git ===<br />
<br />
=== Outstanding ===<br />
* None known.</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/hide_alarm&diff=3731Configuration/settings/hide alarm2017-01-08T21:10:07Z<p>Fsfs: </p>
<hr />
<div> $c->hide_alarm = true;<br />
<br />
default: false<br />
<br />
If true, then VALARM from someone other than the admin or owner of a calendar will not be included in the response.<br />
<br />
The default is false because the preferred behaviour is to enable/disable the alarms in your CalDAV client software.<br />
<br />
{{AvailableFrom|0.6 or so}}</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/locale_path&diff=3730Configuration/settings/locale path2017-01-08T20:58:35Z<p>Fsfs: </p>
<hr />
<div> $c->locale_path = '/path/to/davical/locale/files';<br />
<br />
default: ../locale<br />
<br />
It is possible that you have installed DAViCal in a non-standard manner, and DAViCal can't find it's locale files, or you want it to use some different ones that you're writing to submit to the developers (yes please!). In the normal course of events this should not be a problem, and DAViCal should find it's locale files just fine.<br />
<br />
It is recommended that you do not set this unless you need it for reasons that only you will know.<br />
<br />
{{AvailableFrom|0.9.9}}</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/use_old_sync_response_tag&diff=3729Configuration/settings/use old sync response tag2017-01-08T20:30:15Z<p>Fsfs: </p>
<hr />
<div> $c->use_old_sync_response_tag = true;<br />
<br />
default: false<br />
<br />
If set to true, then the WebDAV Sync REPORT will use DAV::sync-response rather than DAV::response.<br />
<br />
This is needed by the Inverse CardDAV plugin from SOGo - at least until they get support for the -03 release of WebDAV sync.<br />
<br />
It's probably a bad idea to use this setting, since the sync format has changed significantly and SOGo really needs to update their support for it.<br />
<br />
{{AvailableFrom|0.9.9.3}}<br />
<br />
'''Removed in 0.9.9.4'''</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/LDAP&diff=3728Configuration/Authentication Settings/LDAP2017-01-08T20:07:05Z<p>Fsfs: </p>
<hr />
<div>DAViCal supports LDAP Authentication. This page provides configuration settings and an example of configuring DAViCal with LDAP at version 0.9.3 and newer (the code itself sits in <tt>inc/drivers_ldap.php</tt>).<br />
<br />
Some authentication examples, including LDAP, are also shown in [[Configuration]], and in the ''config'' directory in the tarball.<br />
<br />
For LDAP Authentication, it's important to install the LDAP modules for PHP (the <tt>php5-ldap</tt> package under debian/ubuntu). <br />
<br />
== Introduction ==<br />
<br />
DAViCal has it's own user database. Even if you configure DAViCal to authenticate against your LDAP server, all it's going to do is trying to synchronize it's own database with the part of your LDAP tree you specified. The reason for that is simply, that DAViCal will always try to protect it's data and it won't take a missing LDAP user as enough of a reason to purge all his calendars and contacts. Instead it will render him 'inactive', so if you really wan't to get rid of a user you'll have to delete him twice: in your LDAP structure and via the DAViCal admin interface.<br />
<br />
When a user logs in for the first time, an SQL record is created from the LDAP data using the mappings above: a cn entry in LDAP becomes username in SQL, all other attributes are mapped accordingly to your configuration file. If LDAP authentication is activated and configured DAViCal won't save the users password in the database! LDAP is to do the authentication after all. That also means that if you loose your LDAP data for some reason, your users won't be able to access their calendar or contacts either (but at least they'll still be there, which should be good news for you at this point.)<br />
<br />
You import/sync users and groups via the "Administration --> Tools --> Sync with LDAP" menu in the web interface. It will check both, the users in your LDAP tree and the ones in it's own database. As said, if a user is absent in LDAP but active in DAViCal it will render him 'inactive' and thereby deny him access to any calendar ressources. Does the user exist on both sides, DAViCal will try to update the user according to the changes in its LDAP attributes, if any. If DAViCal finds users in your LDAP that it doesn't know about it will create a new user in it's SQL database. Therefor you should try to be precise when you define the user tree in the LDAP section of your DAViCal configuration - otherwise you'll end up with all sorts of useless accounts and ressources in your DAViCal database.<br />
<br />
Support for group import was added in 0.9.9. You'll need the <tt>baseDNGroups</tt>, <tt>filterGroups</tt> and <tt>group_mapping_field</tt> set in the config to import groups (see the example below or the <tt>example-config.php</tt> in the source).<br />
<br />
== Supported features ==<br />
<br />
{{Tlist}}<br />
{{TRlist}}OpenLDAP and ActiveDirectory support<br />
{{TDlist}}<br />
{{TRlist}}SSL, TLS and Unix socket support all in URI notation<br />
{{TDlist}}e.g. ldapi:// over Unix socket, ldaps://:636 over SSL and ldap://:389 over TLS<br />
{{TRlist}}Support for both anonymous and non-anonymous bind<br />
{{TDlist}}<br />
{{TRlist}}No dependency at all on the schema that is being used<br />
{{TDlist}}you define the attribute mapping<br />
{{TRlist}}Group Mapping<br />
{{TDlist}}see [[LDAP_groups]] for slightly more information<br />
{{TRlist}}Support for filtered LDAP searches<br />
{{TDlist}}allows to save bandwith and ressources by querying the LDAP server for a smaller subset of information<br />
{{TRlist}}Support for both the native application authentication and LDAP<br />
{{TDlist}}the current authentication hook allows for authentication to fall back to the local database<br />
{{TRlist}}User defined timeout durations for LDAP connections<br />
{{TDlist}}<br />
{{TRlist}}User sync via CRON script<br />
{{TDlist}}<br />
|}<br />
<br />
== LDAP Settings ==<br />
<br />
The settings for the LDAP connection go in the config file <tt>/etc/davical/config.php</tt> (or perhaps <tt>/etc/davical/<servername>-conf.php</tt>).<br />
<br />
<pre><br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => '<LDAP SERVER>', //host name of your LDAP Server, use URI notation for LDAP over SSL on port 636<br />
'port' => '<PORT>', //port<br />
'bindDN' => '<BIND-CONTAINER/USERNAME>', //DN to bind request to this server (if required)<br />
'passDN' => '<PASSWORD>', //Password of request bind<br />
'baseDNUsers' => 'cn=Users,dc=company,dc=com', //where to look for valid user<br />
'filterUsers' => 'objectClass=inetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups<br />
'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames<br />
'protocolVersion' => 3, //important for simple auth (no sasl)<br />
'optReferrals' => 0, //whether to automatically follow referrals returned by the LDAP server<br />
'networkTimeout' => 10, //timeout in seconds<br />
// 'startTLS' => true, //securing your LDAP connection<br />
'mapping_field' => array(<br />
'username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn', //"Common Name"<br />
// 'user_no' => 'uidNumber', //set DAViCal user no to match Unix uid from LDAP (may cause sql_from_object problems if these user ids do not actually match...)<br />
'email' => 'mail', <br />
// 'active' => , //switch calendar users on/off via ldap attribute<br />
)<br />
'group_mapping_field' => array('username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
), //used to create the group based on the ldap properties<br />
'default_value' => array("date_format_type" => "E","locale" => "en_EN"),<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2)), // map LDAP "modifyTimestamp" field to SQL "updated" field<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree (BOTH, user and group mappings)<br />
);<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
Explanation of parameters:<br />
{{Tlist}}<br />
{{TRlist}}host<br />
{{TDlist}}The hostname of the LDAP server. Use DNS names or IP addresses or use URI notation for more specific ways to connect (e.g. ldap over SSL)<br />
{{TRlist}}port<br />
{{TDlist}}The port to connect to the LDAP server on<br />
{{TRlist}}bindDN<br />
{{TDlist}}The DN to bind to - leave this empty for anonymous authentication<br />
{{TRlist}}passDN<br />
{{TDlist}}The password for the bind - leave this empty for anonymous authentication<br />
{{TRlist}}baseDNUsers<br />
{{TDlist}}The base DN to look in for valid users<br />
{{TRlist}}filterUsers<br />
{{TDlist}}A filter which must pass for this to be a valid user<br />
{{TRlist}}baseDNGroups<br />
{{TDlist}}The base DN to look in for valid group<br />
{{TRlist}}filterGroups<br />
{{TDlist}}A filter which must pass for this to be a valid group<br />
{{TRlist}}mapping_field<br />
{{TDlist}}An array of DAViCal field names vs. their LDAP mappings<br />
{{TRlist}}group_mapping_field<br />
{{TDlist}}An array of DAViCal field names vs. their LDAP mappings<br />
{{TRlist}}default_value<br />
{{TDlist}}An array of DAViCal field names vs. fixed default values<br />
{{TRlist}}format_updated<br />
{{TDlist}}An array, keyed on Y, m, d, H, M and S with the values being arrays of (start,length) for substring operations on the DAViCal 'updated' field sourced from LDAP.<br />
{{TRlist}}scope<br />
{{TDlist}}The search scope for all LDAP searches (users and groups). Allowed values: base, onelevel, subtree.<br />
|}<br />
<br />
== Working Example ==<br />
<br />
If your OpenLDAP server allows authentication from Apache 2.0 with an httpd config like:<br />
<br />
<pre><br />
<IfModule mod_auth_ldap.c><br />
AuthLDAPURL ldap://ldap.example.com/o=example<br />
AuthName "Example Inc. users"<br />
AuthType Basic<br />
</IfModule><br />
order deny,allow<br />
deny from all<br />
require valid-user<br />
satisfy any<br />
</pre><br />
<br />
Then the following config allows authentication from DAViCal via LDAP:<br />
<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net',<br />
'port' => '389',<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
'passDN'=> 'xxxxxxxx',<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net',<br />
'filterUsers' => 'objectClass=InetOrgPerson',<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net',<br />
'filterGroups' => 'objectClass=posixGroup',<br />
'mapping_field' => array('username' => 'uid',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'email' => 'mail'<br />
),<br />
'group_mapping_field' => array(<br />
'username' => 'cn',<br />
'modified' => 'modifyTimestamp',<br />
'fullname' => 'cn' ,<br />
'members' =>'memberUid'<br />
),<br />
'format_updated'=> array('Y' => array(0,4),<br />
'm' => array(4,2),<br />
'd' => array(6,2),<br />
'H' => array(8,2),<br />
'M' => array(10,2),<br />
'S' => array(12,2))<br />
'scope' => 'subtree', <br />
);<br />
include_once('drivers_ldap.php');<br />
<br />
== Kerberos Authentication ==<br />
<br />
You can use mod_auth_kerb in apache to get kerberos authentication for your davical accounts. Apache-Config Snippet:<br />
<pre><br />
<Directory /usr/share/davical/htdocs/><br />
AuthType Kerberos<br />
AuthName "Calendar Login"<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
<br />
Require valid-user<br />
# the following is available since mod_auth_kerb 5.4, it maps full kerberos principal "foo@FOOBAR.COM" to "foo"<br />
KrbLocalUserMapping On <br />
</Directory><br />
</pre><br />
<br />
The ldap configuration has to be extended with a:<br />
<br />
<pre><br />
$c->authenticate_hook['config'] = array(<br />
// ...<br />
'i_use_mode_kerberos' => "i_know_what_i_am_doing",<br />
// ...<br />
);<br />
</pre><br />
<br />
== Updating User Information from LDAP ==<br />
<br />
This option will only appear in the tools section of the admin web interface if you have configured DAViCal to operate with your LDAP server.<br />
<br />
It allows you to synchronise the DAViCal user database with the LDAP one. Normally this should be unecessary, since a synchronisation happens for a user when their information in DAViCal is older than that from LDAP, but it can be useful to use to prepopulate DAViCal so that you can configure groups and grants before people log in and use their calendars.<br />
<br />
== Prevent single users from being synced from LDAP ==<br />
<br />
If there is some user you do not want to sync from LDAP, put their username in this list:<br />
<br />
For example:<br />
<br />
$c->do_not_sync_from_ldap = array( 'admin' => true, 'mrbond' => true );<br />
<br />
This would set user's 'admin' & 'mrbond' to not be synchronised from your LDAP data. This can be useful if you want to retain a DAViCal specific Administrative user without having a user of that name in your LDAP database, or any other reason you can think up for wanting to have DAViCal users who are not in LDAP...<br />
<br />
== Fallback to internal authentication on failure ==<br />
<br />
In some cases it is desirable that you fallback to DAViCal's internal authentication when external authentication fails. You<br />
might desire this if you have some locally configured users in addition to the majority who are in the LDAP server.<br />
<br />
In such a case you can set:<br />
<br />
$c->authenticate_hook['optional'] = true;<br />
<br />
in your configuration file. This doesn't make authentication optional: everyone will still need a username and password! It just means<br />
that for someone who is not present in the external authentication system their credentials will then be checked against the internal<br />
system and they'll be allowed in if that matches then.<br />
<br />
{{AvailableFrom|0.9.8.4}}<br />
<br />
[[Category:Configuration]]</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/do_not_sync_from_ldap&diff=3727Configuration/settings/do not sync from ldap2017-01-08T15:50:27Z<p>Fsfs: </p>
<hr />
<div> $c->do_not_sync_from_ldap = array( 'admin' => true );<br />
<br />
A list of usernames that should not be synced from LDAP. For use with the LDAP driver only.<br />
<br />
Note this setting does not mean that LDAP authentication is not attempted for the named user(s), it simply means that when the list of users is synced from LDAP and any of these users are unknown to LDAP, they will ''not'' be deleted from DAViCal. If users not known to LDAP should be able to log on, you will probably want to set<br />
<br />
$c->authenticate_hook['optional'] = true;</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/default_relationships&diff=3726Configuration/settings/default relationships2017-01-06T13:54:02Z<p>Fsfs: formatting</p>
<hr />
<div>If the $c->default_privileges is not suitable for desired permission settings, for complex permission management you can use $c->default_relationships:<br />
<br />
<pre><br />
$c->default_relationships = array(<br />
4563 => array('read','read-current-user-privilege-set'),<br />
4564 => array('read','read-current-user-privilege-set','read-free-busy','schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy'),<br />
4565 => array('read','write-properties','write-content','read-current-user-privilege-set','bind','unbind','read-free-busy','schedule-deliver-invite',<br />
'schedule-deliver-reply','schedule-query-freebusy')<br />
);<br />
</pre><br />
<br />
This would set principals grants with specified permissions for newly created users. For example: <b>4563 =&gt; array('read','read-current-user-privilege-set')</b> allows <b>read</b> and <b>read-current-user-privilege-set</b> to principal with ID 4563.<br />
<br />
<br />
{{AvailableFrom|0.9.8.5}} for users created with the LDAP driver<br />
<br />
{{AvailableFrom|1.1.5}} for internal auth and all drivers shipped with DAViCal</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/settings/default_relationships&diff=3725Configuration/settings/default relationships2017-01-06T13:53:24Z<p>Fsfs: default relationships now added with all drivers and internal auth</p>
<hr />
<div>If the $c->default_privileges is not suitable for desired permission settings, for complex permission management you can use $c->default_relationships:<br />
<br />
<pre><br />
$c->default_relationships = array(<br />
4563 => array('read','read-current-user-privilege-set'),<br />
4564 => array('read','read-current-user-privilege-set','read-free-busy','schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy'),<br />
4565 => array('read','write-properties','write-content','read-current-user-privilege-set','bind','unbind','read-free-busy','schedule-deliver-invite',<br />
'schedule-deliver-reply','schedule-query-freebusy')<br />
);<br />
</pre><br />
<br />
This would set principals grants with specified permissions for newly created users. For example: <b>4563 =&gt; array('read','read-current-user-privilege-set')</b> allows <b>read</b> and <b>read-current-user-privilege-set</b> to principal with ID 4563.<br />
<br />
<br />
{{AvailableFrom|0.9.8.5}} for users created with the LDAP driver<br />
{{AvailableFrom|1.1.5}} for internal auth and all drivers shipped with DAViCal</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration_settings&diff=3724Configuration settings2016-12-29T15:19:15Z<p>Fsfs: typo</p>
<hr />
<div>{{TOCright}}<br />
As well as reading the details below, also consider looking at [[Configuration/settings]] which is the index into the wiki pages listing each individual setting, and where these settings will be maintained more exhaustively in the future.<br />
<br />
== Mandatory Settings ==<br />
<br />
=== pg_connect ===<br />
<br />
Ex : <code>$c->pg_connect[] = 'dbname=davical port=5432 user=general'</code><br />
<br />
The application will attempt to connect to the database, successively applying connection parameters from the array in $c->pg_connect.<br />
<br />
used in the web interface but also the caldav Server<br />
<br />
<pre><br />
$c->pg_connect[] = "dbname=davical user=davical_app";<br />
</pre><br />
<br />
As well as setting ''dbanme'' and ''user'', PostgreSQL accepts values for ''port'', ''host'', ''password'' and maybe even more - check the PostgreSQL docs if you need something really odd.<br />
<br />
'''Note:''' From version 0.9.9.4 there is an alternate syntax available (though the old one will continue to work) which is:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical port=5432 host=dbhost', 'dbuser' => 'davical_app', 'dbpass' => 'fred' );<br />
Or, for a local DB on the default port with trustauthentication:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical', 'dbuser' => 'davical_app' );<br />
<br />
<br />
== Desirable ==<br />
=== system_name ===<br />
<br />
See [[Configuration/settings/system_name|here]].<br />
<br />
=== Domain Settings ===<br />
<br />
See [[Configuration/settings/domain_name|here]].<br />
<br />
=== Localization ===<br />
<br />
<pre><br />
/**<br />
* The default locale will be "en";<br />
* If you are in a non-English locale, you can set the default_locale<br />
* configuration to one of the supported locales.<br />
*<br />
* Supported Locales (at present, see: "select * from supported_locales ;" for a full list)<br />
*<br />
* "de_DE", "en_NZ", "es_AR", "fr_FR", "nl_NL", "ru_RU"<br />
*<br />
* If you want locale support you probably know more about configuring it than me, but<br />
* at this stage it should be noted that all translations are UTF-8, and pages are<br />
* served as UTF-8, so you will need to ensure that the UTF-8 versions of these locales<br />
* are supported on your system.<br />
*<br />
* People interested in providing new translations are directed to the Wiki:<br />
* http://rscds.sourceforge.net/moin/TranslatingRscds<br />
**/<br />
// $c->default_locale = "en_NZ";<br />
</pre><br />
<br />
=== hide_TODO ===<br />
<br />
See [[Configuration/settings/hide_TODO|here]].<br />
<br />
=== readonly_webdav_collections ===<br />
<br />
See [[Configuration/settings/readonly_webdav_collections|here]].<br />
<br />
=== admin_email ===<br />
<br />
See [[Configuration/settings/admin_email|here]].<br />
<br />
=== default_relationships ===<br />
<br />
See [[Configuration/settings/default_relationships|here]].<br />
<br />
== Probably Not Needed ==<br />
=== enable_row_linking ===<br />
default=true<br />
<br />
If true the admin web interface will have link on name to access details<br />
<br />
The "enable_row_linking" option controls whether javascript is used to make the entire row clickable in browse lists in the administration pages. Since this didn't work with Konqueror at some point in the past you may want to set this to false if people experience problems using the DAViCal administration pages.<br />
<br />
<pre><br />
$c->enable_row_linking = true;<br />
</pre><br />
<br />
=== local_styles ===<br />
These should be an array of style sheets with a path specified relative to the root directory. These settings can be used for overriding display styles in the admin interface.<br />
<br />
e.g. : $c->local_styles = array('/css/my.css');<br />
<br />
<pre><br />
$c->local_styles = array();<br />
$c->print_styles = array();<br />
</pre><br />
<br />
=== home_calendar_name ===<br />
<br />
See [[Configuration/settings/home_calendar_name|here]].<br />
<br />
== Probably a Bad Idea ==<br />
=== collections_always_exist ===<br />
The "collections_always_exist" value defines whether a MKCALENDAR command is needed to create a calendar collection before calendar resources can be stored in it. This should not be required since each created user will have a calendar created for them. The default is 'false'.<br />
<br />
<pre><br />
// $c->collections_always_exist = true;<br />
</pre><br />
<br />
=== hide_alarm ===<br />
<br />
See [[Configuration/settings/hide_alarm|here]].<br />
<br />
=== allow_get_email_visibility ===<br />
<br />
See [[Configuration/settings/allow_get_email_visibility|here]].<br />
<br />
== External Authentication Sources ==<br />
<br />
To allow specifying another way to control access by authenticating the user against external authentication sources such as LDAP (the default is the PgSQL DB), $c->authenticate_hook['call'] should be set to the name of a user-defined function (usually included from one of the drivers_*.php files) that will be called like this:<br />
call_user_func( $c->authenticate_hook['call'], $username, $password )<br />
<br />
This login mechanism is used in 2 places:<br />
* for the web interface in: index.php that calls DAViCalSession.php that extends Session.php (from AWL libraries)<br />
* for the caldav client in: caldav.php that calls BasicAuthSession.php<br />
Both Session.php and BasicAuthSession.php check against the authenticate_hook['call'], although for BasicAuthSession.php this will be for every request. For Session.php this will only occur once during login.<br />
<br />
$c->authenticate_hook['config'] should be set up with any configuration data needed by the authentication driver.<br />
<br />
In case the login via the external authentication method is just optional (e.g. to allow access to users that are not covered by that method, but are manually created in davical), the method has to be marked as optional<br />
$c->authenticate_hook['optional']=true;<br />
<br />
[[Auth_Plugin|AuthPlugins.php]] contains implementations of two example authentication hooks, auth_external (still used for BASIC auth) and auth_other_awl.<br />
<br />
=== General Example ===<br />
<br />
<pre><br />
/*<br />
* Other AWL hook<br />
*/<br />
require_once('auth-functions.php');<br />
<br />
$c->authenticate_hook['call'] = 'AuthExternalAwl';<br />
$c->authenticate_hook['config'] = array(<br />
// A PgSQL database connection string for the database containing user records<br />
'connection' => 'dbname=wrms host=otherhost port=5433 user=general',<br />
// Which columns should be fetched from the database<br />
'columns' => "user_no, active, email_ok, joined, last_update AS updated, last_used, username, password, fullname, email",<br />
// a WHERE clause to limit the records returned.<br />
'where' => "active AND org_code=7"<br />
);<br />
</pre><br />
<br />
=== LDAP / OpenLDAP ===<br />
<br />
<pre><br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net', //host name of your LDAP Server<br />
'port' => '389', //port<br />
<br />
/* For the initial bind to be anonymous leave bindDN and passDN<br />
commented out */<br />
// DN to bind to this server enabling to perform request<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
// Password of the previous bindDN to bind to this server enabling to perform request<br />
'passDN'=> 'xxxxxxxx',<br />
<br />
'protocolVersion' => '3', //Version of LDAP protocol to use<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user<br />
'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM<br />
'filterGroups' => 'objectClass=groupOfUniqueNames', //not used ATM<br />
/** /!\ "username" should be set and "updated" must be set **/<br />
'mapping_field' => array("username" => "uid",<br />
"updated" => "modifyTimestamp",<br />
"fullname" => "cn" ,<br />
"email" =>"mail"<br />
), //used to create the user based on his ldap properties<br />
/** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/<br />
'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),<br />
/** foreach key set start and length in the string provided by ldap<br />
example for openLDAP timestamp : 20070503162215Z **/<br />
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),<br />
<br />
'startTLS' => 'yes', // Require that TLS is used for LDAP?<br />
// If ldap_start_tls is not working, it is probably<br />
// because php wants to validate the server's<br />
// certificate. Try adding "TLS_REQCERT never" to the<br />
// ldap configuration file that php uses (e.g. /etc/ldap.conf<br />
// or /etc/ldap/ldap.conf). Of course, this lessens security!<br />
<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree.<br />
// Allowed values: base, onelevel, subtree.<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Apache Module does the Authentication ===<br />
<br />
In this situation we just want to pull the username from the headers that Apache gives us. You can use this for Kerberos or many other forms of authentication just fine.<br />
<br />
<pre><br />
/*<br />
* Use Apache-supplied headers and believe them<br />
*/<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
</pre><br />
<br />
This will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
The ''server_auth_type'' setting must match the value provided by the webserver in the '''AUTH_TYPE''' environment variable. DAViCal will look for the username of the authenticated user in the '''REMOTE_USER''' (and beginning with 1.1.2 '''REDIRECT_REMOTE_USER''') environment variable.<br />
<br />
Note that this method does not pull any account details from anywhere, so you will still need to create an account in DAViCal for each username that will authenticate in this way - just that the password on that account will be ignored and authentication will happen through the authentication method that Apache is configured with.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).<br />
<br />
=== Active Directory (AD) ===<br />
<br />
<pre><br />
/*<br />
* Use the following LDAP example if you are using Active Directory<br />
*<br />
* You will need to change host, passDN and DOMAIN in bindDN and baseDNUsers.<br />
*/<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'ldap://ldap.example.net',<br />
'bindDN' => 'auth@DOMAIN',<br />
'passDN' => 'secret',<br />
'baseDNUsers' => 'dc=DOMAIN,dc=local',<br />
'protocolVersion' => 3,<br />
'optReferrals' => 0,<br />
'filterUsers' => '(&(objectcategory=person)(objectclass=user)(givenname=*))',<br />
'mapping_field' => array("username" => "uid",<br />
"fullname" => "cn" ,<br />
"email" => "mail"),<br />
'default_value' => array("date_format_type" => "E","locale" => "en_NZ"),<br />
'format_updated' => array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Pluggable Authentication Modules (PAM) ===<br />
Allows directly authenticating existing system users. There are two options: PWauth or Squid.<br />
<br />
Both methods require that the password is transmitted in plain-text. Requiring encrypted connections with TLS is strongly recommended. PWauth's wiki page on [http://code.google.com/p/pwauth/wiki/Risks security risks] is recommended reading before offering to authenticate system users.<br />
<br />
Setting the email_base is required, but whether it is used or not depends on how accounts are authenticated on the system.<br />
<br />
<br />
==== PWauth ====<br />
Installing the Debian/Ubuntu package (available in each distribution's respective 'universe' repositories) will offer authentication against PAM out of the box.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the PWauth helper program.<br />
*/<br />
$c->authenticate_hook['call'] = 'PWAUTH_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'path' => '/usr/sbin/pwauth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_pwauth_pam.php');<br />
</pre><br />
<br />
Other distributions may have alternate paths to the helper program. Locate it using the ''whereis'' command after installing.<br />
<br />
==== Squid ====<br />
Requires that Squid is configured to offer PAM authentication. Not covered by this documentation.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the Squid helper script.<br />
*/<br />
$c->authenticate_hook['call'] = 'SQUID_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'script' => '/usr/bin/pam_auth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_squid_pam.php');<br />
</pre></div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/Active_Directory_(with_NTLM)&diff=3720Configuration/Authentication Settings/Active Directory (with NTLM)2016-12-02T22:51:15Z<p>Fsfs: /* DAViCal */</p>
<hr />
<div>To make DAViCal authenticate from Active Directory please read [[Configuration/Authentication Settings/Active Directory|Active Directory]] first.<br />
<br />
This page takes off from where [[Configuration/Authentication Settings/Active Directory|Active Directory]] leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.<br />
<br />
Please note that though the NTLMv3 protocol is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure <br />
environment such as a firewall protected LAN.<br />
<br />
Please also note that doing all this may '''NOT''' be worth the effort if your client of choice does not support NTLM. <br />
<br />
At the time of writing (Feb 26, 2008) the following have been confirmed to work;<br />
* IE6<br />
* Firefox2 (See the end of Apache Configuration below for how to get NTLM working on Firefox)<br />
* Lightning0.7 (Calendar Add-in for Thunderbird)<br />
<br />
<br />
===mod_ntlm===<br />
<br />
mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: [http://modntlm.sourceforge.net/ mod_ntlm].<br />
<br />
The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).<br />
<br />
Based on instructions found at [http://wiki.bestpractical.com/view/NtlmAuthentication Ntlm Authentication] I was able to compile the module. <br />
<br />
At this point let me review my environment just in case and for reference;<br />
* Ubuntu 7.10 Gutsy<br />
* Apache2.2<br />
* DAViCal 0.9.4<br />
* PostgreSQL 8.2<br />
* PHP5<br />
* mod_ntlm 2.0.1<br />
<br />
To compile the mod_ntlm module;<br />
<br />
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)<br />
diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c<br />
25,26c25,26<br />
< static int SMBlib_errno;<br />
< static int SMBlib_SMB_Error;<br />
---<br />
> int SMBlib_errno;<br />
> int SMBlib_SMB_Error;<br />
35c35<br />
< static SMB_State_Types SMBlib_State;<br />
---<br />
> SMB_State_Types SMBlib_State;<br />
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)<br />
diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile<br />
20c20<br />
< $(APXS) -i -a -n 'ntlm' mod_ntlm.so<br />
---<br />
> $(APXS) -i -a -n 'ntlm' mod_ntlm.la<br />
3. Finally edit '''mod_ntlm.c'''<br />
diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c<br />
590c590,596<br />
< apr_pool_sub_make(&sp,p,NULL);<br />
---<br />
> /*<br />
> * apr_pool_sub_make(&sp,p,NULL);<br />
> *<br />
> * This function call is not longer available with apache 2.2<br />
> * Try replacing it with apr_pool_create_ex()<br />
> */<br />
> apr_pool_create_ex(&sp,p,NULL,NULL);<br />
<br />
After doing these edits, the standard "make" and "make install" should run without mishap.<br />
<br />
===Apache Configuration===<br />
Now that mod_ntlm has been installed we need to configure Apache to use the module.<br />
Add the following to the file '''site-available/default''';<br />
<br />
AuthType NTLM<br />
NTLMAuth on<br />
NTLMAuthoritative on<br />
NTLMDomain mydomain.com<br />
NTLMServer dc1.mydomain.com<br />
NTLMBackup dc2.mydomain.com<br />
Require valid-user<br />
Satisfy all<br />
<br />
The above should be within the <directory> directive. Now restart your Apache Daemon.<br />
<br />
Now your Apache web server should be running NTLM authentication. Here's a test PHP page you can try to see if it is working.<br />
<br />
<?php<br />
echo "You have logged in as <nowiki><b></nowiki>". $_SERVER['REMOTE_USER']. "</b>";<br />
?><br />
<br />
If you see the page NTLM is working, if not you should get prompted to login.<br />
<br />
Note that if you are a Firefox user NTLM authentication is '''not''' enabled by default. To enable NTLM on Firefox;<br />
<br />
# Enter "about:config" at the address bar of your Firefox browser.<br />
# Type "ntlm" in the filter bar.<br />
# Double click on '''network.automatic-ntlm-auth.trusted-uris''' and enter the hostname of your DAViCal server here. (just the hostname, don't add "http://")<br />
<br />
===DAViCal===<br />
<br />
Now that Apache is setup for NTLM authentication, you need to setup DAViCal to do the same. This part is actually really simple.<br />
<br />
# In your '''servername-conf.php''' file under '''/etc/davical''', make sure you have the line '''include_once('drivers_ldap.php');'''<br />
# In the same place, set '''$c->authenticate_hook['config']['i_use_mode_kerberos'] = "i_know_what_i_am_doing";''' to have the ldap driver accept a REMOTE_USER from the webserver without trying to check a password.</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/Active_Directory_(with_NTLM)&diff=3719Configuration/Authentication Settings/Active Directory (with NTLM)2016-12-02T22:48:13Z<p>Fsfs: /* DAViCal */</p>
<hr />
<div>To make DAViCal authenticate from Active Directory please read [[Configuration/Authentication Settings/Active Directory|Active Directory]] first.<br />
<br />
This page takes off from where [[Configuration/Authentication Settings/Active Directory|Active Directory]] leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.<br />
<br />
Please note that though the NTLMv3 protocol is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure <br />
environment such as a firewall protected LAN.<br />
<br />
Please also note that doing all this may '''NOT''' be worth the effort if your client of choice does not support NTLM. <br />
<br />
At the time of writing (Feb 26, 2008) the following have been confirmed to work;<br />
* IE6<br />
* Firefox2 (See the end of Apache Configuration below for how to get NTLM working on Firefox)<br />
* Lightning0.7 (Calendar Add-in for Thunderbird)<br />
<br />
<br />
===mod_ntlm===<br />
<br />
mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: [http://modntlm.sourceforge.net/ mod_ntlm].<br />
<br />
The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).<br />
<br />
Based on instructions found at [http://wiki.bestpractical.com/view/NtlmAuthentication Ntlm Authentication] I was able to compile the module. <br />
<br />
At this point let me review my environment just in case and for reference;<br />
* Ubuntu 7.10 Gutsy<br />
* Apache2.2<br />
* DAViCal 0.9.4<br />
* PostgreSQL 8.2<br />
* PHP5<br />
* mod_ntlm 2.0.1<br />
<br />
To compile the mod_ntlm module;<br />
<br />
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)<br />
diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c<br />
25,26c25,26<br />
< static int SMBlib_errno;<br />
< static int SMBlib_SMB_Error;<br />
---<br />
> int SMBlib_errno;<br />
> int SMBlib_SMB_Error;<br />
35c35<br />
< static SMB_State_Types SMBlib_State;<br />
---<br />
> SMB_State_Types SMBlib_State;<br />
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)<br />
diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile<br />
20c20<br />
< $(APXS) -i -a -n 'ntlm' mod_ntlm.so<br />
---<br />
> $(APXS) -i -a -n 'ntlm' mod_ntlm.la<br />
3. Finally edit '''mod_ntlm.c'''<br />
diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c<br />
590c590,596<br />
< apr_pool_sub_make(&sp,p,NULL);<br />
---<br />
> /*<br />
> * apr_pool_sub_make(&sp,p,NULL);<br />
> *<br />
> * This function call is not longer available with apache 2.2<br />
> * Try replacing it with apr_pool_create_ex()<br />
> */<br />
> apr_pool_create_ex(&sp,p,NULL,NULL);<br />
<br />
After doing these edits, the standard "make" and "make install" should run without mishap.<br />
<br />
===Apache Configuration===<br />
Now that mod_ntlm has been installed we need to configure Apache to use the module.<br />
Add the following to the file '''site-available/default''';<br />
<br />
AuthType NTLM<br />
NTLMAuth on<br />
NTLMAuthoritative on<br />
NTLMDomain mydomain.com<br />
NTLMServer dc1.mydomain.com<br />
NTLMBackup dc2.mydomain.com<br />
Require valid-user<br />
Satisfy all<br />
<br />
The above should be within the <directory> directive. Now restart your Apache Daemon.<br />
<br />
Now your Apache web server should be running NTLM authentication. Here's a test PHP page you can try to see if it is working.<br />
<br />
<?php<br />
echo "You have logged in as <nowiki><b></nowiki>". $_SERVER['REMOTE_USER']. "</b>";<br />
?><br />
<br />
If you see the page NTLM is working, if not you should get prompted to login.<br />
<br />
Note that if you are a Firefox user NTLM authentication is '''not''' enabled by default. To enable NTLM on Firefox;<br />
<br />
# Enter "about:config" at the address bar of your Firefox browser.<br />
# Type "ntlm" in the filter bar.<br />
# Double click on '''network.automatic-ntlm-auth.trusted-uris''' and enter the hostname of your DAViCal server here. (just the hostname, don't add "http://")<br />
<br />
===DAViCal===<br />
<br />
Now that Apache is setup for NTLM authentication, you need to setup DAViCal to do the same. This part is actually really simple.<br />
<br />
# In your '''servername-conf.php''' file under '''/etc/davical''', make sure you have the line ''''' include_once('drivers_ldap.php')<br />
# In the same place, set '''$c->authenticate_hook['config']['i_use_mode_kerberos'] = "i_know_what_i_am_doing"''' to have the ldap driver accept a REMOTE_USER from the webserver without trying to check a password.</div>Fsfshttps://wiki.davical.org/index.php?title=Setup_Failure_Codes/Current_DAViCal_version&diff=3718Setup Failure Codes/Current DAViCal version2016-12-02T21:04:40Z<p>Fsfs: mention allow_url_fopen error message</p>
<hr />
<div>{{Minor_Setup_Failure}}<br />
<br />
This test checks the DAViCal website to find out the current released DAViCal version.<br />
<br />
If you're running an older version you might want to upgrade - especially if you're installing DAViCal!<br />
<br />
If the test is telling you that it cannot check the version because ''allow_url_fopen'' is set to ''false'', DAViCal is unable to access remote URLs due to restrictive security settings for PHP. This is not necessarily a bad thing!</div>Fsfshttps://wiki.davical.org/index.php?title=Configuration_settings&diff=3717Configuration settings2016-12-01T23:48:45Z<p>Fsfs: local_tzid is not used any more</p>
<hr />
<div>{{TOCright}}<br />
As well as reading the details below, also consider looking at [[Configuration/settings]] which is the index into the wiki pages listing each individual setting, and where these settings will be maintained more exhaustively in the future.<br />
<br />
== Mandatory Settings ==<br />
<br />
=== pg_connect ===<br />
<br />
Ex : <code>$c->pg_connect[] = 'dbname=davical port=5432 user=general'</code><br />
<br />
The application will attempt to connect to the database, successively applying connection parameters from the array in $c->pg_connect.<br />
<br />
used in the web interface but also the caldav Server<br />
<br />
<pre><br />
$c->pg_connect[] = "dbname=davical user=davical_app";<br />
</pre><br />
<br />
As well as setting ''dbanme'' and ''user'', PostgreSQL accepts values for ''port'', ''host'', ''password'' and maybe even more - check the PostgreSQL docs if you need something really odd.<br />
<br />
'''Note:''' From version 0.9.9.4 there is an alternate syntax available (though the old one will continue to work) which is:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical port=5432 host=dbhost', 'dbuser' => 'davical_app', 'dbpass' => 'fred' );<br />
Or, for a local DB on the default port with trustauthentication:<br />
$c->db_connect[] = array( 'dsn' => 'pgsql:dbname=davical', 'dbuser' => 'davical_app' );<br />
<br />
<br />
== Desirable ==<br />
=== system_name ===<br />
<br />
See [[Configuration/settings/system_name|here]].<br />
<br />
=== Domain Settings ===<br />
<br />
See [[Configuration/settings/domain_name|here]].<br />
<br />
=== Localization ===<br />
<br />
<pre><br />
/**<br />
* The default locale will be "en";<br />
* If you are in a non-English locale, you can set the default_locale<br />
* configuration to one of the supported locales.<br />
*<br />
* Supported Locales (at present, see: "select * from supported_locales ;" for a full list)<br />
*<br />
* "de_DE", "en_NZ", "es_AR", "fr_FR", "nl_NL", "ru_RU"<br />
*<br />
* If you want locale support you probably know more about configuring it than me, but<br />
* at this stage it should be noted that all translations are UTF-8, and pages are<br />
* served as UTF-8, so you will need to ensure that the UTF-8 versions of these locales<br />
* are supported on your system.<br />
*<br />
* People interested in providing new translations are directed to the Wiki:<br />
* http://rscds.sourceforge.net/moin/TranslatingRscds<br />
**/<br />
// $c->default_locale = "en_NZ";<br />
</pre><br />
<br />
=== hide_TODO ===<br />
<br />
See [[Configuration/settings/hide_TODO|here]].<br />
<br />
=== readonly_webdav_collections ===<br />
<br />
See [[Configuration/settings/readonly_webdav_collections|here]].<br />
<br />
=== admin_email ===<br />
<br />
See [[Configuration/settings/admin_email|here]].<br />
<br />
=== default_relationships ===<br />
<br />
See [[Configuration/settings/default_relationships|here]].<br />
<br />
== Probably Not Needed ==<br />
=== enable_row_linking ===<br />
default=true<br />
<br />
If true the admin web interface will have link on name to access details<br />
<br />
The "enable_row_linking" option controls whether javascript is used to make the entire row clickable in browse lists in the administration pages. Since this didn't work with Konqueror at some point in the past you may want to set this to false if people experience problems using the DAViCal administration pages.<br />
<br />
<pre><br />
$c->enable_row_linking = true;<br />
</pre><br />
<br />
=== local_styles ===<br />
These should be an array of style sheets with a path specified relative to the root directory. These settings can be used for overriding display styles in the admin interface.<br />
<br />
e.g. : $c->local_styles = array('/css/my.css');<br />
<br />
<pre><br />
$c->local_styles = array();<br />
$c->print_styles = array();<br />
</pre><br />
<br />
=== home_calendar_name ===<br />
<br />
See [[Configuration/settings/home_calendar_name|here]].<br />
<br />
== Probably a Bad Idea ==<br />
=== collections_always_exist ===<br />
The "collections_always_exist" value defines whether a MKCALENDAR command is needed to create a calendar collection before calendar resources can be stored in it. This should not be required since each created user will have a calendar created for them. The default is 'false'.<br />
<br />
<pre><br />
// $c->collections_always_exist = true;<br />
</pre><br />
<br />
=== hide_alarm ===<br />
<br />
See [[Configuration/settings/hide_alarm|here]].<br />
<br />
=== allow_get_email_visibility ===<br />
<br />
See [[Configuration/settings/allow_get_email_visibility|here]].<br />
<br />
== External Authentication Sources ==<br />
<br />
To allow specifying another way to control access by authenticating the user against external authentication sources such as LDAP (the default is the PgSQL DB), $c->authenticate_hook['call'] should be set to the name of a user-defined function (usually included from one of the driver_*.php files) that will be called like this:<br />
call_user_func( $c->authenticate_hook['call'], $username, $password )<br />
<br />
This login mechanism is used in 2 places:<br />
* for the web interface in: index.php that calls DAViCalSession.php that extends Session.php (from AWL libraries)<br />
* for the caldav client in: caldav.php that calls BasicAuthSession.php<br />
Both Session.php and BasicAuthSession.php check against the authenticate_hook['call'], although for BasicAuthSession.php this will be for every request. For Session.php this will only occur once during login.<br />
<br />
$c->authenticate_hook['config'] should be set up with any configuration data needed by the authentication driver.<br />
<br />
In case the login via the external authentication method is just optional (e.g. to allow access to users that are not covered by that method, but are manually created in davical), the method has to be marked as optional<br />
$c->authenticate_hook['optional']=true;<br />
<br />
[[Auth_Plugin|AuthPlugins.php]] contains implementations of two example authentication hooks, auth_external (still used for BASIC auth) and auth_other_awl.<br />
<br />
=== General Example ===<br />
<br />
<pre><br />
/*<br />
* Other AWL hook<br />
*/<br />
require_once('auth-functions.php');<br />
<br />
$c->authenticate_hook['call'] = 'AuthExternalAwl';<br />
$c->authenticate_hook['config'] = array(<br />
// A PgSQL database connection string for the database containing user records<br />
'connection' => 'dbname=wrms host=otherhost port=5433 user=general',<br />
// Which columns should be fetched from the database<br />
'columns' => "user_no, active, email_ok, joined, last_update AS updated, last_used, username, password, fullname, email",<br />
// a WHERE clause to limit the records returned.<br />
'where' => "active AND org_code=7"<br />
);<br />
</pre><br />
<br />
=== LDAP / OpenLDAP ===<br />
<br />
<pre><br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'www.tennaxia.net', //host name of your LDAP Server<br />
'port' => '389', //port<br />
<br />
/* For the initial bind to be anonymous leave bindDN and passDN<br />
commented out */<br />
// DN to bind to this server enabling to perform request<br />
'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',<br />
// Password of the previous bindDN to bind to this server enabling to perform request<br />
'passDN'=> 'xxxxxxxx',<br />
<br />
'protocolVersion' => '3', //Version of LDAP protocol to use<br />
'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user<br />
'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets<br />
'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //not used ATM<br />
'filterGroups' => 'objectClass=groupOfUniqueNames', //not used ATM<br />
/** /!\ "username" should be set and "updated" must be set **/<br />
'mapping_field' => array("username" => "uid",<br />
"updated" => "modifyTimestamp",<br />
"fullname" => "cn" ,<br />
"email" =>"mail"<br />
), //used to create the user based on his ldap properties<br />
/** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/<br />
'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),<br />
/** foreach key set start and length in the string provided by ldap<br />
example for openLDAP timestamp : 20070503162215Z **/<br />
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),<br />
<br />
'startTLS' => 'yes', // Require that TLS is used for LDAP?<br />
// If ldap_start_tls is not working, it is probably<br />
// because php wants to validate the server's<br />
// certificate. Try adding "TLS_REQCERT never" to the<br />
// ldap configuration file that php uses (e.g. /etc/ldap.conf<br />
// or /etc/ldap/ldap.conf). Of course, this lessens security!<br />
<br />
'scope' => 'subtree', // Search scope to use, defaults to subtree.<br />
// Allowed values: base, onelevel, subtree.<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Apache Module does the Authentication ===<br />
<br />
In this situation we just want to pull the username from the headers that Apache gives us. You can use this for Kerberos or many other forms of authentication just fine.<br />
<br />
<pre><br />
/*<br />
* Use Apache-supplied headers and believe them<br />
*/<br />
$c->authenticate_hook['server_auth_type'] = 'Basic';<br />
include_once('AuthPlugins.php');<br />
</pre><br />
<br />
This will make the HTTP Basic Authentication '''from the webserver''' be used and trusted for authentication within both, the administration websites and CalDAV (i.e. caldav.php).<br />
Note: It seems that the "include_once('[[Auth_Plugin|AuthPlugins.php]]');" is '''not''' necessary if this should only apply to the administration websites but '''not''' to CalDAV (i.e. caldav.php).<br />
<br />
The ''server_auth_type'' setting must match the value provided by the webserver in the '''AUTH_TYPE''' environment variable. DAViCal will look for the username of the authenticated user in the '''REMOTE_USER''' (and beginning with 1.1.2 '''REDIRECT_REMOTE_USER''') environment variable.<br />
<br />
Note that this method does not pull any account details from anywhere, so you will still need to create an account in DAViCal for each username that will authenticate in this way - just that the password on that account will be ignored and authentication will happen through the authentication method that Apache is configured with.<br />
<br />
<br />
When PHP is used as CGI/FastCGI with Apache and mod_ssl, then currently AUTH_TYPE remains unset, even when HTTP Basic Authentication (respectively mod_ssl fakeBasicAuth) was done by the server.<br />
This is a [https://issues.apache.org/bugzilla/show_bug.cgi?id=45058 bug] in Apache and/or [http://www.rfc-editor.org/errata_search.php?eid=3556 limitation] in the CGI specification. One workaround is an intermediate CGI wrapper, which sets AUTH_TYPE unconditionally to e.g. "Basic" (currently (see [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703381] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703383]) this is case-sensitive in contrast to the CGI spec).<br />
<br />
=== Active Directory (AD) ===<br />
<br />
<pre><br />
/*<br />
* Use the following LDAP example if you are using Active Directory<br />
*<br />
* You will need to change host, passDN and DOMAIN in bindDN and baseDNUsers.<br />
*/<br />
$c->authenticate_hook['call'] = 'LDAP_check';<br />
$c->authenticate_hook['config'] = array(<br />
'host' => 'ldap://ldap.example.net',<br />
'bindDN' => 'auth@DOMAIN',<br />
'passDN' => 'secret',<br />
'baseDNUsers' => 'dc=DOMAIN,dc=local',<br />
'protocolVersion' => 3,<br />
'optReferrals' => 0,<br />
'filterUsers' => '(&(objectcategory=person)(objectclass=user)(givenname=*))',<br />
'mapping_field' => array("username" => "uid",<br />
"fullname" => "cn" ,<br />
"email" => "mail"),<br />
'default_value' => array("date_format_type" => "E","locale" => "en_NZ"),<br />
'format_updated' => array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))<br />
);<br />
<br />
include('drivers_ldap.php');<br />
</pre><br />
<br />
=== Pluggable Authentication Modules (PAM) ===<br />
Allows directly authenticating existing system users. There are two options: PWauth or Squid.<br />
<br />
Both methods require that the password is transmitted in plain-text. Requiring encrypted connections with TLS is strongly recommended. PWauth's wiki page on [http://code.google.com/p/pwauth/wiki/Risks security risks] is recommended reading before offering to authenticate system users.<br />
<br />
Setting the email_base is required, but whether it is used or not depends on how accounts are authenticated on the system.<br />
<br />
<br />
==== PWauth ====<br />
Installing the Debian/Ubuntu package (available in each distribution's respective 'universe' repositories) will offer authentication against PAM out of the box.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the PWauth helper program.<br />
*/<br />
$c->authenticate_hook['call'] = 'PWAUTH_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'path' => '/usr/sbin/pwauth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_pwauth_pam.php');<br />
</pre><br />
<br />
Other distributions may have alternate paths to the helper program. Locate it using the ''whereis'' command after installing.<br />
<br />
==== Squid ====<br />
Requires that Squid is configured to offer PAM authentication. Not covered by this documentation.<br />
<br />
<pre><br />
/**<br />
* Authentication against PAM using the Squid helper script.<br />
*/<br />
$c->authenticate_hook['call'] = 'SQUID_PAM_check';<br />
$c->authenticate_hook['config'] = array(<br />
'script' => '/usr/bin/pam_auth',<br />
'email_base' => 'example.com'<br />
);<br />
<br />
include('drivers_squid_pam.php');<br />
</pre></div>Fsfshttps://wiki.davical.org/index.php?title=DAViCal_Dependencies&diff=3677DAViCal Dependencies2016-06-07T12:48:25Z<p>Fsfs: different php packages for PHP 7</p>
<hr />
<div>All those dependencies must be met for DAViCal to function correctly. This page shall try to list the different depencies for different architectures.<br />
<br />
=== Debian / Ubuntu ===<br />
<br />
* A Webserver<br />
* postgresql<br />
* php5<br />
* php5-pgsql<br />
* php5-imap<br />
* php5-curl<br />
* php5-cgi<br />
* libyaml-perl<br />
* libdbd-pg-perl<br />
* libdbi-perl<br />
<br />
For PHP 7 (from Debian Stretch / Ubuntu 16.04 Xenial), the PHP packages are different:<br />
<br />
* php<br />
* php-pgsql<br />
* php-imap<br />
* php-curl<br />
* php-cgi<br />
* php-xml<br />
<br />
The Ubuntu 16.04 package unfortunately lacks the php-xml dependency, so this package has to be added manually.<br />
<br />
[[Category:Installation]]</div>Fsfshttps://wiki.davical.org/index.php?title=Setup_Failure_Codes/PHP_XML_support&diff=3674Setup Failure Codes/PHP XML support2016-06-03T06:21:52Z<p>Fsfs: </p>
<hr />
<div>{{Critical_Setup_Failure}}<br />
<br />
The caldav protocol is XML, even though the actual calendar events are not. DAViCal needs the PHP XML extension to parse what a client wants it to do.<br />
<br />
The XML extension was part of the core PHP package in PHP 5, but has been split out for PHP 7, so e.g. on Debian systems you'll have to install the php-xml package now.</div>Fsfs