Generate documentation

2025-06-26 16:45:52 +00:00 · 2025-03-16 17:57:05 +00:00 · 2025-03-16 17:57:05 +00:00 · d64d8a1924
commit d64d8a1924
parent c4c9e607c0
1 changed files with 121 additions and 36 deletions
--- a/v3.html
+++ b/v3.html
@ -303,10 +303,12 @@ on GitHub.</a></p>
 <p>You want to try Radicale but only have 5 minutes free in your
 calendar? Let's go right now and play a bit with Radicale!</p>
 <p>When everything works, you can get a <a href="#supported-clients">client</a> and start creating calendars and
-address books. The server <strong>only</strong> binds to localhost (is
+address books. By default, the server only binds to localhost (is not
-<strong>not</strong> reachable over the network) and you can log in with
+reachable over the network) and you can log in with any user name and
-any username and password. If Radicale fits your needs, it may be time
+password. When everything works, you may get a local client and start
-for <a href="#basic-configuration">some basic configuration</a>.</p>
+creating calendars and address books. If Radicale fits your needs, it
 may be time for some <a href="#basic-configuration">basic
 configuration</a> to support remote clients.</p>
 <p>Follow one of the chapters below depending on your operating
 system.</p>
 <section class="level4" id="linux--bsd">
@ -367,6 +369,11 @@ file.</p>
 <section class="level5" id="the-secure-way">
 <h5>The secure way <a class="headerlink" href="#the-secure-way">&para;</a></h5>
 <p>The <code>users</code> file can be created and managed with <a href="https://httpd.apache.org/docs/current/programs/htpasswd.html">htpasswd</a>:</p>
 <p>Note: some OS contain unpatched <code>htpasswd</code> (&lt; 2.4.59)
 without supporting SHA-256 or SHA-512 (e.g. Ubuntu LTS 22), in this case
 use '-B' for "bcrypt" hash method or stay with insecure MD5 (default) or
 SHA-1 ('-s').</p>
 <p>Note that support of SHA-256 or SHA-512 was introduced with 3.1.9</p>
 <div class="sourceCode" id="cb5"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb5-1"><a aria-hidden="true" href="#cb5-1" tabindex="-1"></a><span class="co"># Create a new htpasswd file with the user "user1" using SHA-512 as hash method</span></span>
 <span id="cb5-2"><a aria-hidden="true" href="#cb5-2" tabindex="-1"></a><span class="ex">$</span> htpasswd <span class="at">-5</span> <span class="at">-c</span> /path/to/users user1</span>
 <span id="cb5-3"><a aria-hidden="true" href="#cb5-3" tabindex="-1"></a><span class="ex">New</span> password:</span>
@ -682,7 +689,9 @@ and disables HTTP authentication.</p>
 <blockquote>
 <p><strong>Security:</strong> Untrusted clients should not be able to
 access the Radicale server directly. Otherwise, they can authenticate as
-any user.</p>
+any user by simply setting related HTTP header. This can be prevented by
 restrict listen to loopback interface only or at least a local firewall
 rule.</p>
 </blockquote>
 </section>
 <section class="level4" id="secure-connection-between-radicale-and-the-reverse-proxy">
@ -892,10 +901,11 @@ can be used to secure TCP traffic between Radicale and a reverse proxy.
 If you want to authenticate users with client-side certificates, you
 also have to write an authentication plugin that extracts the username
 from the certificate.</p>
-<p>Default:</p>
+<p>Default: (unset)</p>
 </section>
 <section class="level5" id="protocol">
 <h5>protocol <a class="headerlink" href="#protocol">&para;</a></h5>
 <p><em>(&gt;= 3.3.1)</em></p>
 <p>Accepted SSL protocol (maybe not all supported by underlying OpenSSL
 version) Example for secure configuration: ALL -SSLv3 -TLSv1 -TLSv1.1
 Format: Apache SSLProtocol list (from "mod_ssl")</p>
@ -903,11 +913,18 @@ Format: Apache SSLProtocol list (from "mod_ssl")</p>
 </section>
 <section class="level5" id="ciphersuite">
 <h5>ciphersuite <a class="headerlink" href="#ciphersuite">&para;</a></h5>
 <p><em>(&gt;= 3.3.1)</em></p>
 <p>Accepted SSL ciphersuite (maybe not all supported by underlying
 OpenSSL version) Example for secure configuration: DHE:ECDHE:-NULL:-SHA
 Format: OpenSSL cipher list (see also "man openssl-ciphers")</p>
 <p>Default: (system-default)</p>
 </section>
 <section class="level5" id="script_name">
 <h5>script_name <a class="headerlink" href="#script_name">&para;</a></h5>
 <p><em>(&gt;= 3.5.0)</em></p>
 <p>Strip script name from URI if called by reverse proxy</p>
 <p>Default: (taken from HTTP_X_SCRIPT_NAME or SCRIPT_NAME)</p>
 </section>
 </section>
 <section class="level4" id="encoding">
 <h4>encoding <a class="headerlink" href="#encoding">&para;</a></h4>
@ -929,6 +946,8 @@ Format: OpenSSL cipher list (see also "man openssl-ciphers")</p>
 <p>The method to verify usernames and passwords.</p>
 <p>Available backends:</p>
 <p><code>none</code> : Just allows all usernames and passwords.</p>
 <p><code>denyall</code> <em>(&gt;= 3.2.2)</em> : Just denies all
 usernames and passwords.</p>
 <p><code>htpasswd</code> : Use an <a href="https://httpd.apache.org/docs/current/programs/htpasswd.html">Apache
 htpasswd file</a> to store usernames and passwords.</p>
 <p><code>remote_user</code> : Takes the username from the
@ -938,26 +957,35 @@ server.</p>
 <p><code>http_x_remote_user</code> : Takes the username from the
 <code>X-Remote-User</code> HTTP header and disables HTTP authentication.
 This can be used to provide the username from a reverse proxy.</p>
-<p><code>ldap</code> : Use a LDAP or AD server to authenticate
+<p><code>ldap</code> <em>(&gt;= 3.3.0)</em> : Use a LDAP or AD server to
-users.</p>
+authenticate users.</p>
-<p><code>dovecot</code> : Use a Dovecot server to authenticate
+<p><code>dovecot</code> <em>(&gt;= 3.3.1)</em> : Use a Dovecot server to
-users.</p>
+authenticate users.</p>
-<p><code>imap</code> : Use a IMAP server to authenticate users.</p>
+<p><code>imap</code> <em>(&gt;= 3.4.1)</em> : Use an IMAP server to
-<p>Default: <code>none</code></p>
+authenticate users.</p>
 <p><code>oauth2</code> <em>(&gt;= 3.5.0)</em> : Use an OAuth2 server to
 authenticate users.</p>
 <p><code>pam</code> <em>(&gt;= 3.5.0)</em> : Use local PAM to
 authenticate users.</p>
 <p>Default: <code>none</code> <em>(&lt; 3.5.0)</em> <code>denyall</code>
 <em>(&gt;= 3.5.0)</em></p>
 </section>
 <section class="level5" id="cache_logins">
 <h5>cache_logins <a class="headerlink" href="#cache_logins">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>Cache successful/failed logins until expiration time. Enable this to
 avoid overload of authentication backends.</p>
 <p>Default: <code>false</code></p>
 </section>
 <section class="level5" id="cache_successful_logins_expiry">
 <h5>cache_successful_logins_expiry <a class="headerlink" href="#cache_successful_logins_expiry">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>Expiration time of caching successful logins in seconds</p>
 <p>Default: <code>15</code></p>
 </section>
 <section class="level5" id="cache_failed_logins_expiry">
 <h5>cache_failed_logins_expiry <a class="headerlink" href="#cache_failed_logins_expiry">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>Expiration time of caching failed logins in seconds</p>
 <p>Default: <code>90</code></p>
 </section>
@ -981,16 +1009,18 @@ stream cipher. It's very secure. The installation of
 <strong>bcrypt</strong> is required for this.</p>
 <p><code>md5</code> : This uses an iterated MD5 digest of the password
 with a salt (nowadays insecure).</p>
-<p><code>sha256</code> : This uses an iterated SHA-256 digest of the
+<p><code>sha256</code> <em>(&gt;= 3.1.9)</em> : This uses an iterated
-password with a salt.</p>
+SHA-256 digest of the password with a salt.</p>
-<p><code>sha512</code> : This uses an iterated SHA-512 digest of the
+<p><code>sha512</code> <em>(&gt;= 3.1.9)</em> : This uses an iterated
-password with a salt.</p>
+SHA-512 digest of the password with a salt.</p>
-<p><code>autodetect</code> : This selects autodetection of method per
+<p><code>autodetect</code> <em>(&gt;= 3.1.9)</em> : This selects
-entry.</p>
+autodetection of method per entry.</p>
-<p>Default: <code>autodetect</code></p>
+<p>Default: <code>md5</code> <em>(&lt; 3.3.0)</em>
 <code>autodetect</code> <em>(&gt;= 3.3.0)</em></p>
 </section>
 <section class="level5" id="htpasswd_cache">
 <h5>htpasswd_cache <a class="headerlink" href="#htpasswd_cache">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>Enable caching of htpasswd file based on size and mtime_ns</p>
 <p>Default: <code>False</code></p>
 </section>
@ -1006,29 +1036,34 @@ entry.</p>
 </section>
 <section class="level5" id="ldap_uri">
 <h5>ldap_uri <a class="headerlink" href="#ldap_uri">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The URI to the ldap server</p>
 <p>Default: <code>ldap://localhost</code></p>
 </section>
 <section class="level5" id="ldap_base">
 <h5>ldap_base <a class="headerlink" href="#ldap_base">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>LDAP base DN of the ldap server. This parameter must be provided if
 auth type is ldap.</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="ldap_reader_dn">
 <h5>ldap_reader_dn <a class="headerlink" href="#ldap_reader_dn">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The DN of a ldap user with read access to get the user accounts. This
 parameter must be provided if auth type is ldap.</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="ldap_secret">
 <h5>ldap_secret <a class="headerlink" href="#ldap_secret">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The password of the ldap_reader_dn. Either this parameter or
 <code>ldap_secret_file</code> must be provided if auth type is ldap.</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="ldap_secret_file">
 <h5>ldap_secret_file <a class="headerlink" href="#ldap_secret_file">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>Path of the file containing the password of the ldap_reader_dn.
 Either this parameter or <code>ldap_secret</code> must be provided if
 auth type is ldap.</p>
@ -1036,18 +1071,21 @@ auth type is ldap.</p>
 </section>
 <section class="level5" id="ldap_filter">
 <h5>ldap_filter <a class="headerlink" href="#ldap_filter">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The search filter to find the user DN to authenticate by the
 username. User '{0}' as placeholder for the user name.</p>
 <p>Default: <code>(cn={0})</code></p>
 </section>
 <section class="level5" id="ldap_user_attribute">
 <h5>ldap_user_attribute <a class="headerlink" href="#ldap_user_attribute">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>The LDAP attribute whose value shall be used as the user name after
 successful authentication</p>
 <p>Default: not set, i.e. the login name given is used directly.</p>
 </section>
 <section class="level5" id="ldap_groups_attribute">
 <h5>ldap_groups_attribute <a class="headerlink" href="#ldap_groups_attribute">&para;</a></h5>
 <p><em>(&gt;= 3.4.0)</em></p>
 <p>The LDAP attribute to read the group memberships from in the
 authenticated user's LDAP entry.</p>
 <p>If set, load the LDAP group memberships from the attribute given
@ -1065,26 +1103,30 @@ calendar.</li>
 </ul>
 <p>Use 'memberOf' if you want to load groups on Active Directory and
 alikes, 'groupMembership' on Novell eDirectory, ...</p>
-<p>Default: unset</p>
+<p>Default: (unset)</p>
 </section>
 <section class="level5" id="ldap_use_ssl">
 <h5>ldap_use_ssl <a class="headerlink" href="#ldap_use_ssl">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>Use ssl on the ldap connection</p>
 <p>Default: False</p>
 </section>
 <section class="level5" id="ldap_ssl_verify_mode">
 <h5>ldap_ssl_verify_mode <a class="headerlink" href="#ldap_ssl_verify_mode">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The certificate verification mode. NONE, OPTIONAL or REQUIRED</p>
 <p>Default: REQUIRED</p>
 </section>
 <section class="level5" id="ldap_ssl_ca_file">
 <h5>ldap_ssl_ca_file <a class="headerlink" href="#ldap_ssl_ca_file">&para;</a></h5>
 <p><em>(&gt;= 3.3.0)</em></p>
 <p>The path to the CA file in pem format which is used to certificate
 the server certificate</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="dovecot_connection_type--af_unix">
 <h5>dovecot_connection_type = AF_UNIX <a class="headerlink" href="#dovecot_connection_type--af_unix">&para;</a></h5>
 <p><em>(&gt;= 3.4.1)</em></p>
 <p>Connection type for dovecot authentication
 (AF_UNIX|AF_INET|AF_INET6)</p>
 <p>Note: credentials are transmitted in cleartext</p>
@ -1092,6 +1134,7 @@ the server certificate</p>
 </section>
 <section class="level5" id="dovecot_socket">
 <h5>dovecot_socket <a class="headerlink" href="#dovecot_socket">&para;</a></h5>
 <p><em>(&gt;= 3.3.1)</em></p>
 <p>The path to the Dovecot client authentication socket (eg.
 /run/dovecot/auth-client on Fedora). Radicale must have read / write
 access to the socket.</p>
@ -1099,25 +1142,47 @@ access to the socket.</p>
 </section>
 <section class="level5" id="dovecot_host">
 <h5>dovecot_host <a class="headerlink" href="#dovecot_host">&para;</a></h5>
 <p><em>(&gt;= 3.4.1)</em></p>
 <p>Host of via network exposed dovecot socket</p>
 <p>Default: <code>localhost</code></p>
 </section>
 <section class="level5" id="dovecot_port">
 <h5>dovecot_port <a class="headerlink" href="#dovecot_port">&para;</a></h5>
 <p><em>(&gt;= 3.4.1)</em></p>
 <p>Port of via network exposed dovecot socket</p>
 <p>Default: <code>12345</code></p>
 </section>
 <section class="level5" id="imap_host">
 <h5>imap_host <a class="headerlink" href="#imap_host">&para;</a></h5>
 <p><em>(&gt;= 3.4.1)</em></p>
 <p>IMAP server hostname: address | address:port | [address]:port |
 imap.server.tld</p>
 <p>Default: <code>localhost</code></p>
 </section>
 <section class="level5" id="imap_security">
 <h5>imap_security <a class="headerlink" href="#imap_security">&para;</a></h5>
 <p><em>(&gt;= 3.4.1)</em></p>
 <p>Secure the IMAP connection: tls | starttls | none</p>
 <p>Default: <code>tls</code></p>
 </section>
 <section class="level5" id="oauth2_token_endpoint">
 <h5>oauth2_token_endpoint <a class="headerlink" href="#oauth2_token_endpoint">&para;</a></h5>
 <p><em>(&gt;= 3.5.0)</em></p>
 <p>OAuth2 token endpoint URL</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="pam_service">
 <h5>pam_service <a class="headerlink" href="#pam_service">&para;</a></h5>
 <p><em>(&gt;= 3.5.0)</em></p>
 <p>PAM service</p>
 <p>Default: radicale</p>
 </section>
 <section class="level5" id="pam_group_membership">
 <h5>pam_group_membership <a class="headerlink" href="#pam_group_membership">&para;</a></h5>
 <p><em>(&gt;= 3.5.0)</em></p>
 <p>PAM group user should be member of</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="lc_username">
 <h5>lc_username <a class="headerlink" href="#lc_username">&para;</a></h5>
 <p>&Scy;onvert username to lowercase, must be true for case-insensitive auth
@ -1127,6 +1192,7 @@ providers like ldap, kerberos</p>
 </section>
 <section class="level5" id="uc_username">
 <h5>uc_username <a class="headerlink" href="#uc_username">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>&Scy;onvert username to uppercase, must be true for case-insensitive auth
 providers like ldap, kerberos</p>
 <p>Default: <code>False</code></p>
@ -1134,6 +1200,7 @@ providers like ldap, kerberos</p>
 </section>
 <section class="level5" id="strip_domain">
 <h5>strip_domain <a class="headerlink" href="#strip_domain">&para;</a></h5>
 <p><em>(&gt;= 3.2.3)</em></p>
 <p>Strip domain from username</p>
 <p>Default: <code>False</code></p>
 </section>
@ -1166,7 +1233,7 @@ and write their own collections under the path <em>/USERNAME/</em>.</p>
 </section>
 <section class="level5" id="permit_delete_collection">
 <h5>permit_delete_collection <a class="headerlink" href="#permit_delete_collection">&para;</a></h5>
-<p>(New since 3.1.9)</p>
+<p><em>(&gt;= 3.1.9)</em></p>
 <p>Global control of permission to delete complete collection (default:
 True)</p>
 <p>If False it can be permitted by permissions per section with: D If
@ -1174,7 +1241,7 @@ True it can be forbidden by permissions per section with: d</p>
 </section>
 <section class="level5" id="permit_overwrite_collection">
 <h5>permit_overwrite_collection <a class="headerlink" href="#permit_overwrite_collection">&para;</a></h5>
-<p>(New since 3.3.0)</p>
+<p><em>(&gt;= 3.3.0)</em></p>
 <p>Global control of permission to overwrite complete collection
 (default: True)</p>
 <p>If False it can be permitted by permissions per section with: O If
@ -1200,6 +1267,7 @@ only be used with a single process.</p>
 </section>
 <section class="level5" id="filesystem_cache_folder">
 <h5>filesystem_cache_folder <a class="headerlink" href="#filesystem_cache_folder">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Folder for storing cache of local collections, created if not
 present</p>
 <p>Default: (filesystem_folder)</p>
@ -1210,6 +1278,7 @@ node (see below)</p>
 </section>
 <section class="level5" id="use_cache_subfolder_for_item">
 <h5>use_cache_subfolder_for_item <a class="headerlink" href="#use_cache_subfolder_for_item">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Use subfolder <code>collection-cache</code> for cache file structure
 of 'item' instead of inside collection folders, created if not
 present</p>
@ -1219,6 +1288,7 @@ node</p>
 </section>
 <section class="level5" id="use_cache_subfolder_for_history">
 <h5>use_cache_subfolder_for_history <a class="headerlink" href="#use_cache_subfolder_for_history">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Use subfolder <code>collection-cache</code> for cache file structure
 of 'history' instead of inside collection folders, created if not
 present</p>
@ -1228,6 +1298,7 @@ client in multi-instance setup</p>
 </section>
 <section class="level5" id="use_cache_subfolder_for_synctoken">
 <h5>use_cache_subfolder_for_synctoken <a class="headerlink" href="#use_cache_subfolder_for_synctoken">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Use subfolder <code>collection-cache</code> for cache file structure
 of 'sync-token' instead of inside collection folders, created if not
 present</p>
@ -1237,6 +1308,7 @@ client in multi-instance setup</p>
 </section>
 <section class="level5" id="use_mtime_and_size_for_item_cache">
 <h5>use_mtime_and_size_for_item_cache <a class="headerlink" href="#use_mtime_and_size_for_item_cache">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Use last modifiction time (nanoseconds) and size (bytes) for 'item'
 cache instead of SHA256 (improves speed)</p>
 <p>Default: <code>False</code></p>
@ -1247,6 +1319,7 @@ offline using storage verification option
 </section>
 <section class="level5" id="folder_umask">
 <h5>folder_umask <a class="headerlink" href="#folder_umask">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Use configured umask for folder creation (not applicable for OS
 Windows)</p>
 <p>Default: (system-default, usual <code>0022</code>)</p>
@ -1263,6 +1336,7 @@ other:r)</p>
 </section>
 <section class="level5" id="skip_broken_item">
 <h5>skip_broken_item <a class="headerlink" href="#skip_broken_item">&para;</a></h5>
 <p><em>(&gt;= 3.2.2)</em></p>
 <p>Skip broken item instead of triggering an exception</p>
 <p>Default: <code>True</code></p>
 </section>
@ -1316,7 +1390,8 @@ books and calendars.</p>
 <p>Available levels: <strong>debug</strong>, <strong>info</strong>,
 <strong>warning</strong>, <strong>error</strong>,
 <strong>critical</strong></p>
-<p>Default: <code>warning</code></p>
+<p>Default: <code>warning</code> <em>(&lt; 3.2.0)</em> <code>info</code>
 <em>(&gt;= 3.2.0)</em></p>
 </section>
 <section class="level5" id="mask_passwords">
 <h5>mask_passwords <a class="headerlink" href="#mask_passwords">&para;</a></h5>
@ -1325,26 +1400,31 @@ books and calendars.</p>
 </section>
 <section class="level5" id="bad_put_request_content">
 <h5>bad_put_request_content <a class="headerlink" href="#bad_put_request_content">&para;</a></h5>
 <p><em>(&gt;= 3.2.1)</em></p>
 <p>Log bad PUT request content (for further diagnostics)</p>
 <p>Default: <code>False</code></p>
 </section>
 <section class="level5" id="backtrace_on_debug">
 <h5>backtrace_on_debug <a class="headerlink" href="#backtrace_on_debug">&para;</a></h5>
 <p><em>(&gt;= 3.2.2)</em></p>
 <p>Log backtrace on level=debug</p>
 <p>Default: <code>False</code></p>
 </section>
 <section class="level5" id="request_header_on_debug">
 <h5>request_header_on_debug <a class="headerlink" href="#request_header_on_debug">&para;</a></h5>
 <p><em>(&gt;= 3.2.2)</em></p>
 <p>Log request on level=debug</p>
 <p>Default: <code>False</code></p>
 </section>
 <section class="level5" id="request_content_on_debug">
 <h5>request_content_on_debug <a class="headerlink" href="#request_content_on_debug">&para;</a></h5>
 <p><em>(&gt;= 3.2.2)</em></p>
 <p>Log request on level=debug</p>
 <p>Default: <code>False</code></p>
 </section>
 <section class="level5" id="response_content_on_debug">
 <h5>response_content_on_debug <a class="headerlink" href="#response_content_on_debug">&para;</a></h5>
 <p><em>(&gt;= 3.2.2)</em></p>
 <p>Log response on level=debug</p>
 <p>Default: <code>False</code></p>
 </section>
@ -1355,6 +1435,7 @@ books and calendars.</p>
 </section>
 <section class="level5" id="storage_cache_actions_on_debug">
 <h5>storage_cache_actions_on_debug <a class="headerlink" href="#storage_cache_actions_on_debug">&para;</a></h5>
 <p><em>(&gt;= 3.3.2)</em></p>
 <p>Log storage cache actions on level=debug</p>
 <p>Default: <code>False</code></p>
 </section>
@ -1373,22 +1454,26 @@ be specified.</p>
 <p>Hook binding for event changes and deletion notifications.</p>
 <p>Available types:</p>
 <p><code>none</code> : Disabled. Nothing will be notified.</p>
-<p><code>rabbitmq</code> : Push the message to the rabbitmq server.</p>
+<p><code>rabbitmq</code> <em>(&gt;= 3.2.0)</em> : Push the message to
 the rabbitmq server.</p>
 <p>Default: <code>none</code></p>
 </section>
 <section class="level5" id="rabbitmq_endpoint">
 <h5>rabbitmq_endpoint <a class="headerlink" href="#rabbitmq_endpoint">&para;</a></h5>
 <p><em>(&gt;= 3.2.0)</em></p>
 <p>End-point address for rabbitmq server. Ex:
 amqp://user:password@localhost:5672/</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="rabbitmq_topic">
 <h5>rabbitmq_topic <a class="headerlink" href="#rabbitmq_topic">&para;</a></h5>
 <p><em>(&gt;= 3.2.0)</em></p>
 <p>RabbitMQ topic to publish message.</p>
 <p>Default:</p>
 </section>
 <section class="level5" id="rabbitmq_queue_type">
 <h5>rabbitmq_queue_type <a class="headerlink" href="#rabbitmq_queue_type">&para;</a></h5>
 <p><em>(&gt;= 3.2.0)</em></p>
 <p>RabbitMQ queue type for the topic.</p>
 <p>Default: classic</p>
 </section>
@ -1397,6 +1482,7 @@ amqp://user:password@localhost:5672/</p>
 <h4>reporting <a class="headerlink" href="#reporting">&para;</a></h4>
 <section class="level5" id="max_freebusy_occurrence">
 <h5>max_freebusy_occurrence <a class="headerlink" href="#max_freebusy_occurrence">&para;</a></h5>
 <p><em>(&gt;= 3.2.3)</em></p>
 <p>When returning a free-busy report, a list of busy time occurrences
 are generated based on a given time frame. Large time frames could
 generate a lot of occurrences based on the time frame supplied. This
@ -1483,15 +1569,14 @@ username and password. It will list your existing address books.</p>
 </section>
 <section class="level4" id="infcloud-caldavzap-and-carddavmate">
 <h4>InfCloud, CalDavZAP and CardDavMATE <a class="headerlink" href="#infcloud-caldavzap-and-carddavmate">&para;</a></h4>
-<p>You can integrate InfCloud into Radicale's web interface with <a href="https://github.com/Unrud/RadicaleInfCloud">RadicaleInfCloud</a>.
+<p>You can integrate InfCloud into Radicale's web interface with by
-No additional configuration is required.</p>
+simply download latest package from <a href="https://www.inf-it.com/open-source/clients/infcloud/">InfCloud</a>
-<p>Set the URL of the Radicale server in <code>config.js</code>. If
+and extract content to new folder <code>infcloud</code> in
-<strong>InfCloud</strong> is not hosted on the same server and port as
+<code>radicale/web/internal_data/</code>.</p>
-Radicale, the browser will deny access to the Radicale server, because
+<p>No further adjustments are required as content is adjusted on the fly
-of the <a href="https://en.wikipedia.org/wiki/Same-origin_policy">same-origin
+(tested with 0.13.1).</p>
-policy</a>. You have to add additional HTTP header in the
+<p>See also <a href="https://github.com/Kozea/Radicale/wiki/Client-InfCloud">Wiki/Client
-<code>headers</code> section of Radicale's configuration. The
+InfCloud</a>.</p>
 documentation of <strong>InfCloud</strong> has more details on this.</p>
 </section>
 <section class="level4" id="command-line">
 <h4>Command line <a class="headerlink" href="#command-line">&para;</a></h4>
@ -1602,9 +1687,9 @@ expensive search requests)</li>
 calendars)</li>
 <li><strong>w:</strong> write address book and calendar collections</li>
 <li><strong>D:</strong> permit delete of collection in case
-permit_delete_collection=False</li>
+permit_delete_collection=False <em>(&gt;= 3.3.0)</em></li>
 <li><strong>d:</strong> forbid delete of collection in case
-permit_delete_collection=True</li>
+permit_delete_collection=True <em>(&gt;= 3.3.0)</em></li>
 <li><strong>O:</strong> permit overwrite of collection in case
 permit_overwrite_collection=False</li>
 <li><strong>o:</strong> forbid overwrite of collection in case
@ -1844,7 +1929,7 @@ content:</p>
 <span id="cb48-9"><a aria-hidden="true" href="#cb48-9" tabindex="-1"></a>    <span class="kw">def</span> <span class="fu">__init__</span>(<span class="va">self</span>, configuration):</span>
 <span id="cb48-10"><a aria-hidden="true" href="#cb48-10" tabindex="-1"></a>        <span class="bu">super</span>().<span class="fu">__init__</span>(configuration.copy(PLUGIN_CONFIG_SCHEMA))</span>
 <span id="cb48-11"><a aria-hidden="true" href="#cb48-11" tabindex="-1"></a></span>
-<span id="cb48-12"><a aria-hidden="true" href="#cb48-12" tabindex="-1"></a>    <span class="kw">def</span> login(<span class="va">self</span>, login, password):</span>
+<span id="cb48-12"><a aria-hidden="true" href="#cb48-12" tabindex="-1"></a>    <span class="kw">def</span> _login(<span class="va">self</span>, login, password):</span>
 <span id="cb48-13"><a aria-hidden="true" href="#cb48-13" tabindex="-1"></a>        <span class="co"># Get password from configuration option</span></span>
 <span id="cb48-14"><a aria-hidden="true" href="#cb48-14" tabindex="-1"></a>        static_password <span class="op">=</span> <span class="va">self</span>.configuration.get(<span class="st">"auth"</span>, <span class="st">"password"</span>)</span>
 <span id="cb48-15"><a aria-hidden="true" href="#cb48-15" tabindex="-1"></a>        <span class="co"># Check authentication</span></span>