oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity

Updated LDAP authentication (markdown)

Peter Marschall 2025-01-02 10:46:37 +01:00
parent 46020553b6
commit 66f2d869a3
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
LDAP-authentication.md

@ -1,8 +1,8 @@
# Enable LDAP Authentication
The first step to enable LDAP authentication is the installation of the corresponding python module. Even if the python-ldap module is supported, we recommend the use of python-ldap3 as the further development is only based on this module.
The first step to enable LDAP authentication is the installation of the corresponding python module. Even if the `python-ldap` module is supported, we recommend the use of `python-ldap3` as the further development is only based on this module.
## Configure LDAP Authentication
After installing the python ldap module you have to enable and configure it in the [auth] section of the configuration file of Radicale. Please note that anonymous bind is not supported. That means you have to provide a LDAP-account with read-rights to the user accounts. At the moment only SUBTREE searches are implemented.
After installing the python ldap module you have to enable and configure it in the [auth] section of the configuration file of Radicale. Please note that anonymous bind is not supported. That means you have to provide a LDAP account with read-rights to the user accounts. At the moment only SUBTREE searches are implemented.
Following parameter are available. No default values are provided that means you have to set all parameters:
@ -15,13 +15,13 @@ Following parameter are available. No default values are provided that means you
## Using LDAP group membership of users
There is an additional parameter `ldap_load_groups`. Settings this to `True` the `memberOf` LDAP-attributes of the user will be evaluated and can be used for the handling of access rights management and to the access the group calendars.
The group calendars will not be created automaticaly but you have to create it on demand. After next access to the server the new calender is visible for all member of the group. Here is a scipt to create group calendar with random color.
The group calendars will not be created automatically but you have to create it on demand. After next access to the server the new calendar is visible for all member of the group. Here is a script to create group calendar with random color.
```
#!/bin/bash
# create-group-calendar.sh
# Copyright (c) 2024 Peter Varkoly Nürnberg, Germany. All rights reserved.
# Script to create a group calender for Radicale
# Script to create a group calendar for Radicale
#
if (( $# != 2))
then
@ -39,7 +39,7 @@ echo '{"C:calendar-description": "'${description}'", "C:supported-calendar-compo
chown -R radicale /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/
```
You can use the group membership also for managing the rights. For examle you want to give everyone read rights to the group calendars in which he is a member and write access to the member of the group administrators. This can you achive with following rules:
You can use the group membership also for managing the rights. For example you want to give everyone read rights to the group calendars in which he is a member and write access to the member of the group administrators. This can you achieved with following rules:
```
[calendarsWriter]