oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity

Updated LDAP authentication (markdown)

Dipl Ing. Péter Varkoly 2024-09-22 19:33:54 +02:00
parent 3c650b85ad
commit ade8ae2622
1 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

42
LDAP-authentication.md

@ -12,3 +12,45 @@ Following parameter are available. No default values are provided that means you
* `ldap_reader_dn` The DN of the LDAP account with read rights to the subtree from ldap_base * `ldap_reader_dn` The DN of the LDAP account with read rights to the subtree from ldap_base
* `ldap_secret` The password of the ldap_reader_dn * `ldap_secret` The password of the ldap_reader_dn
* `ldap_filter` The ldap filter to find the DN of the login user. This filter must contain a python format string with placeholder(s) for the login: (&(objectClass=person)(cn={0})) * `ldap_filter` The ldap filter to find the DN of the login user. This filter must contain a python format string with placeholder(s) for the login: (&(objectClass=person)(cn={0}))
## Using LDAP group membership of users
There is an additional variable `ldap_load_groups`. Settings this to `True` the `memberOf` LDAP-attributes of the user will be evaluated and can be used for the handling of access rights management and to the access to group calendars.
The group calendars will not be created automaticaly but you have to create it on demand. After next access to the server the new calender is visible for all member of the group.
```
#!/bin/bash
# create-group-calendar.sh
# Copyright (c) 2024 Peter Varkoly Nürnberg, Germany. All rights reserved.
# Script to create a group calender for Radicale
#
if (( $# != 2))
then
echo "Usage $0 'group name' 'Calendar Description'"
exit
fi
name=$1
description=$2
base64name=$( echo -n ${name} | base64 )
color="$(head -c3 </dev/urandom|xxd -p -u )"
mkdir -p /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/.Radicale.cache/sync-token
echo '{"C:calendar-description": "'${description}'", "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO", "D:displayname": "'${name}'", "ICAL:calendar-color": "#'${color,,}'ff", "ICAL:calendar-order": "2", "tag": "VCALENDAR"}' > /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/.Radicale.props
chown -R radicale /var/lib/radicale/collections/collection-root/GROUPS/${base64name}/
```
You can use the group membership also for managing the rights. For examle you want to give everyone read rights to the group calendars in which he is a member and write access to the member of the group administrators. This can you achive with following rules:
```
[calendarsWriter]
groups: administrators
collection: GROUPS/[^/]+
permissions: rw
[calendarsReader]
user: .+
collection: GROUPS/[^/]+
permissions: r
```
**Important** The members of the group administrators have only write access to the group calendars in which he is a member.