1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
= Web Server Integration =
Although imip-agent is mostly concerned with e-mail messaging, it can
integrate with a Web server for the following purposes:
* To [[../FreeBusyPublishing|publish free/busy information]] for calendar users
* To provide a [[../CalendarManager|management interface]] for calendar users
Currently, imip-agent provides configuration files for Apache, but other Web
servers may also be supported.
== Authentication and Access Control in Apache ==
Apache supports a range of mechanisms for protecting resources and
authenticating users. Most usefully for imip-agent given the
[[../MailIntegration|e-mail integration]] requirements, modules supporting
[[http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html|LDAP]] and
[[http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html|text-based lists]]
of users are available for such purposes.
== Configuring Web Servers for Free/Busy Publishing ==
Each user may request the [[../FreeBusyPublishing|publishing]] of their
free/busy information by configuring certain settings. The
`conf/apache/imip-agent.conf` file provides a configuration file for
deployment with the Apache Web server software that exposes a directory for
Web publishing containing the published free/busy information.
On Debian, to enable the serving of free/busy data, copy the configuration
file to the Apache configuration and enable it as follows
{{{
cp conf/apache/imip-agent.conf /etc/apache2/sites-available/
a2ensite imip-agent
}}}
Access to free/busy information may not be moderated, but Web server
directives can be introduced to impose access controls. Mail programs that
wish to consult the free/busy information may have problems in dealing with
authentication mechanisms, however, and it may be regarded as acceptable in
certain environments to expose such information publicly or with
network-specific access constraints.
== Configuring Web Servers for the Calendar Management Interface ==
A [[../CalendarManager|calendar management interface]] is provided to allow
users to view and interact with their calendars through the Web. The
`conf/apache/imip-manager.conf` file provides a configuration file for
deployment with the Apache Web server software that enables this interface.
=== Configuring the Management Interface ===
The `config.txt` file described in the [[../Configuration|configuration guide]]
provides some settings that can be adjusted to configure the management
interface.
{{{{#!table
'''Setting''' || '''Result'''
==
`MANAGER_INTERFACE`
|| If set to `True`, causes links to the interface to be included in
.. notification messages sent by imip-agent. If set to `False`, such links
.. will be omitted.
==
`MANAGER_URL`
|| The deployment URL of the management interface. Together with the
.. `MANAGER_PATH` described below, this forms the basis of the links
.. described above. Some examples:
{{{
http://webserver.example.com/
http://webserver.example.com/webapps/
}}}
It can be left as `None` and a default URL will be built using the
hostname of the system running the software.
==
`MANAGER_URL_SCHEME`
|| The URL scheme or protocol employed if a default URL is being constructed
.. instead of `MANAGER_URL` providing a value. Some examples:
{{{
http://
https://
}}}
Since the manager is only likely to be available via common Web protocols,
other values may not make much sense.
==
`MANAGER_PATH`
|| The "path info" added to the `MANAGER_URL` that locates the management
.. interface in its deployment location. Some examples:
{{{
/
/imip-agent
}}}
This setting affects the `imip-manager.conf` file, whose `Alias`, `ScriptAlias`
and `Location` directives should be changed if this setting is changed.
}}}}
=== Deploying the Configuration ===
On Debian, to enable the management interface, copy the configuration file to
the Apache configuration and enable it as follows:
{{{
cp conf/apache/imip-manager.conf /etc/apache2/sites-available/
a2ensite imip-manager
}}}
The management interface is deployed as a CGI program, meaning that a suitable
module must be enabled in the Apache configuration. On Debian, this is done as
follows:
{{{
a2enmod cgi
}}}
Since such access to calendars should only be performed by identified
users, access controls are suggested in the configuration file. Modules
providing additional authentication support may need to be enabled. For
example, on Debian, the LDAP authentication/authorisation support is enabled
as follows:
{{{
a2enmod authnz_ldap
}}}
=== Authenticating Users ===
The `imip-manager.conf` file contains example directives for accessing
authentication services or data.
Where LDAP authentication is to be used, the appropriate LDAP URL needs to be
specified using a directive. For example:
{{{
AuthLDAPUrl "ldap://localhost/ou=People,dc=example,dc=com?mail?sub"
}}}
Here, the `mail` attribute is used to match the username provided in the
authentication dialogue. Configuration changes may be required within the LDAP
infrastructure to allow this mechanism to function, but this is not described
here.
Meanwhile, particularly where [[../MailIntegration/Simple|simple integration]]
strategies have been chosen, a plain text user file can be employed to
authenticate users. For example:
{{{
AuthUserFile /var/www/imip-agent/users
}}}
Such a file should be created using the usual tools provided by the Apache Web
server distribution.
|
