= Web Server Integration =

Although imip-agent is mostly concerned with e-mail messaging, it can

integrate with a Web server for the following purposes:

 * To [[../FreeBusyPublishing|publish free/busy information]] for calendar users

 * To provide a [[../CalendarManager|management interface]] for calendar users

Currently, imip-agent provides configuration files for Apache, but other Web

servers may also be supported.

== Authentication and Access Control in Apache ==

Apache supports a range of mechanisms for protecting resources and

authenticating users. Most usefully for imip-agent given the

[[../MailIntegration|e-mail integration]] requirements, modules supporting

[[http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html|LDAP]] and

[[http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html|text-based lists]]

of users are available for such purposes.

== Configuring Web Servers for Free/Busy Publishing ==

Each user may request the [[../FreeBusyPublishing|publishing]] of their

free/busy information by configuring certain settings. The

`conf/apache/imip-agent.conf` file provides a configuration file for

deployment with the Apache Web server software that exposes a directory for

Web publishing containing the published free/busy information.

On Debian, to enable the serving of free/busy data, copy the configuration

file to the Apache configuration and enable it as follows

{{{

cp conf/apache/imip-agent.conf /etc/apache2/sites-available/

a2ensite imip-agent

}}}

Access to free/busy information may not be moderated, but Web server

directives can be introduced to impose access controls. Mail programs that

wish to consult the free/busy information may have problems in dealing with

authentication mechanisms, however, and it may be regarded as acceptable in

certain environments to expose such information publicly or with

network-specific access constraints.

== Configuring Web Servers for the Calendar Management Interface ==

A [[../CalendarManager|calendar management interface]] is provided to allow

users to view and interact with their calendars through the Web. The

`conf/apache/imip-manager.conf` file provides a configuration file for

deployment with the Apache Web server software that enables this interface.

=== Configuring the Management Interface ===

The `config.py` file described in the [[../Configuration|configuration guide]]

provides some settings that can be adjusted to configure the management

interface.

{{{{#!table

'''Setting''' || '''Result'''

==

`MANAGER_INTERFACE`

|| If set to `True`, causes links to the interface to be included in

.. notification messages sent by imip-agent. If set to `False`, such links

.. will be omitted.

==

`MANAGER_URL`

|| The deployment URL of the management interface. Together with the

.. `MANAGER_PATH` described below, this forms the basis of the links

.. described above. Some examples:

{{{

http://webserver.example.com/

http://webserver.example.com/webapps/

}}}

It can be left as `None` and a default URL will be built using the

hostname of the system running the software.

==

`MANAGER_URL_SCHEME`

|| The URL scheme or protocol employed if a default URL is being constructed

.. instead of `MANAGER_URL` providing a value. Some examples:

{{{

http://

https://

}}}

Since the manager is only likely to be available via common Web protocols,

other values may not make much sense.

==

`MANAGER_PATH`

|| The "path info" added to the `MANAGER_URL` that locates the management

.. interface in its deployment location. Some examples:

{{{

/

/imip-agent

}}}

This setting affects the `imip-manager.conf` file, whose `Alias`, `ScriptAlias`

and `Location` directives should be changed if this setting is changed.

}}}}

=== Deploying the Configuration ===

On Debian, to enable the management interface, copy the configuration file to

the Apache configuration and enable it as follows:

{{{

cp conf/apache/imip-manager.conf /etc/apache2/sites-available/

a2ensite imip-manager

}}}

The management interface is deployed as a CGI program, meaning that a suitable

module must be enabled in the Apache configuration. On Debian, this is done as

follows:

{{{

a2enmod cgi

}}}

Since such access to calendars should only be performed by identified

users, access controls are suggested in the configuration file. Modules

providing additional authentication support may need to be enabled. For

example, on Debian, the LDAP authentication/authorisation support is enabled

as follows:

{{{

a2enmod authnz_ldap

}}}

=== Authenticating Users ===

The `imip-manager.conf` file contains example directives for accessing

authentication services or data.

Where LDAP authentication is to be used, the appropriate LDAP URL needs to be

specified using a directive. For example:

{{{

AuthLDAPUrl "ldap://localhost/ou=People,dc=example,dc=com?mail?sub"

}}}

Here, the `mail` attribute is used to match the username provided in the

authentication dialogue. Configuration changes may be required within the LDAP

infrastructure to allow this mechanism to function, but this is not described

here.

Meanwhile, particularly where [[../MailIntegration/Simple|simple integration]]

strategies have been chosen, a plain text user file can be employed to

authenticate users. For example:

{{{

AuthUserFile /var/www/imip-agent/users

}}}

Such a file should be created using the usual tools provided by the Apache Web

server distribution.