1 = Web Server Integration = 2 3 Although imip-agent is mostly concerned with e-mail messaging, it can 4 integrate with a Web server for the following purposes: 5 6 * To [[../FreeBusyPublishing|publish free/busy information]] for calendar users 7 * To provide a [[../CalendarManager|management interface]] for calendar users 8 9 Currently, imip-agent provides configuration files for Apache, but other Web 10 servers may also be supported. 11 12 == Authentication and Access Control in Apache == 13 14 Apache supports a range of mechanisms for protecting resources and 15 authenticating users. Most usefully for imip-agent given the 16 [[../MailIntegration|e-mail integration]] requirements, modules supporting 17 [[http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html|LDAP]] and 18 [[http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html|text-based lists]] 19 of users are available for such purposes. 20 21 == Configuring Web Servers for Free/Busy Publishing == 22 23 Each user may request the [[../FreeBusyPublishing|publishing]] of their 24 free/busy information by configuring certain settings. The 25 `conf/apache/imip-agent.conf` file provides a configuration file for 26 deployment with the Apache Web server software that exposes a directory for 27 Web publishing containing the published free/busy information. 28 29 On Debian, to enable the serving of free/busy data, copy the configuration 30 file to the Apache configuration and enable it as follows 31 32 {{{ 33 cp conf/apache/imip-agent.conf /etc/apache2/sites-available/ 34 a2ensite imip-agent 35 }}} 36 37 Access to free/busy information may not be moderated, but Web server 38 directives can be introduced to impose access controls. Mail programs that 39 wish to consult the free/busy information may have problems in dealing with 40 authentication mechanisms, however, and it may be regarded as acceptable in 41 certain environments to expose such information publicly or with 42 network-specific access constraints. 43 44 == Configuring Web Servers for the Calendar Management Interface == 45 46 A [[../CalendarManager|calendar management interface]] is provided to allow 47 users to view and interact with their calendars through the Web. The 48 `conf/apache/imip-manager.conf` file provides a configuration file for 49 deployment with the Apache Web server software that enables this interface. 50 51 === Configuring the Management Interface === 52 53 The `config.txt` file described in the [[../Configuration|configuration guide]] 54 provides some settings that can be adjusted to configure the management 55 interface. 56 57 {{{{#!table 58 '''Setting''' || '''Result''' 59 == 60 `MANAGER_INTERFACE` 61 || If set to `True`, causes links to the interface to be included in 62 .. notification messages sent by imip-agent. If set to `False`, such links 63 .. will be omitted. 64 == 65 `MANAGER_URL` 66 || The deployment URL of the management interface. Together with the 67 .. `MANAGER_PATH` described below, this forms the basis of the links 68 .. described above. Some examples: 69 {{{ 70 http://webserver.example.com/ 71 http://webserver.example.com/webapps/ 72 }}} 73 It can be left as `None` and a default URL will be built using the 74 hostname of the system running the software. 75 == 76 `MANAGER_URL_SCHEME` 77 || The URL scheme or protocol employed if a default URL is being constructed 78 .. instead of `MANAGER_URL` providing a value. Some examples: 79 {{{ 80 http:// 81 https:// 82 }}} 83 Since the manager is only likely to be available via common Web protocols, 84 other values may not make much sense. 85 == 86 `MANAGER_PATH` 87 || The "path info" added to the `MANAGER_URL` that locates the management 88 .. interface in its deployment location. Some examples: 89 {{{ 90 / 91 /imip-agent 92 }}} 93 This setting affects the `imip-manager.conf` file, whose `Alias`, `ScriptAlias` 94 and `Location` directives should be changed if this setting is changed. 95 }}}} 96 97 === Deploying the Configuration === 98 99 On Debian, to enable the management interface, copy the configuration file to 100 the Apache configuration and enable it as follows: 101 102 {{{ 103 cp conf/apache/imip-manager.conf /etc/apache2/sites-available/ 104 a2ensite imip-manager 105 }}} 106 107 The management interface is deployed as a CGI program, meaning that a suitable 108 module must be enabled in the Apache configuration. On Debian, this is done as 109 follows: 110 111 {{{ 112 a2enmod cgi 113 }}} 114 115 Since such access to calendars should only be performed by identified 116 users, access controls are suggested in the configuration file. Modules 117 providing additional authentication support may need to be enabled. For 118 example, on Debian, the LDAP authentication/authorisation support is enabled 119 as follows: 120 121 {{{ 122 a2enmod authnz_ldap 123 }}} 124 125 === Authenticating Users === 126 127 The `imip-manager.conf` file contains example directives for accessing 128 authentication services or data. 129 130 Where LDAP authentication is to be used, the appropriate LDAP URL needs to be 131 specified using a directive. For example: 132 133 {{{ 134 AuthLDAPUrl "ldap://localhost/ou=People,dc=example,dc=com?mail?sub" 135 }}} 136 137 Here, the `mail` attribute is used to match the username provided in the 138 authentication dialogue. Configuration changes may be required within the LDAP 139 infrastructure to allow this mechanism to function, but this is not described 140 here. 141 142 Meanwhile, particularly where [[../MailIntegration/Simple|simple integration]] 143 strategies have been chosen, a plain text user file can be employed to 144 authenticate users. For example: 145 146 {{{ 147 AuthUserFile /var/www/imip-agent/users 148 }}} 149 150 Such a file should be created using the usual tools provided by the Apache Web 151 server distribution.