Caldav carddav Bundles: Difference between revisions

From Open-Xchange
Line 28: Line 28:
   $ vi /etc/apache2/ox6.conf  
   $ vi /etc/apache2/ox6.conf  


  NameVirtualHost *:80
NameVirtualHost *:80
  <VirtualHost *:80>
<VirtualHost *:80>
  ServerName dav.MYSERVER.TLD
        ServerName dav.MYSERVER.TLD
    ErrorLog /tmp/dav.err.log
        ErrorLog /tmp/dav.err.log
    TransferLog /tmp/dav.access.log
        TransferLog /tmp/dav.access.log
    <Proxy />
        <Proxy />
        Order allow,deny
                Order allow,deny
        Allow from all
                Allow from all
    </Proxy>
        </Proxy>
    ProxyPass / ajp://localhost:8009/servlet/dav/ smax=0 ttl=60 retry=5
        ProxyPass / ajp://localhost:8009/servlet/dav/ smax=0 ttl=60 retry=5
  </VirtualHost>
</VirtualHost>
  <VirtualHost *:80>
    ServerName MYSERVER.TLD
<VirtualHost *:80>
  <Location /ox6>
        ServerName MYSERVER.TLD
        # Expires (via ExpiresByType to override global settings)
        ServerAdmin webmaster@localhost
        ExpiresByType image/gif "access plus 6 months"
        DocumentRoot /var/www/
        ExpiresByType image/png "access plus 6 months"
        ExpiresByType image/jpg "access plus 6 months"
        <Directory /var/www/>
        ExpiresByType image/jpeg "access plus 6 months"
                AllowOverride None
        ExpiresByType text/css "access plus 6 months"
                Order allow,deny
        ExpiresByType text/html "access plus 6 months"
                allow from all
        ExpiresByType text/xml "access plus 6 months"
                RedirectMatch ^/$ /ox6/
        ExpiresByType text/javascript "access plus 6 months"
                Options +FollowSymLinks +SymLinksIfOwnerMatch
        ExpiresByType text/x-js "access plus 6 months"
        </Directory>
        ExpiresByType application/x-javascript "access plus 6 months"
        # deflate
        ExpiresDefault "access plus 6 months"
      AddOutputFilterByType DEFLATE text/html text/plain text/javascript application/javascript text/css text/xml application/xml text/x-js application/x-javascript
        Header append Cache-Control "private"
        Header unset Last-Modified
        # pre-compressed files
        Header unset Vary
        AddType text/javascript .jsz
        # Strip version
        AddType text/css .cssz
        RewriteEngine On
        AddType text/xml .xmlz
        RewriteRule v=\w+/(.+) $1 [L]
        AddType text/plain .po
        # Turn off ETag
        Header unset ETag
        AddEncoding gzip .jsz .cssz .xmlz
        FileETag None
        SetEnvIf Request_URI "\.(jsz|cssz|xmlz)$" no-gzip
  </Location>
  <Location /ox6/ox.html>
        ExpiresActive On
        ExpiresByType text/html "now"
        ExpiresDefault "now"
        <Location /ox6>
        Header unset Last-Modified
                # Expires (via ExpiresByType to override global settings)
        Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
                ExpiresByType image/gif "access plus 6 months"
        # Turn off ETag
                ExpiresByType image/png "access plus 6 months"
        Header unset ETag
                ExpiresByType image/jpg "access plus 6 months"
        FileETag None
                ExpiresByType image/jpeg "access plus 6 months"
  </Location>
                ExpiresByType text/css "access plus 6 months"
  <Location /ox6/index.html>
                ExpiresByType text/html "access plus 6 months"
        ExpiresByType text/html "now"
                ExpiresByType text/xml "access plus 6 months"
        ExpiresDefault "now"
                ExpiresByType text/javascript "access plus 6 months"
        Header unset Last-Modified
                ExpiresByType text/x-js "access plus 6 months"
        Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
                ExpiresByType application/x-javascript "access plus 6 months"
        # Turn off ETag
                ExpiresDefault "access plus 6 months"
        Header unset ETag
                Header append Cache-Control "private"
        FileETag None
                Header unset Last-Modified
  </Location>
                Header unset Vary
  <Location /ajax>
                # Strip version
  SetOutputFilter DEFLATE
                RewriteEngine On
  </Location>
                RewriteRule v=\w+/(.+) $1 [L]
  </VirtualHost>
                # Turn off ETag
                Header unset ETag
                FileETag None
        </Location>
        <Location /ox6/ox.html>
                ExpiresByType text/html "now"
                ExpiresDefault "now"
                Header unset Last-Modified
                Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
                # Turn off ETag
                Header unset ETag
                FileETag None
        </Location>
        <Location /ox6/index.html>
                ExpiresByType text/html "now"
                ExpiresDefault "now"
                Header unset Last-Modified
                Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
                # Turn off ETag
                Header unset ETag
                FileETag None
        </Location>
</VirtualHost>


If you use this method, you have to make sure that dav.MYSERVER.TLD is reachable, your dns configuration need an entry for this name. Take care of the the dav.* logfiles, the example writes them without logrotation to /tmp.
If you use this method, you have to make sure that dav.MYSERVER.TLD is reachable, your dns configuration need an entry for this name. Take care of the the dav.* logfiles, the example writes them without logrotation to /tmp.

Revision as of 16:35, 29 November 2011

Installation CalDAV and CardDAV with Open-Xchange (Beta)

OXtender for Mac OS X will be discontinued due to the fact that the latest version of Apple OS X “Lion” will no longer support Apple SyncServices, which synchronization with OXtender for Mac OS X was based on. To support future synchronization between Open-Xchange Server and Mac OS X application, Open-Xchange implements synchronization functionality that will be using CalDAV and CardDAV protocols.

The new synchronization protocols are available for all customers with a valid Open-Xchange license of Open-Xchange Server Edition and Open- Xchange Hosting Edition.

Please note: As of today the Open-Xchange CalDAV and CardDAV support is „Beta“ and will be continuously enhanced. With this release only the native OS X applications are supported. The support for other clients e.g. Thunderbird is planned for a future releases. The CardDAV support only synchronizes one address book. Currently the global address book plus the user’s private address book or the users aggregated addressboook will get merged into one address book on the OS X device.

Open-Xchange is eagerly interested in learning about your tests, specifically in your specific environment. Please provide us with your feedback via our Public Bugzilla OX6 Server Edition

What are CalDAV and CardDAV?

CalDAV and CardDAV are standard protocols for the exchange of calendar data and address data respectively. We currently support the Mac OS X Clients, Version 10.5 and upward with these protocols. What do they do for a user? The CalDAV interface publishes all the users calendar via CalDAV so she can subscribe to them in Mac OS X iCal program. Addressbook on the other hand is more limited, as it can only subscribe one contact folder. As an administrator you can either publish the standard contact folder plus the global addressbook or use the (equally new) contact aggregation feature to assemble and publish an aggregated folder containing all the address data visible for a given user in a context merged as best we can at this point. Depending on whether the open-xchange-contact-aggregator package is installed and activated, the first or second option is chosen. Note: The open-xchange-contact-aggregator bundle is optional and should be considered experimental

User Guide and Configuration

Please find further information regarding the configuration at the User Guide

Preparation

Alternative 1: Apache vhost (recommended)

Please edit your file /etc/apache2/ox6.conf so that the existing configuration for ox as well as the new configuration for CalDAV and CardDav are placed inside a virtual host .

This is an example where MYSERVER.TLD is the domain-name of the ox-server:

  $ vi /etc/apache2/ox6.conf 
NameVirtualHost *:80
<VirtualHost *:80>
       ServerName dav.MYSERVER.TLD
       ErrorLog /tmp/dav.err.log
       TransferLog /tmp/dav.access.log
       <Proxy />
               Order allow,deny
               Allow from all
       </Proxy>
       ProxyPass / ajp://localhost:8009/servlet/dav/ smax=0 ttl=60 retry=5
</VirtualHost>

<VirtualHost *:80>
       ServerName MYSERVER.TLD
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/

       <Directory /var/www/>
               AllowOverride None
               Order allow,deny
               allow from all
               RedirectMatch ^/$ /ox6/
               Options +FollowSymLinks +SymLinksIfOwnerMatch
       </Directory>
       # deflate
      AddOutputFilterByType DEFLATE text/html text/plain text/javascript application/javascript text/css text/xml application/xml text/x-js application/x-javascript

       # pre-compressed files
       AddType text/javascript .jsz
       AddType text/css .cssz
       AddType text/xml .xmlz
        AddType text/plain .po

       AddEncoding gzip .jsz .cssz .xmlz
       SetEnvIf Request_URI "\.(jsz|cssz|xmlz)$" no-gzip

       ExpiresActive On

       <Location /ox6>
               # Expires (via ExpiresByType to override global settings)
               ExpiresByType image/gif "access plus 6 months"
               ExpiresByType image/png "access plus 6 months"
               ExpiresByType image/jpg "access plus 6 months"
               ExpiresByType image/jpeg "access plus 6 months"
               ExpiresByType text/css "access plus 6 months"
               ExpiresByType text/html "access plus 6 months"
               ExpiresByType text/xml "access plus 6 months"
               ExpiresByType text/javascript "access plus 6 months"
               ExpiresByType text/x-js "access plus 6 months"
               ExpiresByType application/x-javascript "access plus 6 months"
               ExpiresDefault "access plus 6 months"
               Header append Cache-Control "private"
               Header unset Last-Modified
               Header unset Vary
               # Strip version
               RewriteEngine On
               RewriteRule v=\w+/(.+) $1 [L]
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>

       <Location /ox6/ox.html>
               ExpiresByType text/html "now"
               ExpiresDefault "now"
               Header unset Last-Modified
               Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>

       <Location /ox6/index.html>
               ExpiresByType text/html "now"
               ExpiresDefault "now"
               Header unset Last-Modified
               Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>
</VirtualHost>

If you use this method, you have to make sure that dav.MYSERVER.TLD is reachable, your dns configuration need an entry for this name. Take care of the the dav.* logfiles, the example writes them without logrotation to /tmp.

Alternative 2: Apache useragent detection

For environments where it is inconvenient to setup a vhost there is the possibility to redirect to relevant servlets another way: Via useragent detection. This is not recommended for the following reason: Per definition this is a whitelist-approach and any client sending a useragent-string not explicitly listed in the configuration will not be able to connect . Useragent-strings may also change between different versions of an application or may even be actively changed into something non-standard.

  $ vi /etc/apache2/ox6.conf
  RewriteEngine On   
  RewriteCond %{HTTP_USER_AGENT}      AddressBook        [OR]
  RewriteCond %{HTTP_USER_AGENT}      CalendarStore      [OR]
  RewriteCond %{HTTP_USER_AGENT}      CoreDAV            
  RewriteRule (.*)                  ajp://localhost:8009/servlet/dav$1     [P]

Note: The address book app on OSX 10.6 uses a localized user-agent string. If you're expecting clients with non-english language settings, you need to add the translated user-agent string to these rewrite rules. For example: "Adressbuch" for german OSX clients.

Which packages do I need?

To get CalDAV and CardDAV up and running you need the following packages:

  • open-xchange-webdav-directory - Assembles the *DAV interfaces into a common tree. This is needed for publishing certain properties so clients accept the OX is a WebDAV Server.
  • open-xchange-webdav-acl - The WebDAV equivalent of the /ajax/user interface. Allows clients to discover the current and other users and their addressbooks and calendars.
  • open-xchange-carddav - The CardDAV interface exposing the users addressbook via carddav
  • open-xchange-caldav - The CalDAV inteface exposing the users calendars via caldav

and optionally

  • open-xchange-contact-aggregator - Creates (and updates daily) a folder "all my contacts" in which all contacts a user can see are aggregated. This is very experimental and should be considered alpha state.


Install on OX AppSuite

Debian GNU/Linux 11.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/updates/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/updates/updates/DebianBullseye/ /

and run

$ apt-get update
$ apt-get install open-xchange-caldav open-xchange-carddav open-xchange-webdav-acl open-xchange-webdav-directory

Debian GNU/Linux 12.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/updates/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/updates/updates/DebianBookworm/ /

and run

$ apt-get update
$ apt-get install open-xchange-caldav open-xchange-carddav open-xchange-webdav-acl open-xchange-webdav-directory


Configuration

CalDAV

The property com.openexchange.caldav.enabled governs whether a user has access to the CalDAV interface. This can be configured along the config cascade, in the default setting, everyone that has access to the infostore also has access to caldav. This is achieved in the following way:

/opt/open-xchange/etc/groupware/caldav.properties:

 com.openexchange.caldav.enabled=false

/opt/open-xchange/etc/groupware/contextSets/caldav.yml

 premium:
     com.openexchange.caldav.enabled: true
     withTags: ucInfostore

This means: In general caldav is turned off, but using the contextSets feature of the config cascade it is turned on for everyone that has infostore access.

CardDAV

Similarly to caldav the property com.openexchange.carddav.enabled governs whether carddav is available for a certain user. This is configured exactly like caldav with the config cascade only enabling this for users that have access to the infostore:

The property com.openexchange.carddav.ignoreFolders contains a blacklist of folderIds that will not be served via caldav. In large contexts in enterprise installations it might make sense to disable the global addressbook in carddav:

  com.openexchange.carddav.ignoreFolders=6

Contact Aggregation

The contact aggregator can be enabled by enabling the property com.openexchange.contact.aggregator.enabled. By default this is turned off. Installations in which the contact aggregation feature should be enabled, must switch this property to true.

The contact aggregator knows how to do two kinds of aggregation runs. A fast run and a slow run. The fast run will collect all contacts from all folders a user can see, the slow run will, in addition, scour all email accounts for email addresses. Whether the system does these runs, and how often can be configured with the properties:

com.openexchange.contact.aggregator.fastRunInterval and com.openexchange.contact.aggregator.slowRunInterval

The value can be a number of milliseconds or an interval specification with ms for milliseconds, s for seconds, m for minutes, h for hours, d for days and w for weeks. For example, if you want to do the fast run once a day and the slow run once a week you could configure the following:

 com.openexchange.contact.aggregator.fastRunInterval=1d
 com.openexchange.contact.aggregator.slowRunInterval=1w

By default, slow runs are deactivated, fast runs are performed once a day.

In case you allow slow runs, the number of mails per mailfolder can be configured with the property:

  com.openexchange.contact.aggregator.mailLimit=3000

As for CardDAV you can configure a list of folders that should not be part of an aggregation run with the property

com.openexchange.contact.aggregator.folderBlacklist

which can contain a comma separated blacklist of folderIds.

To find out how to set up the Mac OS X clients, please see: Setting up CalDAV and CardDAV in Mac OS X