1.1 --- a/docs/wiki/WebServerIntegration Wed Oct 28 17:06:44 2015 +0100
1.2 +++ b/docs/wiki/WebServerIntegration Wed Oct 28 18:08:40 2015 +0100
1.3 @@ -3,13 +3,13 @@
1.4 Although imip-agent is mostly concerned with e-mail messaging, it can
1.5 integrate with a Web server for the following purposes:
1.6
1.7 - * To publish free/busy information for calendar users
1.8 - * To provide a management interface for calendar users
1.9 + * To [[../FreeBusyPublishing|publish free/busy information]] for calendar users
1.10 + * To provide a [[../CalendarManager|management interface]] for calendar users
1.11
1.12 Currently, imip-agent provides configuration files for Apache, but other Web
1.13 servers may also be supported.
1.14
1.15 -== Authentication and Access Control ==
1.16 +== Authentication and Access Control in Apache ==
1.17
1.18 Apache supports a range of mechanisms for protecting resources and
1.19 authenticating users. Most usefully for imip-agent given the
1.20 @@ -17,3 +17,43 @@
1.21 [[http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html|LDAP]] and
1.22 [[http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html|text-based lists]]
1.23 of users are available for such purposes.
1.24 +
1.25 +== Configuring Web Servers for Free/Busy Publishing ==
1.26 +
1.27 +Each user may request the [[../FreeBusyPublishing|publishing]] of their
1.28 +free/busy information by configuring certain settings. The
1.29 +`conf/apache/imip-agent.conf` file provides a configuration file for
1.30 +deployment with the Apache Web server software that exposes a directory for
1.31 +Web publishing containing the published free/busy information.
1.32 +
1.33 +Access to free/busy information may not be moderated, but Web server
1.34 +directives can be introduced to impose access controls. Mail programs that
1.35 +wish to consult the free/busy information may have problems in dealing with
1.36 +authentication mechanisms, however, and it may be regarded as acceptable in
1.37 +certain environments to expose such information publicly or with
1.38 +network-specific access constraints.
1.39 +
1.40 +== Configuring Web Servers for the Calendar Management Interface ==
1.41 +
1.42 +A [[../CalendarManager|calendar management interface]] is provided to allow
1.43 +users to view and interact with their calendars through the Web. The
1.44 +`conf/apache/imip-manager.conf` file provides a configuration file for
1.45 +deployment with the Apache Web server software that enables this interface.
1.46 +
1.47 +The management interface is deployed as a CGI program, meaning that a suitable
1.48 +module must be enabled in the Apache configuration. On Debian, this is done as
1.49 +follows:
1.50 +
1.51 +{{{
1.52 +a2enmod cgi
1.53 +}}}
1.54 +
1.55 +Since such access to calendars should only be performed by identified
1.56 +users, access controls are suggested in the configuration file. Modules
1.57 +providing additional authentication support may need to be enabled. For
1.58 +example, on Debian, the LDAP authentication/authorisation support is enabled
1.59 +as follows:
1.60 +
1.61 +{{{
1.62 +a2enmod authnz_ldap
1.63 +}}}