Caldav carddav Bundles

Revision as of 14:20, 2 February 2012 by Thomas.siedentopf (talk | contribs) (changed support status ans wording around it)

Installation CalDAV and CardDAV with Open-Xchange

OXtender for Mac OS X is discontinued due to the fact that the latest version of Apple OS X “Lion” no longer support Apple SyncServices, which synchronization with OXtender for Mac OS X was based on. To support synchronization between Open-Xchange Server and Mac OS X application, Open-Xchange implements synchronization functionality that is using CalDAV and CardDAV protocols.

The new synchronization protocols are available and supported for all customers with a valid Open-Xchange license of Open-Xchange Server Edition and Open-Xchange Hosting Edition starting with Version 6.20.1 Rev5.

What are CalDAV and CardDAV?

CalDAV and CardDAV are standard protocols for the exchange of calendar data and address data respectively. Currently we support Mac OS X iCal and Addressbook, in Mac OS X 10.6 and upward with these protocols. What do they do for a user? The CalDAV interface publishes all the users calendar via CalDAV so the user can subscribe to them in Mac OS X iCal program. Addressbook on the other hand is more limited, as it can only subscribe one contact folder. As an administrator you can either publish the standard contact folder plus the global addressbook or use the (equally new) contact aggregation feature to assemble and publish an aggregated folder containing all the address data visible for a given user in a context merged as best we can at this point. Depending on whether the open-xchange-contact-aggregator package is installed and activated, the first or second option is chosen. Note: The open-xchange-contact-aggregator bundle is optional and should be considered experimental

User Guide and Configuration

Please find further information regarding the configuration at the User Guide

Preparation

Alternative 1: Apache vhost (recommended)

Please edit your file /etc/apache2/ox6.conf so that the existing configuration for ox as well as the new configuration for CalDAV and CardDav are placed inside a virtual host .

This is an example where MYSERVER.TLD is the domain-name of the ox-server:

  $ vi /etc/apache2/ox6.conf 
NameVirtualHost *:80
<VirtualHost *:80>
       ServerName dav.MYSERVER.TLD
       ErrorLog /tmp/dav.err.log
       TransferLog /tmp/dav.access.log
       <Proxy />
               Order allow,deny
               Allow from all
       </Proxy>
       ProxyPass / ajp://localhost:8009/servlet/dav/ smax=0 ttl=60 retry=5
</VirtualHost>

<VirtualHost *:80>
       ServerName MYSERVER.TLD
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/

       <Directory /var/www/>
               AllowOverride None
               Order allow,deny
               allow from all
               RedirectMatch ^/$ /ox6/
               Options +FollowSymLinks +SymLinksIfOwnerMatch
       </Directory>
       # deflate
      AddOutputFilterByType DEFLATE text/html text/plain text/javascript application/javascript text/css text/xml application/xml text/x-js application/x-javascript

       # pre-compressed files
       AddType text/javascript .jsz
       AddType text/css .cssz
       AddType text/xml .xmlz
        AddType text/plain .po

       AddEncoding gzip .jsz .cssz .xmlz
       SetEnvIf Request_URI "\.(jsz|cssz|xmlz)$" no-gzip

       ExpiresActive On

       <Location /ox6>
               # Expires (via ExpiresByType to override global settings)
               ExpiresByType image/gif "access plus 6 months"
               ExpiresByType image/png "access plus 6 months"
               ExpiresByType image/jpg "access plus 6 months"
               ExpiresByType image/jpeg "access plus 6 months"
               ExpiresByType text/css "access plus 6 months"
               ExpiresByType text/html "access plus 6 months"
               ExpiresByType text/xml "access plus 6 months"
               ExpiresByType text/javascript "access plus 6 months"
               ExpiresByType text/x-js "access plus 6 months"
               ExpiresByType application/x-javascript "access plus 6 months"
               ExpiresDefault "access plus 6 months"
               Header append Cache-Control "private"
               Header unset Last-Modified
               Header unset Vary
               # Strip version
               RewriteEngine On
               RewriteRule v=\w+/(.+) $1 [L]
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>

       <Location /ox6/ox.html>
               ExpiresByType text/html "now"
               ExpiresDefault "now"
               Header unset Last-Modified
               Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>

       <Location /ox6/index.html>
               ExpiresByType text/html "now"
               ExpiresDefault "now"
               Header unset Last-Modified
               Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
               # Turn off ETag
               Header unset ETag
               FileETag None
       </Location>
</VirtualHost>

If you use this method, you have to make sure that dav.MYSERVER.TLD is reachable, your dns configuration need an entry for this name. Take care of the the dav.* logfiles, the example writes them without logrotation to /tmp.

Alternative 2: Apache useragent detection

For environments where it is inconvenient to setup a vhost there is the possibility to redirect to relevant servlets another way: Via useragent detection. This is not recommended for the following reason: Per definition this is a whitelist-approach and any client sending a useragent-string not explicitly listed in the configuration will not be able to connect . Useragent-strings may also change between different versions of an application or may even be actively changed into something non-standard.

  $ vi /etc/apache2/ox6.conf
  RewriteEngine On   
  RewriteCond %{HTTP_USER_AGENT}      AddressBook        [OR]
  RewriteCond %{HTTP_USER_AGENT}      Address%20Book        [OR]
  RewriteCond %{HTTP_USER_AGENT}      CalendarStore      [OR]
  RewriteCond %{HTTP_USER_AGENT}      CoreDAV            
  RewriteRule (.*)                  ajp://localhost:8009/servlet/dav$1     [P]

Note: The address book app on OSX 10.6 uses a localized user-agent string. If you're expecting clients with non-english language settings, you need to add the translated user-agent string to these rewrite rules. For example: "Adressbuch" for german OSX clients.

Which packages do I need?

To get CalDAV and CardDAV up and running you need the following packages:

  • open-xchange-webdav-directory - Assembles the *DAV interfaces into a common tree. This is needed for publishing certain properties so clients accept the OX is a WebDAV Server.
  • open-xchange-webdav-acl - The WebDAV equivalent of the /ajax/user interface. Allows clients to discover the current and other users and their addressbooks and calendars.
  • open-xchange-carddav - The CardDAV interface exposing the users addressbook via carddav
  • open-xchange-caldav - The CalDAV inteface exposing the users calendars via caldav

and optionally

  • open-xchange-contact-aggregator - Creates (and updates daily) a folder "all my contacts" in which all contacts a user can see are aggregated. This is very experimental and should be considered alpha state.


Install on OX AppSuite

Debian GNU/Linux 10.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/updates/DebianBuster/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/updates/updates/DebianBuster/ /

and run

$ apt-get update
$ apt-get install open-xchange-caldav open-xchange-carddav open-xchange-webdav-acl open-xchange-webdav-directory

Debian GNU/Linux 11.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/updates/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/updates/updates/DebianBullseye/ /

and run

$ apt-get update
$ apt-get install open-xchange-caldav open-xchange-carddav open-xchange-webdav-acl open-xchange-webdav-directory


Configuration

CalDAV

The property com.openexchange.caldav.enabled governs whether a user has access to the CalDAV interface. This can be configured along the config cascade, in the default setting, everyone that has access to the infostore also has access to caldav. This is achieved in the following way:

/opt/open-xchange/etc/groupware/caldav.properties:

 com.openexchange.caldav.enabled=false

/opt/open-xchange/etc/groupware/contextSets/caldav.yml

 premium:
     com.openexchange.caldav.enabled: true
     withTags: ucInfostore

This means: In general CalDAV is turned off, but using the contextSets feature of the config cascade it is turned on for everyone that has infostore access.

CardDAV

Similarly to caldav the property com.openexchange.carddav.enabled governs whether CardDAV is available for a certain user. This is configured exactly like CalDAV with the config cascade only enabling this for users that have access to the infostore:

The property com.openexchange.carddav.ignoreFolders contains a blacklist of folders that will not be served via CalDAV. In large contexts in enterprise installations it might make sense to disable the global addressbook in CardDAV:

  com.openexchange.carddav.ignoreFolders=6

Contact Aggregation

The contact aggregator can be enabled by enabling the property com.openexchange.contact.aggregator.enabled. By default this is turned off. Installations in which the contact aggregation feature should be enabled, must switch this property to true.

The contact aggregator knows how to do two kinds of aggregation runs. A fast run and a slow run. The fast run will collect all contacts from all folders a user can see, the slow run will, in addition, scour all email accounts for email addresses. Whether the system does these runs, and how often can be configured with the properties:

com.openexchange.contact.aggregator.fastRunInterval and com.openexchange.contact.aggregator.slowRunInterval

The value can be a number of milliseconds or an interval specification with ms for milliseconds, s for seconds, m for minutes, h for hours, d for days and w for weeks. For example, if you want to do the fast run once a day and the slow run once a week you could configure the following:

 com.openexchange.contact.aggregator.fastRunInterval=1d
 com.openexchange.contact.aggregator.slowRunInterval=1w

By default, slow runs are deactivated, fast runs are performed once a day.

In case you allow slow runs, the number of mails per mailfolder can be configured with the property:

  com.openexchange.contact.aggregator.mailLimit=3000

As for CardDAV you can configure a list of folders that should not be part of an aggregation run with the property

com.openexchange.contact.aggregator.folderBlacklist

which can contain a comma separated blacklist of folderIds.

To find out how to set up the Mac OS X clients, please see: Setting up CalDAV and CardDAV in Mac OS X