sabredav_packages:
- php
- php-json
- php-ldap
- php-mbstring
- php-opcache
- php-pdo
- php-pgsql
- php-pecl-zip
- php-xml
- python3-psycopg2
- git
sabredav_composer_url: https://getcomposer.org/installer
sabredav_git_repo: https://github.com/sacredheartsc/sabredav-freeipa
sabredav_home: /var/www/sabredav
sabredav_keytab: /var/lib/gssproxy/clients/{{ sabredav_user }}.keytab
sabredav_writable_dirs:
- webdav
- tmpdata
sabredav_php_environment:
GSS_USE_PROXY: 'yes'
sabredav_php_flags:
output_buffering: no
always_populate_raw_post_data: no
mbstring.func_overload: no
sabredav_archive_shell: >-
TIMESTAMP=$(date +%Y%m%d%H%M%S);
tar czf "webdav-${TIMESTAMP}.tar.gz"
--transform "s|^\.|webdav-${TIMESTAMP}|"
-C "{{ sabredav_home }}/webdav" .
sabredav_apache_config: |
Redirect /.well-known/caldav /server.php
Redirect /.well-known/carddav /server.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule .* /server.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
AuthName "FreeIPA Single Sign-On"
AuthType GSSAPI
GssapiLocalName On
{{ apache_gssapi_session_config }}
AuthType Basic
AuthBasicProvider ldap
{{ apache_ldap_config }}
Require ldap-attribute memberof=cn={{ sabredav_access_group }},{{ freeipa_group_basedn }}