blob: 6463d3746c4903f83e322dd915d711d1c6289189 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
sabredav_packages:
- php
- php-json
- php-ldap
- php-mbstring
- php-opcache
- php-pdo
- php-pgsql
- php-pecl-zip
- php-xml
- python3-psycopg2
- git
sabredav_composer_url: https://getcomposer.org/installer
sabredav_git_repo: https://github.com/sacredheartsc/sabredav-freeipa
sabredav_home: /var/www/sabredav
sabredav_keytab: /var/lib/gssproxy/clients/{{ sabredav_user }}.keytab
sabredav_writable_dirs:
- webdav
- tmpdata
sabredav_php_environment:
GSS_USE_PROXY: 'yes'
sabredav_php_flags:
output_buffering: no
always_populate_raw_post_data: no
mbstring.func_overload: no
sabredav_archive_shell: >-
TIMESTAMP=$(date +%Y%m%d%H%M%S);
tar czf "webdav-${TIMESTAMP}.tar.gz"
--transform "s|^\.|webdav-${TIMESTAMP}|"
-C "{{ sabredav_home }}/webdav" .
sabredav_apache_config: |
Redirect /.well-known/caldav /server.php
Redirect /.well-known/carddav /server.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule .* /server.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
<Location />
AuthName "FreeIPA Single Sign-On"
<If "{% for cidr in sabredav_kerberized_cidrs %}-R '{{ cidr }}'{% if not loop.last %} || {% endif %}{% endfor %}">
AuthType GSSAPI
GssapiLocalName On
{{ apache_gssapi_session_config }}
</If>
<Else>
AuthType Basic
AuthBasicProvider ldap
</Else>
{{ apache_ldap_config }}
Require ldap-attribute memberof=cn={{ sabredav_access_group }},{{ freeipa_group_basedn }}
</Location>
|