Web Server Integration

Although imip-agent is mostly concerned with e-mail messaging, it can integrate with a Web server for the following purposes:

Currently, imip-agent provides configuration files for Apache, but other Web servers may also be supported.

Authentication and Access Control in Apache

Apache supports a range of mechanisms for protecting resources and authenticating users. Most usefully for imip-agent given the e-mail integration requirements, modules supporting LDAP and text-based lists of users are available for such purposes.

Configuring Web Servers for Free/Busy Publishing

Each user may request the publishing of their free/busy information by configuring certain settings. The conf/apache/imip-agent.conf file provides a configuration file for deployment with the Apache Web server software that exposes a directory for Web publishing containing the published free/busy information.

On Debian, to enable the serving of free/busy data, copy the configuration file to the Apache configuration and enable it as follows

cp conf/apache/imip-agent.conf /etc/apache2/sites-available/
a2ensite imip-agent

Access to free/busy information may not be moderated, but Web server directives can be introduced to impose access controls. Mail programs that wish to consult the free/busy information may have problems in dealing with authentication mechanisms, however, and it may be regarded as acceptable in certain environments to expose such information publicly or with network-specific access constraints.

Configuring Web Servers for the Calendar Management Interface

A calendar management interface is provided to allow users to view and interact with their calendars through the Web. The conf/apache/imip-manager.conf file provides a configuration file for deployment with the Apache Web server software that enables this interface.

Configuring the Management Interface

The config.txt file described in the configuration guide provides some settings that can be adjusted to configure the management interface.

Setting

Result

MANAGER_INTERFACE

If set to True, causes links to the interface to be included in notification messages sent by imip-agent. If set to False, such links will be omitted.

MANAGER_URL

The deployment URL of the management interface. Together with the MANAGER_PATH described below, this forms the basis of the links described above. Some examples:

http://webserver.example.com/
http://webserver.example.com/webapps/

It can be left as None and a default URL will be built using the hostname of the system running the software.

MANAGER_URL_SCHEME

The URL scheme or protocol employed if a default URL is being constructed instead of MANAGER_URL providing a value. Some examples:

http://
https://

Since the manager is only likely to be available via common Web protocols, other values may not make much sense.

MANAGER_PATH

The "path info" added to the MANAGER_URL that locates the management interface in its deployment location. Some examples:

/
/imip-agent

This setting affects the imip-manager.conf file, whose Alias, ScriptAlias and Location directives should be changed if this setting is changed.

Deploying the Configuration

On Debian, to enable the management interface, copy the configuration file to the Apache configuration and enable it as follows:

cp conf/apache/imip-manager.conf /etc/apache2/sites-available/
a2ensite imip-manager

The management interface is deployed as a CGI program, meaning that a suitable module must be enabled in the Apache configuration. On Debian, this is done as follows:

a2enmod cgi

Since such access to calendars should only be performed by identified users, access controls are suggested in the configuration file. Modules providing additional authentication support may need to be enabled. For example, on Debian, the LDAP authentication/authorisation support is enabled as follows:

a2enmod authnz_ldap

Authenticating Users

The imip-manager.conf file contains example directives for accessing authentication services or data.

Where LDAP authentication is to be used, the appropriate LDAP URL needs to be specified using a directive. For example:

AuthLDAPUrl "ldap://localhost/ou=People,dc=example,dc=com?mail?sub"

Here, the mail attribute is used to match the username provided in the authentication dialogue. Configuration changes may be required within the LDAP infrastructure to allow this mechanism to function, but this is not described here.

Meanwhile, particularly where simple integration strategies have been chosen, a plain text user file can be employed to authenticate users. For example:

AuthUserFile /var/www/imip-agent/users

Such a file should be created using the usual tools provided by the Apache Web server distribution.