Projects
Wiki     Timeline     Roadmap     Browse Source     View Tickets     New Ticket     Search

Apache Directory Services

The BasicDirectoryService and DigestDirectoryService directory services are configurable using configuration files in the same formats as used by the Apache HTTP server, allowing you to easily share user and group information with an Apache server.

Configuring the Calendar Server

The full name of the implementation classes are twistedcaldav.directory.apache.BasicDirectoryService and twistedcaldav.directory.apache.DigestDirectoryService. These services provide for the basic and digest HTTP authentication mechanisms, respectively.

Both services take a userFile parameter which contains the name of the file to read user principal information from and an optional groupFile parameter which contains the name of the file to read group principal information from.

For example, for digest: 

<!--  Apache-style Digest Directory Service -->
<key>DirectoryService</key>
<dict>
  <key>type</key>
  <string>twistedcaldav.directory.apache.DigestDirectoryService</string>

  <key>params</key>
  <dict>
    <key>userFile</key>
    <string>conf/digest</string>
    <key>groupFile</key>
    <string>conf/group</string>
  </dict>
</dict>

The service re-reads the user and group files if either file's timestamp changes, so edits to the files should not require a server restart.

Note that basic authentication is highly insecure because it sends password information in plain text over the network (where is may be intercepted) and should not be enabled on a server unless all connections are somehow secured, for example, by enabling SSL and disabling non-SSL connections.

Configuring principals

In the case of BasicDirectoryService, the user file must be in the form generated by the Apache htpasswd command, and in the case of DigestDirectoryService, the user file must be in the form generated by the Apache htdigest command.

Both user file formats contain a single entry per line, with fields separated by the colon (:) character. The basic format has two fields, one containing a user identifier and the second containing the user's password in the UNIX crypt format. The digest format has three fields: a user identifier, a realm name, and the user's password in a digested format.

An example basic user file: 

wsanchez:Cytm0Bwm7CPJs
cdaboo:I.Ef5FJl5GVh2
dreid:LVhqAv4qSrYPs
lecroy:/7/5VDrkrLxY.

And an example digest user file: 

wsanchez:Test:decbe233ab3d997cacc2fc058b19db8c
cdaboo:Test:61164bf3d607d072fe8a7ac420b24aac
dreid:Test:8ee67801004b2752f72b84e7064889a6
lecroy:Test:60d4feb424430953be045738041e51be

The group file is in a similar format, with one entry of colon-separated field per line. Each line has two fields: a group identifier, and a comma- (,) separated list of user identifiers which identify the members of the group.

And example group file: 

managers: lecroy
grunts: wsanchez, cdaboo, dreid
right_coast: cdaboo
left_coast: wsanchez, dreid, lecroy

The user files should be edited using the htpasswd and htdigest tools. The group file is typically edited by hand.