DAViCal 1.0.2 on RHEL 5 & 6

To follow up on my previous post about DAViCal, I’ve built and published RPMs for DAViCal itself and the php-awl dependency.

These are based off provided spec files from the project and tweaked somewhat to be more suitable for RHEL 5 & 6.

 

RHEL 5 & PostgreSQL 8.1 Note

Whilst DAViCal is intended (and for normal operation, does) work with PostgreSQL 8.1 or later, this version is too old for the LDAP authentication module to work, as it uses some PostgreSQL 8.4 version queries.

Fortunately RHEL & CentOS ship with both PostgreSQL 8.1 and PostgreSQL 8.4 now available, so you can fix the solution by installing with:

# yum install davical postgresql84-server

 

RHEL 5 & 6 Installation Instructions

These instructions assume you have confirmed the Amberdms RHEL 5 “amberdms-os” repository at minimum – or you can go and pull the specific RPM files you want – php-awl and davical and add them to your own repository.

Once the repositories are setup, simply install with:

# yum install davical

DAViCal uses PostgreSQL, if this is a new/first PostgreSQL installation, you will need to start and possibly initilise the DB:

# service postgresql start
 /var/lib/pgsql/data is missing. Use "service postgresql initdb" to
 initialize the cluster first.     [FAILED]
# service postgresql initdb
 Initializing database:    [  OK  ]
# service postgresql start
 Starting postgresql service:     [  OK  ]

We need to edit the PostgreSQL user authentication configuration to allow local-only password-less access for the DAViCal application. Optionally you can configure MD5, ident or other desired methods. Add the two lines below to the configuration file, above any existing lines.

# vi /var/lib/pgsql/data/pg_hba.conf

 # trust davical
 local   davical davical_app     trust
 local   davical davical_dba     trust

Restart PostgreSQL for the changes to take effect:

# service postgresql restart

Install the database:

# cd /tmp/
# su postgres -c /usr/share/davical/dba/create-database.sh

 Supported locales updated.
 Updated view: dav_principal.sql applied.
 CalDAV functions updated.
 RRULE functions updated.
 Database permissions updated.
 NOTE
 ====
 *  The password for the 'admin' user has been set to 'EXAMPLE' 

 Thanks for trying DAViCal!  Check in /usr/share/doc/davical/examples/ for
 some configuration examples.  For help, visit #davical on irc.oftc.net.

Adjust the access rules for Apache & restart it:

# vi /etc/httpd/conf.d/davical.conf
# service httpd restart

Test access at http://localhost/davical/or whatever your appropriate server URL is. Any 403 errors probably suggest fault with the /etc/httpd/conf.d/davical.conf IP ACL configuration.

 

RHEL 5 & 6 Upgrade Instructions

Using the packages I have provided, the DAViCal PostgreSQL DB will be updated on any new releases when installing newer RPMs.

This uses the /usr/share/davical/dba/update-davical-database script supplied with DAViCal and shouldn’t require any manual execution or options normally.

 

LDAP Authentication

To configure LDAP authentication, edit the configuration file and define the external authentication settings.

vi /etc/davical/config.php

See the notes in the file about LDAP configuration or consult the quite reliable source of documentation at the DAViCal wiki.

You will also need to have php-ldap installed – it’s not one of the default package dependencies – if it’s missing, you will get this clear message on the login screen:

"drivers_ldap : function ldap_connect not defined, check your php_ldap module"

To install, run:

# yum install php-ldap
# service httpd restart

If authentication still fails to work, try the following

  1. Check the version of PostgreSQL used – must be 8.4 or later, not 8.1, as per my note at the start of this document.
  2. Check Apache error logs (typically /var/log/httpd/error_log)
  3. Check the LDAP server logs

 

 

 

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

8 Responses to DAViCal 1.0.2 on RHEL 5 & 6

  1. Josep says:

    Hi, I’m trying to follow your tutorial. But I get stuck at the step “Install the database”.
    I run CentOS 6 and I already had Postgresql running.

    Running the command from the step “Install the database” requests a password. Which password?

    I tried using empty or an admin password to no avail. Could you please help?

    Thank you in advance.

    [user@testmail tmp]$ su postgres -c /usr/share/davical/dba/create-database.sh
    Password:
    psql: fe_sendauth: no password supplied
    Password:
    Password:
    Password:
    createdb: database creation failed: ERROR: database "davical" already exists
    Unable to create database
    [user@testmail tmp]$

    • Jethro Carr says:

      hi Josep,

      Looks like your PostgreSQL database is expecting a password for the PostgreSQL admin user and when entered it’s failing since there’s already a database for davical?

      Does psql -l show a davical database as already existing?

      If you had a test/failed install from a previous attempt, you might need to drop the davical database that is currently in there before being able to create the new one.

      regards,
      jethro

  2. Josep says:

    Hi Jethro,

    Thanks for answering.

    Following your advice, I removed the davical database and all davical_* users from my PostgreSQL and I started from scratch.

    I tried again, and the database creator script appears stuck here:

    [root@testmail tmp]# su postgres -c /usr/share/davical/dba/create-database.sh
    Password:
    Password:
    Password:
    Password:
    Password:
    Password:

    I run ps ax and I noticed the following process getting stuck: no changes in 15 minutes.

    21439 pts/0 S+ 0:00 | \_ su postgres -c /usr/share/davical/dba/create-database.sh
    21440 ? Ss 0:00 | \_ /bin/sh /usr/share/davical/dba/create-database.sh
    21474 ? S 0:00 | \_ /bin/sh /usr/share/davical/dba/create-database.sh
    21475 ? S 0:00 | \_ psql -U davical_dba -qXAt -c SELECT usename FROM pg_user; davical

    Checked PostgreSQL processes for table davical an there is one process:
    SELECT * FROM pg_catalog.pg_stat_activity
    WHERE datname=’davical’ ORDER BY usename, procpid

    Any idea?

    Thanks in advance,
    Josep

    • Jethro Carr says:

      It looks to me like your PostgreSQL server is trying to authenticate the create-database.sh’s SQL connection attempts using trust authentication (password based checks).

      In file /var/lib/pgsql/data/pg_hba.conf, do your davical lines look like:
      local davical davical_app trust
      local davical davical_dba trust

      Note that I’m not certain, but I suspect that pg_hba.conf may be order specific, so move these up above any other definitions already in that file.

      You’ll have to restart PostgreSQL following that change.

      Essentially this configuration tells PostgreSQL to trust any user authentication as user “davical” without a password if the authentication attempt is coming from the localhost only.

      If you have other untrusted applications on the server you may want to look at other methods such as password/pam/ldap authentication for the DB users, but it complicates the setup somewhat.

      • Josep says:

        Hi Jethro,

        Hah! How about that! Now it worked:

        su postgres -c /usr/share/davical/dba/create-database.sh
        Password:
        Password:
        Password:
        Password:
        Password:
        Password:
        Password:

        Supported locales updated.
        Updated view: dav_principal.sql applied.
        CalDAV functions updated.
        RRULE functions updated.
        Database permissions updated.
        NOTE
        ====
        * You will need to edit the PostgreSQL pg_hba.conf to allow the
        ‘davical_dba’ database user access to the ‘davical’ database.

        * You will need to edit the PostgreSQL pg_hba.conf to allow the
        ‘davical_app’ database user access to the ‘davical’ database.

        * The password for the ‘admin’ user has been set to ‘KzFqjKnX’

        Thanks for trying DAViCal! Check in /usr/share/doc/davical/examples/ for
        some configuration examples. For help, visit #davical on irc.oftc.net.

        Now, on to keep working on it.

        Thank you very much,
        Regards

    • Jethro Carr says:

      FYI, the stuck process shown in ps is probably a symptom of the script being stuck waiting for a valid password before it can process, rather than a hang in the script or PostgreSQL.

      • Josep says:

        Yup, that was it.

        After the script finished properly (after moving davical trust lines to the top of /var/lib/pgsql/data/pg_hba.conf and restarting PostgreSQL) , there was no stuck process .

        Thank you again,
        Josep

Leave a Reply to Jethro Carr Cancel reply