### Install and Configure Radicale Plugin
Source: https://radicale.org/v3.html
Commands to install the plugin and the configuration snippet to enable it within the Radicale server.
```bash
python3 -m pip install .
```
```ini
[auth]
type = radicale_static_password_auth
password = secret
```
```bash
python3 -m pip uninstall radicale_static_password_auth
```
--------------------------------
### Radicale Configuration File Example
Source: https://radicale.org/v3.html
This is an example of a Radicale configuration file, showing settings for server binding, authentication, and storage. It demonstrates how to specify network interfaces, authentication methods, and storage locations.
```ini
[server]
hosts = 0.0.0.0:5232, [::]:5232
[auth]
type = htpasswd
htpasswd_filename = ~/.config/radicale/users
htpasswd_encryption = autodetect
[storage]
fss_filesystem_folder = ~/.var/lib/radicale/collections
```
--------------------------------
### Create Python Plugin Setup Script
Source: https://radicale.org/v3.html
Defines the setup.py configuration required to package a custom Radicale authentication plugin using Distutils.
```python
#!/usr/bin/env python3
from distutils.core import setup
setup(name="radicale_static_password_auth",
packages=["radicale_static_password_auth"])
```
--------------------------------
### Run Radicale Server
Source: https://radicale.org/v3.html
Commands to start the Radicale server with a specified storage folder and no authentication for testing.
```bash
python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/collections --auth-type none
```
```bash
python3 -m radicale --storage-filesystem-folder=/var/lib/radicale/collections --auth-type none
```
```bash
python -m radicale --storage-filesystem-folder=~/radicale/collections --auth-type none
```
--------------------------------
### Running Radicale with Command-Line Arguments
Source: https://radicale.org/v3.html
This example shows how to run Radicale directly from the command line using various arguments to configure server settings, authentication, and logging. It's an alternative to using a configuration file.
```bash
python3 -m radicale --server-hosts 0.0.0.0:5232,[::]:5232 \
--auth-type htpasswd --auth-htpasswd-filename ~/.config/radicale/users \
--auth-htpasswd-encryption autodetect
```
--------------------------------
### Deploy Radicale with WSGI Servers
Source: https://radicale.org/v3.html
Examples for running Radicale using uWSGI and Gunicorn application servers.
```ini
[uwsgi]
http-socket = 127.0.0.1:5232
processes = 8
plugin = python3
module = radicale
env = RADICALE_CONFIG=/etc/radicale/config
```
```bash
gunicorn --bind '127.0.0.1:5232' --env 'RADICALE_CONFIG=/etc/radicale/config' --workers 8 radicale
```
--------------------------------
### Configure Virtual Environment
Source: https://radicale.org/v3.html
Steps to create and activate a Python virtual environment to avoid externally-managed-environment errors during installation.
```bash
python3 -m venv ~/venv
source ~/venv/bin/activate
```
--------------------------------
### Configuring Radicale via Environment Variables and Startup Scripts
Source: https://radicale.org/v3.html
These examples demonstrate how to use environment variables in shell scripts to pass configuration options to Radicale. It shows different methods for defining and using these variables, including simple strings and arrays.
```bash
## simple variable containing multiple options
RADICALE_OPTIONS="--logging-level=debug --config=/etc/radicale/config --logging-request-header-on-debug --logging-rights-rule-doesnt-match-on-debug"
/usr/bin/radicale $RADICALE_OPTIONS
```
```bash
## variable as array method #1
RADICALE_OPTIONS= ("--logging-level=debug" "--config=/etc/radicale/config" "--logging-request-header-on-debug" "--logging-rights-rule-doesnt-match-on-debug")
/usr/bin/radicale ${RADICALE_OPTIONS[@]}
```
```bash
## variable as array method #2
RADICALE_OPTIONS=()
RADICALE_OPTIONS+=("--logging-level=debug")
RADICALE_OPTIONS+=("--config=/etc/radicale/config")
/usr/bin/radicale ${RADICALE_OPTIONS[@]}
```
--------------------------------
### Install Radicale via Pip
Source: https://radicale.org/v3.html
Commands to install the latest version of Radicale from the GitHub master branch using Python's pip package manager.
```bash
python3 -m pip install --user --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz
```
```bash
python -m pip install --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz
```
--------------------------------
### Define Access Rights Configuration
Source: https://radicale.org/v3.html
Example configuration for the Radicale rights file. Uses regex patterns to match users and collections, assigning specific permissions like R (read) or W (write).
```ini
# Allow reading root collection for authenticated users
[root]
user: .+
collection:
permissions: R
# Allow reading and writing principal collection (same as username)
[principal]
user: .+
collection: {user}
permissions: RW
# Allow reading and writing calendars and address books that are direct
# children of the principal collection
[calendars]
user: .+
collection: {user}/[^/]+
permissions: rw
```
--------------------------------
### Configure Reverse Proxy for Radicale
Source: https://radicale.org/v3.html
Examples for configuring web servers to proxy requests to Radicale at a sub-path. These configurations ensure the X-Script-Name header is set correctly for proper URL routing.
```nginx
location /radicale/ {
proxy_pass http://localhost:5232;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_header Authorization;
}
```
```caddy
handle_path /radicale/* {
uri strip_prefix /radicale
reverse_proxy localhost:5232 {
}
}
```
```apache
RewriteEngine On
RewriteRule ^/radicale$ /radicale/ [R,L]
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
RequestHeader set X-Script-Name /radicale
RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
= 2.4.40>
Proxy100Continue Off
```
```apache
DirectoryIndex disabled
RewriteEngine On
RewriteRule ^(.*)$ http://localhost:5232/$1 [P,L]
# Set to directory of .htaccess file:
RequestHeader set X-Script-Name /radicale
RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
RequestHeader unset X-Forwarded-Proto
RequestHeader set X-Forwarded-Proto "https"
```
```lighttpd
server.modules += ( "mod_proxy" , "mod_setenv" )
$HTTP["url"] =~ "^/radicale/" {
proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "5232" )) )
setenv.add-request-header = ( "X-Script-Name" => "/radicale" )
}
```
--------------------------------
### Define Predefined User Collections
Source: https://radicale.org/v3.html
Example JSON structure for defining default user collections such as address books and calendars within the Radicale configuration.
```json
{
"def-addressbook": {
"D:displayname": "Personal Address Book",
"tag": "VADDRESSBOOK"
},
"def-calendar": {
"C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
"D:displayname": "Personal Calendar",
"tag": "VCALENDAR"
}
}
```
--------------------------------
### Initialize Git Versioning for Collections
Source: https://radicale.org/v3.html
Commands to initialize a Git repository in the Radicale collections directory and configure ignore patterns.
```bash
su -l -s /bin/bash radicale
cd /var/lib/radicale/collections
git init
git config user.name "$USER"
git config user.email "$USER@$HOSTNAME"
cat <<'END' >.gitignore
.Radicale.cache
.Radicale.lock
.Radicale.tmp-*
END
```
--------------------------------
### Implement Custom Authentication Plugin
Source: https://radicale.org/v3.html
Demonstrates how to extend the BaseAuth class to create a static password authentication plugin for Radicale.
```python
from radicale.auth import BaseAuth
from radicale.log import logger
PLUGIN_CONFIG_SCHEMA = {"auth": {
"password": {"value": "", "type": str}}}
class Auth(BaseAuth):
def __init__(self, configuration):
super().__init__(configuration.copy(PLUGIN_CONFIG_SCHEMA))
def _login(self, login, password):
# Get password from configuration option
static_password = self.configuration.get("auth", "password")
# Check authentication
logger.info("Login attempt by %r with password %r",
login, password)
if password == static_password:
return login
return ""
```
--------------------------------
### Configure Server Limits and Timeouts
Source: https://radicale.org/v3.html
Settings to manage server performance, including maximum concurrent connections, file size limits, and authentication delay settings.
```ini
[server]
max_connections = 20
max_content_length = 100000000
timeout = 30
[auth]
delay = 1
```
--------------------------------
### Configure Server Network Binding
Source: https://radicale.org/v3.html
Settings to allow Radicale to listen on all network interfaces for both IPv4 and IPv6 addresses.
```ini
[server]
hosts = 0.0.0.0:5232, [::]:5232
```
--------------------------------
### Configure Radicale SSL Settings
Source: https://radicale.org/v3.html
INI-style configuration for enabling SSL in Radicale, including paths to certificates and certificate authorities.
```ini
[server]
ssl = True
certificate = /path/to/server_cert.pem
key = /path/to/server_key.pem
certificate_authority = /path/to/client_cert.pem
```
--------------------------------
### Manage Users with htpasswd
Source: https://radicale.org/v3.html
Commands to create and manage a password file for Radicale authentication using the htpasswd utility with SHA-512 encryption.
```bash
# Create a new htpasswd file with the user "user1" using SHA-512 as hash method
$ htpasswd -5 -c /path/to/users user1
# Add another user
$ htpasswd -5 /path/to/users user2
```
--------------------------------
### Locking Radicale Storage with flock
Source: https://radicale.org/v3.html
Demonstrates how to acquire exclusive or shared locks on the Radicale storage directory using the Linux flock utility to prevent data corruption during manual access.
```bash
# Exclusive lock for COMMAND
flock --exclusive /path/to/storage/.Radicale.lock COMMAND
# Shared lock for COMMAND
flock --shared /path/to/storage/.Radicale.lock COMMAND
```
--------------------------------
### Set Storage Directory
Source: https://radicale.org/v3.html
Configuration to define the filesystem path where Radicale stores calendar and contact data.
```ini
[storage]
filesystem_folder = /path/to/storage
```
--------------------------------
### Configure htpasswd Authentication
Source: https://radicale.org/v3.html
Configuration settings to enable htpasswd-based authentication in Radicale, supporting both secure and plain text storage methods.
```ini
[auth]
type = htpasswd
htpasswd_filename = /path/to/users
htpasswd_encryption = autodetect
```
```ini
[auth]
type = htpasswd
htpasswd_filename = /path/to/users
htpasswd_encryption = plain
```
--------------------------------
### Defining Collection Types via .Radicale.props
Source: https://radicale.org/v3.html
Shows the JSON content required in the .Radicale.props file to define a folder as either a calendar or an address book within the Radicale storage structure.
```json
{"tag": "VCALENDAR"}
```
```json
{"tag": "VADDRESSBOOK"}
```
--------------------------------
### Define Plain Text User Credentials
Source: https://radicale.org/v3.html
Format for a simple, insecure user credentials file where each line contains a username and password separated by a colon.
```text
user1:password1
user2:password2
```
--------------------------------
### Create Address Book via cURL
Source: https://radicale.org/v3.html
Uses the MKCOL method to create a new CardDAV address book collection. The request body must specify the addressbook resource type.
```bash
curl -u user -X MKCOL 'http://localhost:5232/user/addressbook' --data \
'
Address book
Example address book
'
```
--------------------------------
### Create Calendar via cURL
Source: https://radicale.org/v3.html
Uses the MKCOL method to create a new CalDAV calendar collection. Requires authentication and a properly formatted XML body defining the calendar resource type and properties.
```bash
curl -u user -X MKCOL 'http://localhost:5232/user/calendar' --data \
'
Calendar
Example calendar
#ff0000ff
'
```
--------------------------------
### Generate SSL Certificates for Radicale and Proxy
Source: https://radicale.org/v3.html
Uses OpenSSL to generate self-signed RSA certificates for secure communication between the Radicale server and a reverse proxy.
```bash
openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -nodes -days 9999
openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -nodes -days 9999
```
--------------------------------
### Configure External Authentication via Reverse Proxy
Source: https://radicale.org/v3.html
Configurations for delegating authentication to the web server using the http_x_remote_user method. This requires passing the authenticated username to Radicale via the X-Remote-User header.
```nginx
location /radicale/ {
proxy_pass http://localhost:5232/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
auth_basic "Radicale - Password Required";
auth_basic_user_file /etc/nginx/htpasswd;
}
```
```caddy
handle_path /radicale/* {
uri strip_prefix /radicale
basicauth {
USER HASH
}
reverse_proxy localhost:5232 {
header_up X-Script-Name /radicale
header_up X-remote-user {http.auth.user.id}
}
}
```
```apache
RewriteEngine On
RewriteRule ^/radicale$ /radicale/ [R,L]
AuthType Basic
AuthName "Radicale - Password Required"
AuthUserFile "/etc/radicale/htpasswd"
Require valid-user
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
= 2.4.40>
Proxy100Continue Off
RequestHeader set X-Script-Name /radicale
RequestHeader set X-Remote-User expr=%{REMOTE_USER}
```
```apache
DirectoryIndex disabled
RewriteEngine On
RewriteRule ^(.*)$ http://localhost:5232/$1 [P,L]
AuthType Basic
AuthName "Radicale - Password Required"
AuthUserFile "/etc/radicale/htpasswd"
Require valid-user
# Set to directory of .htaccess file:
RequestHeader set X-Script-Name /radicale
RequestHeader set X-Remote-User expr=%{REMOTE_USER}
```
--------------------------------
### Dovecot Authentication Configuration
Source: https://radicale.org/v3.html
Configuration options for authenticating users via Dovecot.
```APIDOC
## Dovecot Authentication Configuration
### Description
Configuration options for authenticating users via Dovecot.
### Parameters
#### Connection Type
##### dovecot_connection_type
- **(string)** - Default: `AF_UNIX` - Connection type for dovecot authentication. One of: `AF_UNIX`, `AF_INET`, `AF_INET6`. Note: credentials are transmitted in cleartext.
#### Socket Path (for AF_UNIX)
##### dovecot_socket
- **(string)** - Default: `/var/run/dovecot/auth-client` - Path to the Dovecot client authentication socket. Radicale must have read & write access to the socket.
#### Network Connection (for AF_INET/AF_INET6)
##### dovecot_host
- **(string)** - Default: `localhost` - Host of dovecot socket exposed via network.
##### dovecot_port
- **(integer)** - Default: `12345` - Port of dovecot socket exposed via network.
### Request Example
```json
{
"dovecot_connection_type": "AF_INET",
"dovecot_host": "192.168.1.100",
"dovecot_port": 12345
}
```
### Response
#### Success Response (200)
- **(No specific response body defined for configuration updates)** - Configuration changes are typically applied on server restart or reload.
#### Response Example
(N/A)
```
--------------------------------
### LDAP Security and SSL Configuration
Source: https://radicale.org/v3.html
Configures the security protocol for the LDAP connection. 'ldap_use_ssl' is deprecated in favor of 'ldap_security'. Options include 'none', 'tls', and 'starttls'. Certificate verification modes and CA file paths are also configurable for secure connections.
```ini
; ldap_use_ssl is deprecated! Use ldap_security instead.
; Default for ldap_security: none
; Default for ldap_ssl_verify_mode: REQUIRED
; Default for ldap_ssl_ca_file: (unset)
```
--------------------------------
### LDAP Authentication Configuration
Source: https://radicale.org/v3.html
Configuration options for authenticating users via LDAP.
```APIDOC
## LDAP Authentication Configuration
### Description
Configuration options for authenticating users via LDAP.
### Parameters
#### LDAP Filter
##### ldap_filter
- **(string)** - Default: `(cn={0})` - Filter to search for the LDAP entry of the user to authenticate. It must contain '{0}' as placeholder for the login name.
#### User Attribute Mapping
##### ldap_user_attribute
- **(string)** - Default: (unset) - LDAP attribute whose value shall be used as the username after successful authentication. If set, you can use flexible logins in `ldap_filter` and still have consolidated usernames.
#### Security and SSL/TLS
##### ldap_use_ssl
- **(boolean)** - Deprecated! Use `ldap_security` instead. Use ssl on the LDAP connection.
##### ldap_security
- **(string)** - Default: `none` - Use encryption on the LDAP connection. One of: `none`, `tls`, `starttls`.
##### ldap_ssl_verify_mode
- **(string)** - Default: `REQUIRED` - Certificate verification mode for tls and starttls. One of: `NONE`, `OPTIONAL`, `REQUIRED`.
##### ldap_ssl_ca_file
- **(string)** - Default: (unset) - Path to the CA file in PEM format which is used to certify the server certificate.
#### Group Membership Configuration
##### ldap_groups_attribute
- **(string)** - Default: (unset) - LDAP attribute in the authenticated user's LDAP entry to read the group memberships from. For DN-valued attributes, the value of the RDN is used to determine the group names. Supports non-DN-valued attributes as well.
##### ldap_group_members_attribute
- **(string)** - Default: (unset) - Attribute in the group entries to read the group's members from. Used as an alternative approach to getting user groups by querying group entries.
##### ldap_group_base
- **(string)** - Default: (unset) - Base DN to search for groups. Only necessary if `ldap_group_members_attribute` is set and differs from `ldap_base`.
##### ldap_group_filter
- **(string)** - Default: (unset) - Search filter to search for groups having the user DN found as member. Restricts the groups returned.
#### Server Quirks
##### ldap_ignore_attribute_create_modify_timestamp
- **(boolean)** - Default: `False` - Quirks for Authentik LDAP server to exclude `modifyTimestamp` and `createTimestamp` from internal checks.
### Request Example
```json
{
"ldap_filter": "(&(objectclass=inetOrgPerson)(|(cn={0})(mail={0})))",
"ldap_user_attribute": "cn",
"ldap_security": "tls",
"ldap_ssl_verify_mode": "OPTIONAL",
"ldap_groups_attribute": "memberOf",
"ldap_group_members_attribute": "member",
"ldap_group_base": "ou=groups,dc=example,dc=com",
"ldap_group_filter": "(objectclass=groupOfNames)",
"ldap_ignore_attribute_create_modify_timestamp": true
}
```
### Response
#### Success Response (200)
- **(No specific response body defined for configuration updates)** - Configuration changes are typically applied on server restart or reload.
#### Response Example
(N/A)
```
--------------------------------
### Configure Nginx for Radicale Proxy
Source: https://radicale.org/v3.html
Nginx location block configuration to proxy requests to Radicale with SSL client certificate authentication.
```nginx
location /radicale/ {
proxy_pass https://localhost:5232/;
proxy_ssl_certificate /path/to/client_cert.pem;
proxy_ssl_certificate_key /path/to/client_key.pem;
}
```
--------------------------------
### Configure Nginx Proxy Header for Remote IP
Source: https://radicale.org/v3.html
When using the X-Remote-Addr header for authentication, configure Nginx to pass the remote address to Radicale. This ensures that authentication mechanisms like Dovecot receive the correct client IP address.
```nginx
proxy_set_header X-Remote-Addr $remote_addr;
```
--------------------------------
### MKCOL / Create Collection
Source: https://radicale.org/v3.html
Creates a new calendar or address book collection using the MKCOL method with an XML payload.
```APIDOC
## MKCOL /{user}/{collection}
### Description
Creates a new calendar or address book collection on the server.
### Method
MKCOL
### Endpoint
/{user}/{collection}
### Request Body
- **XML Payload** (xml) - Required - XML structure defining the resource type (calendar or addressbook) and properties.
### Request Example
curl -u user -X MKCOL 'http://localhost:5232/user/calendar' --data '
'
### Response
#### Success Response (201)
- **Status** (string) - Collection created successfully.
```
--------------------------------
### Configure Git Hook for Automatic Commits
Source: https://radicale.org/v3.html
Storage hook command to automatically commit changes to the Git repository after every storage modification.
```bash
git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
```
--------------------------------
### LDAP Quirks for Authentik Server
Source: https://radicale.org/v3.html
A specific configuration option to handle quirks with Authentik LDAP servers, which may violate RFCs. It adds 'modifyTimestamp' and 'createTimestamp' to an exclusion list for the internal ldap3 client to prevent schema attribute checks.
```ini
; Default: False
```
--------------------------------
### LDAP User Attribute for Username
Source: https://radicale.org/v3.html
Specifies the LDAP attribute whose value will be used as the username after successful authentication. This allows for flexible login methods (e.g., email) while consolidating the username. It's recommended for consistent case handling.
```ini
; Example:
; ldap_filter = "(&(objectclass=inetOrgPerson)(|(cn={0})(mail={0})))"
; ldap_user_attribute = cn
; Default: (unset, in which case the login name is directly used as the username)
```
--------------------------------
### Dovecot Authentication Connection
Source: https://radicale.org/v3.html
Configures the connection type and details for authenticating via Dovecot. Supports Unix domain sockets ('AF_UNIX') or network connections ('AF_INET', 'AF_INET6'). Note that credentials are transmitted in cleartext over the network connection.
```ini
; Default for dovecot_connection_type: AF_UNIX
; Default for dovecot_socket: /var/run/dovecot/auth-client
; Default for dovecot_host: localhost
; Default for dovecot_port: 12345
```
--------------------------------
### DELETE / Remove Collection
Source: https://radicale.org/v3.html
Deletes an existing collection from the server.
```APIDOC
## DELETE /{user}/{collection}
### Description
Removes an existing calendar or address book collection. Requires the configuration option `permit_delete_collection = True`.
### Method
DELETE
### Endpoint
/{user}/{collection}
### Request Example
curl -u user -X DELETE 'http://localhost:5232/user/calendar'
### Response
#### Success Response (204)
- **Status** (string) - Collection deleted successfully.
```
--------------------------------
### updated_event_template
Source: https://radicale.org/v3.html
Configuration for the email template used when non-attendee-related details of an event are updated. Placeholders are provided for dynamic content.
```APIDOC
## updated_event_template
### Description
Template to use for updated event email body sent to an attendee when non-attendee-related details of the event are updated. Existing attendees will NOT be notified of a modified event if the only changes are adding/removing other attendees.
### Placeholders
- **$organizer_name**: Name of the organizer, or "Unknown Organizer" if not set in event
- **$from_email**: Email address the email is sent from
- **$attendee_name**: Name of the attendee (email recipient), or "everyone" if mass email enabled.
- **$event_name**: Name/summary of the event, or "No Title" if not set in event
- **$event_start_time**: Start time of the event in ISO 8601 format
- **$event_end_time**: End time of the event in ISO 8601 format, or "No End Time" if the event has no end time
- **$event_location**: Location of the event, or "No Location Specified" if not set in event
*Providing any words prefixed with $ not included in the list above will result in an error.*
### Default Template
```
Hello $attendee_name,
The following event has been updated.
$event_title
$event_start_time - $event_end_time
$event_location
This is an automated message. Please do not reply.
```
```
--------------------------------
### Radicale Updated Event Email Template
Source: https://radicale.org/v3.html
Defines the template for email notifications sent to attendees when an event's non-attendee details are updated. It supports several placeholders for dynamic content. Ensure only listed placeholders are used to avoid errors.
```text
Hello $attendee_name,
The following event has been updated.
$event_title
$event_start_time - $event_end_time
$event_location
This is an automated message. Please do not reply.
```
--------------------------------
### Delete Collection via cURL
Source: https://radicale.org/v3.html
Deletes a collection using the DELETE HTTP method. Requires the 'permit_delete_collection' configuration option to be set to True.
```bash
curl -u user -X DELETE 'http://localhost:5232/user/calendar'
```
--------------------------------
### max_freebusy_occurrence
Source: https://radicale.org/v3.html
Limits the number of occurrences generated for a free-busy report to prevent denial-of-service attacks. Throws an HTTP error if the limit is reached.
```APIDOC
## max_freebusy_occurrence
### Description
When returning a free-busy report, a list of busy time occurrences are generated based on a given time frame. Large time frames could generate a lot of occurrences based on the time frame supplied. This setting limits the lookup to prevent potential denial of service attacks on large time frames. If the limit is reached, an HTTP error is thrown instead of returning the results.
### Default Value
`10000`
```
--------------------------------
### LDAP User Authentication Filter
Source: https://radicale.org/v3.html
Defines the LDAP filter used to search for the user entry during authentication. It must include '{0}' as a placeholder for the login name. This setting is crucial for correctly identifying users in your LDAP directory.
```ini
; Default: (cn={0})
```
--------------------------------
### LDAP Group Membership Attributes
Source: https://radicale.org/v3.html
Defines how user group memberships are retrieved from LDAP. 'ldap_groups_attribute' reads groups directly from the user's entry, while 'ldap_group_members_attribute', 'ldap_group_base', and 'ldap_group_filter' allow searching group entries for user membership. This is used for access control and group calendar integration.
```ini
; Example for ldap_groups_attribute: memberOf (Active Directory)
; Example for ldap_group_members_attribute: member (groupOfNames)
; Default for ldap_groups_attribute: (unset)
; Default for ldap_group_members_attribute: (unset)
; Default for ldap_group_base: (unset, in which case ldap_base is used as fallback)
; Default for ldap_group_filter: (unset)
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.