### Install and Configure Radicale Plugin Source: https://radicale.org/v3.html Commands to install the plugin and the configuration snippet to enable it within the Radicale server. ```bash python3 -m pip install . ``` ```ini [auth] type = radicale_static_password_auth password = secret ``` ```bash python3 -m pip uninstall radicale_static_password_auth ``` -------------------------------- ### Radicale Configuration File Example Source: https://radicale.org/v3.html This is an example of a Radicale configuration file, showing settings for server binding, authentication, and storage. It demonstrates how to specify network interfaces, authentication methods, and storage locations. ```ini [server] hosts = 0.0.0.0:5232, [::]:5232 [auth] type = htpasswd htpasswd_filename = ~/.config/radicale/users htpasswd_encryption = autodetect [storage] fss_filesystem_folder = ~/.var/lib/radicale/collections ``` -------------------------------- ### Create Python Plugin Setup Script Source: https://radicale.org/v3.html Defines the setup.py configuration required to package a custom Radicale authentication plugin using Distutils. ```python #!/usr/bin/env python3 from distutils.core import setup setup(name="radicale_static_password_auth", packages=["radicale_static_password_auth"]) ``` -------------------------------- ### Run Radicale Server Source: https://radicale.org/v3.html Commands to start the Radicale server with a specified storage folder and no authentication for testing. ```bash python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/collections --auth-type none ``` ```bash python3 -m radicale --storage-filesystem-folder=/var/lib/radicale/collections --auth-type none ``` ```bash python -m radicale --storage-filesystem-folder=~/radicale/collections --auth-type none ``` -------------------------------- ### Running Radicale with Command-Line Arguments Source: https://radicale.org/v3.html This example shows how to run Radicale directly from the command line using various arguments to configure server settings, authentication, and logging. It's an alternative to using a configuration file. ```bash python3 -m radicale --server-hosts 0.0.0.0:5232,[::]:5232 \ --auth-type htpasswd --auth-htpasswd-filename ~/.config/radicale/users \ --auth-htpasswd-encryption autodetect ``` -------------------------------- ### Deploy Radicale with WSGI Servers Source: https://radicale.org/v3.html Examples for running Radicale using uWSGI and Gunicorn application servers. ```ini [uwsgi] http-socket = 127.0.0.1:5232 processes = 8 plugin = python3 module = radicale env = RADICALE_CONFIG=/etc/radicale/config ``` ```bash gunicorn --bind '127.0.0.1:5232' --env 'RADICALE_CONFIG=/etc/radicale/config' --workers 8 radicale ``` -------------------------------- ### Configure Virtual Environment Source: https://radicale.org/v3.html Steps to create and activate a Python virtual environment to avoid externally-managed-environment errors during installation. ```bash python3 -m venv ~/venv source ~/venv/bin/activate ``` -------------------------------- ### Configuring Radicale via Environment Variables and Startup Scripts Source: https://radicale.org/v3.html These examples demonstrate how to use environment variables in shell scripts to pass configuration options to Radicale. It shows different methods for defining and using these variables, including simple strings and arrays. ```bash ## simple variable containing multiple options RADICALE_OPTIONS="--logging-level=debug --config=/etc/radicale/config --logging-request-header-on-debug --logging-rights-rule-doesnt-match-on-debug" /usr/bin/radicale $RADICALE_OPTIONS ``` ```bash ## variable as array method #1 RADICALE_OPTIONS= ("--logging-level=debug" "--config=/etc/radicale/config" "--logging-request-header-on-debug" "--logging-rights-rule-doesnt-match-on-debug") /usr/bin/radicale ${RADICALE_OPTIONS[@]} ``` ```bash ## variable as array method #2 RADICALE_OPTIONS=() RADICALE_OPTIONS+=("--logging-level=debug") RADICALE_OPTIONS+=("--config=/etc/radicale/config") /usr/bin/radicale ${RADICALE_OPTIONS[@]} ``` -------------------------------- ### Install Radicale via Pip Source: https://radicale.org/v3.html Commands to install the latest version of Radicale from the GitHub master branch using Python's pip package manager. ```bash python3 -m pip install --user --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz ``` ```bash python -m pip install --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz ``` -------------------------------- ### Define Access Rights Configuration Source: https://radicale.org/v3.html Example configuration for the Radicale rights file. Uses regex patterns to match users and collections, assigning specific permissions like R (read) or W (write). ```ini # Allow reading root collection for authenticated users [root] user: .+ collection: permissions: R # Allow reading and writing principal collection (same as username) [principal] user: .+ collection: {user} permissions: RW # Allow reading and writing calendars and address books that are direct # children of the principal collection [calendars] user: .+ collection: {user}/[^/]+ permissions: rw ``` -------------------------------- ### Configure Reverse Proxy for Radicale Source: https://radicale.org/v3.html Examples for configuring web servers to proxy requests to Radicale at a sub-path. These configurations ensure the X-Script-Name header is set correctly for proper URL routing. ```nginx location /radicale/ { proxy_pass http://localhost:5232; proxy_set_header X-Script-Name /radicale; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_pass_header Authorization; } ``` ```caddy handle_path /radicale/* { uri strip_prefix /radicale reverse_proxy localhost:5232 { } } ``` ```apache RewriteEngine On RewriteRule ^/radicale$ /radicale/ [R,L] ProxyPass http://localhost:5232/ retry=0 ProxyPassReverse http://localhost:5232/ RequestHeader set X-Script-Name /radicale RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s" RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME} = 2.4.40> Proxy100Continue Off ``` ```apache DirectoryIndex disabled RewriteEngine On RewriteRule ^(.*)$ http://localhost:5232/$1 [P,L] # Set to directory of .htaccess file: RequestHeader set X-Script-Name /radicale RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s" RequestHeader unset X-Forwarded-Proto RequestHeader set X-Forwarded-Proto "https" ``` ```lighttpd server.modules += ( "mod_proxy" , "mod_setenv" ) $HTTP["url"] =~ "^/radicale/" { proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "5232" )) ) setenv.add-request-header = ( "X-Script-Name" => "/radicale" ) } ``` -------------------------------- ### Define Predefined User Collections Source: https://radicale.org/v3.html Example JSON structure for defining default user collections such as address books and calendars within the Radicale configuration. ```json { "def-addressbook": { "D:displayname": "Personal Address Book", "tag": "VADDRESSBOOK" }, "def-calendar": { "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO", "D:displayname": "Personal Calendar", "tag": "VCALENDAR" } } ``` -------------------------------- ### Initialize Git Versioning for Collections Source: https://radicale.org/v3.html Commands to initialize a Git repository in the Radicale collections directory and configure ignore patterns. ```bash su -l -s /bin/bash radicale cd /var/lib/radicale/collections git init git config user.name "$USER" git config user.email "$USER@$HOSTNAME" cat <<'END' >.gitignore .Radicale.cache .Radicale.lock .Radicale.tmp-* END ``` -------------------------------- ### Implement Custom Authentication Plugin Source: https://radicale.org/v3.html Demonstrates how to extend the BaseAuth class to create a static password authentication plugin for Radicale. ```python from radicale.auth import BaseAuth from radicale.log import logger PLUGIN_CONFIG_SCHEMA = {"auth": { "password": {"value": "", "type": str}}} class Auth(BaseAuth): def __init__(self, configuration): super().__init__(configuration.copy(PLUGIN_CONFIG_SCHEMA)) def _login(self, login, password): # Get password from configuration option static_password = self.configuration.get("auth", "password") # Check authentication logger.info("Login attempt by %r with password %r", login, password) if password == static_password: return login return "" ``` -------------------------------- ### Configure Server Limits and Timeouts Source: https://radicale.org/v3.html Settings to manage server performance, including maximum concurrent connections, file size limits, and authentication delay settings. ```ini [server] max_connections = 20 max_content_length = 100000000 timeout = 30 [auth] delay = 1 ``` -------------------------------- ### Configure Server Network Binding Source: https://radicale.org/v3.html Settings to allow Radicale to listen on all network interfaces for both IPv4 and IPv6 addresses. ```ini [server] hosts = 0.0.0.0:5232, [::]:5232 ``` -------------------------------- ### Configure Radicale SSL Settings Source: https://radicale.org/v3.html INI-style configuration for enabling SSL in Radicale, including paths to certificates and certificate authorities. ```ini [server] ssl = True certificate = /path/to/server_cert.pem key = /path/to/server_key.pem certificate_authority = /path/to/client_cert.pem ``` -------------------------------- ### Manage Users with htpasswd Source: https://radicale.org/v3.html Commands to create and manage a password file for Radicale authentication using the htpasswd utility with SHA-512 encryption. ```bash # Create a new htpasswd file with the user "user1" using SHA-512 as hash method $ htpasswd -5 -c /path/to/users user1 # Add another user $ htpasswd -5 /path/to/users user2 ``` -------------------------------- ### Locking Radicale Storage with flock Source: https://radicale.org/v3.html Demonstrates how to acquire exclusive or shared locks on the Radicale storage directory using the Linux flock utility to prevent data corruption during manual access. ```bash # Exclusive lock for COMMAND flock --exclusive /path/to/storage/.Radicale.lock COMMAND # Shared lock for COMMAND flock --shared /path/to/storage/.Radicale.lock COMMAND ``` -------------------------------- ### Set Storage Directory Source: https://radicale.org/v3.html Configuration to define the filesystem path where Radicale stores calendar and contact data. ```ini [storage] filesystem_folder = /path/to/storage ``` -------------------------------- ### Configure htpasswd Authentication Source: https://radicale.org/v3.html Configuration settings to enable htpasswd-based authentication in Radicale, supporting both secure and plain text storage methods. ```ini [auth] type = htpasswd htpasswd_filename = /path/to/users htpasswd_encryption = autodetect ``` ```ini [auth] type = htpasswd htpasswd_filename = /path/to/users htpasswd_encryption = plain ``` -------------------------------- ### Defining Collection Types via .Radicale.props Source: https://radicale.org/v3.html Shows the JSON content required in the .Radicale.props file to define a folder as either a calendar or an address book within the Radicale storage structure. ```json {"tag": "VCALENDAR"} ``` ```json {"tag": "VADDRESSBOOK"} ``` -------------------------------- ### Define Plain Text User Credentials Source: https://radicale.org/v3.html Format for a simple, insecure user credentials file where each line contains a username and password separated by a colon. ```text user1:password1 user2:password2 ``` -------------------------------- ### Create Address Book via cURL Source: https://radicale.org/v3.html Uses the MKCOL method to create a new CardDAV address book collection. The request body must specify the addressbook resource type. ```bash curl -u user -X MKCOL 'http://localhost:5232/user/addressbook' --data \ ' Address book Example address book ' ``` -------------------------------- ### Create Calendar via cURL Source: https://radicale.org/v3.html Uses the MKCOL method to create a new CalDAV calendar collection. Requires authentication and a properly formatted XML body defining the calendar resource type and properties. ```bash curl -u user -X MKCOL 'http://localhost:5232/user/calendar' --data \ ' Calendar Example calendar #ff0000ff ' ``` -------------------------------- ### Generate SSL Certificates for Radicale and Proxy Source: https://radicale.org/v3.html Uses OpenSSL to generate self-signed RSA certificates for secure communication between the Radicale server and a reverse proxy. ```bash openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -nodes -days 9999 openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -nodes -days 9999 ``` -------------------------------- ### Configure External Authentication via Reverse Proxy Source: https://radicale.org/v3.html Configurations for delegating authentication to the web server using the http_x_remote_user method. This requires passing the authenticated username to Radicale via the X-Remote-User header. ```nginx location /radicale/ { proxy_pass http://localhost:5232/; proxy_set_header X-Script-Name /radicale; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Remote-User $remote_user; proxy_set_header Host $http_host; auth_basic "Radicale - Password Required"; auth_basic_user_file /etc/nginx/htpasswd; } ``` ```caddy handle_path /radicale/* { uri strip_prefix /radicale basicauth { USER HASH } reverse_proxy localhost:5232 { header_up X-Script-Name /radicale header_up X-remote-user {http.auth.user.id} } } ``` ```apache RewriteEngine On RewriteRule ^/radicale$ /radicale/ [R,L] AuthType Basic AuthName "Radicale - Password Required" AuthUserFile "/etc/radicale/htpasswd" Require valid-user ProxyPass http://localhost:5232/ retry=0 ProxyPassReverse http://localhost:5232/ = 2.4.40> Proxy100Continue Off RequestHeader set X-Script-Name /radicale RequestHeader set X-Remote-User expr=%{REMOTE_USER} ``` ```apache DirectoryIndex disabled RewriteEngine On RewriteRule ^(.*)$ http://localhost:5232/$1 [P,L] AuthType Basic AuthName "Radicale - Password Required" AuthUserFile "/etc/radicale/htpasswd" Require valid-user # Set to directory of .htaccess file: RequestHeader set X-Script-Name /radicale RequestHeader set X-Remote-User expr=%{REMOTE_USER} ``` -------------------------------- ### Dovecot Authentication Configuration Source: https://radicale.org/v3.html Configuration options for authenticating users via Dovecot. ```APIDOC ## Dovecot Authentication Configuration ### Description Configuration options for authenticating users via Dovecot. ### Parameters #### Connection Type ##### dovecot_connection_type - **(string)** - Default: `AF_UNIX` - Connection type for dovecot authentication. One of: `AF_UNIX`, `AF_INET`, `AF_INET6`. Note: credentials are transmitted in cleartext. #### Socket Path (for AF_UNIX) ##### dovecot_socket - **(string)** - Default: `/var/run/dovecot/auth-client` - Path to the Dovecot client authentication socket. Radicale must have read & write access to the socket. #### Network Connection (for AF_INET/AF_INET6) ##### dovecot_host - **(string)** - Default: `localhost` - Host of dovecot socket exposed via network. ##### dovecot_port - **(integer)** - Default: `12345` - Port of dovecot socket exposed via network. ### Request Example ```json { "dovecot_connection_type": "AF_INET", "dovecot_host": "192.168.1.100", "dovecot_port": 12345 } ``` ### Response #### Success Response (200) - **(No specific response body defined for configuration updates)** - Configuration changes are typically applied on server restart or reload. #### Response Example (N/A) ``` -------------------------------- ### LDAP Security and SSL Configuration Source: https://radicale.org/v3.html Configures the security protocol for the LDAP connection. 'ldap_use_ssl' is deprecated in favor of 'ldap_security'. Options include 'none', 'tls', and 'starttls'. Certificate verification modes and CA file paths are also configurable for secure connections. ```ini ; ldap_use_ssl is deprecated! Use ldap_security instead. ; Default for ldap_security: none ; Default for ldap_ssl_verify_mode: REQUIRED ; Default for ldap_ssl_ca_file: (unset) ``` -------------------------------- ### LDAP Authentication Configuration Source: https://radicale.org/v3.html Configuration options for authenticating users via LDAP. ```APIDOC ## LDAP Authentication Configuration ### Description Configuration options for authenticating users via LDAP. ### Parameters #### LDAP Filter ##### ldap_filter - **(string)** - Default: `(cn={0})` - Filter to search for the LDAP entry of the user to authenticate. It must contain '{0}' as placeholder for the login name. #### User Attribute Mapping ##### ldap_user_attribute - **(string)** - Default: (unset) - LDAP attribute whose value shall be used as the username after successful authentication. If set, you can use flexible logins in `ldap_filter` and still have consolidated usernames. #### Security and SSL/TLS ##### ldap_use_ssl - **(boolean)** - Deprecated! Use `ldap_security` instead. Use ssl on the LDAP connection. ##### ldap_security - **(string)** - Default: `none` - Use encryption on the LDAP connection. One of: `none`, `tls`, `starttls`. ##### ldap_ssl_verify_mode - **(string)** - Default: `REQUIRED` - Certificate verification mode for tls and starttls. One of: `NONE`, `OPTIONAL`, `REQUIRED`. ##### ldap_ssl_ca_file - **(string)** - Default: (unset) - Path to the CA file in PEM format which is used to certify the server certificate. #### Group Membership Configuration ##### ldap_groups_attribute - **(string)** - Default: (unset) - LDAP attribute in the authenticated user's LDAP entry to read the group memberships from. For DN-valued attributes, the value of the RDN is used to determine the group names. Supports non-DN-valued attributes as well. ##### ldap_group_members_attribute - **(string)** - Default: (unset) - Attribute in the group entries to read the group's members from. Used as an alternative approach to getting user groups by querying group entries. ##### ldap_group_base - **(string)** - Default: (unset) - Base DN to search for groups. Only necessary if `ldap_group_members_attribute` is set and differs from `ldap_base`. ##### ldap_group_filter - **(string)** - Default: (unset) - Search filter to search for groups having the user DN found as member. Restricts the groups returned. #### Server Quirks ##### ldap_ignore_attribute_create_modify_timestamp - **(boolean)** - Default: `False` - Quirks for Authentik LDAP server to exclude `modifyTimestamp` and `createTimestamp` from internal checks. ### Request Example ```json { "ldap_filter": "(&(objectclass=inetOrgPerson)(|(cn={0})(mail={0})))", "ldap_user_attribute": "cn", "ldap_security": "tls", "ldap_ssl_verify_mode": "OPTIONAL", "ldap_groups_attribute": "memberOf", "ldap_group_members_attribute": "member", "ldap_group_base": "ou=groups,dc=example,dc=com", "ldap_group_filter": "(objectclass=groupOfNames)", "ldap_ignore_attribute_create_modify_timestamp": true } ``` ### Response #### Success Response (200) - **(No specific response body defined for configuration updates)** - Configuration changes are typically applied on server restart or reload. #### Response Example (N/A) ``` -------------------------------- ### Configure Nginx for Radicale Proxy Source: https://radicale.org/v3.html Nginx location block configuration to proxy requests to Radicale with SSL client certificate authentication. ```nginx location /radicale/ { proxy_pass https://localhost:5232/; proxy_ssl_certificate /path/to/client_cert.pem; proxy_ssl_certificate_key /path/to/client_key.pem; } ``` -------------------------------- ### Configure Nginx Proxy Header for Remote IP Source: https://radicale.org/v3.html When using the X-Remote-Addr header for authentication, configure Nginx to pass the remote address to Radicale. This ensures that authentication mechanisms like Dovecot receive the correct client IP address. ```nginx proxy_set_header X-Remote-Addr $remote_addr; ``` -------------------------------- ### MKCOL / Create Collection Source: https://radicale.org/v3.html Creates a new calendar or address book collection using the MKCOL method with an XML payload. ```APIDOC ## MKCOL /{user}/{collection} ### Description Creates a new calendar or address book collection on the server. ### Method MKCOL ### Endpoint /{user}/{collection} ### Request Body - **XML Payload** (xml) - Required - XML structure defining the resource type (calendar or addressbook) and properties. ### Request Example curl -u user -X MKCOL 'http://localhost:5232/user/calendar' --data ' ' ### Response #### Success Response (201) - **Status** (string) - Collection created successfully. ``` -------------------------------- ### Configure Git Hook for Automatic Commits Source: https://radicale.org/v3.html Storage hook command to automatically commit changes to the Git repository after every storage modification. ```bash git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"") ``` -------------------------------- ### LDAP Quirks for Authentik Server Source: https://radicale.org/v3.html A specific configuration option to handle quirks with Authentik LDAP servers, which may violate RFCs. It adds 'modifyTimestamp' and 'createTimestamp' to an exclusion list for the internal ldap3 client to prevent schema attribute checks. ```ini ; Default: False ``` -------------------------------- ### LDAP User Attribute for Username Source: https://radicale.org/v3.html Specifies the LDAP attribute whose value will be used as the username after successful authentication. This allows for flexible login methods (e.g., email) while consolidating the username. It's recommended for consistent case handling. ```ini ; Example: ; ldap_filter = "(&(objectclass=inetOrgPerson)(|(cn={0})(mail={0})))" ; ldap_user_attribute = cn ; Default: (unset, in which case the login name is directly used as the username) ``` -------------------------------- ### Dovecot Authentication Connection Source: https://radicale.org/v3.html Configures the connection type and details for authenticating via Dovecot. Supports Unix domain sockets ('AF_UNIX') or network connections ('AF_INET', 'AF_INET6'). Note that credentials are transmitted in cleartext over the network connection. ```ini ; Default for dovecot_connection_type: AF_UNIX ; Default for dovecot_socket: /var/run/dovecot/auth-client ; Default for dovecot_host: localhost ; Default for dovecot_port: 12345 ``` -------------------------------- ### DELETE / Remove Collection Source: https://radicale.org/v3.html Deletes an existing collection from the server. ```APIDOC ## DELETE /{user}/{collection} ### Description Removes an existing calendar or address book collection. Requires the configuration option `permit_delete_collection = True`. ### Method DELETE ### Endpoint /{user}/{collection} ### Request Example curl -u user -X DELETE 'http://localhost:5232/user/calendar' ### Response #### Success Response (204) - **Status** (string) - Collection deleted successfully. ``` -------------------------------- ### updated_event_template Source: https://radicale.org/v3.html Configuration for the email template used when non-attendee-related details of an event are updated. Placeholders are provided for dynamic content. ```APIDOC ## updated_event_template ### Description Template to use for updated event email body sent to an attendee when non-attendee-related details of the event are updated. Existing attendees will NOT be notified of a modified event if the only changes are adding/removing other attendees. ### Placeholders - **$organizer_name**: Name of the organizer, or "Unknown Organizer" if not set in event - **$from_email**: Email address the email is sent from - **$attendee_name**: Name of the attendee (email recipient), or "everyone" if mass email enabled. - **$event_name**: Name/summary of the event, or "No Title" if not set in event - **$event_start_time**: Start time of the event in ISO 8601 format - **$event_end_time**: End time of the event in ISO 8601 format, or "No End Time" if the event has no end time - **$event_location**: Location of the event, or "No Location Specified" if not set in event *Providing any words prefixed with $ not included in the list above will result in an error.* ### Default Template ``` Hello $attendee_name, The following event has been updated. $event_title $event_start_time - $event_end_time $event_location This is an automated message. Please do not reply. ``` ``` -------------------------------- ### Radicale Updated Event Email Template Source: https://radicale.org/v3.html Defines the template for email notifications sent to attendees when an event's non-attendee details are updated. It supports several placeholders for dynamic content. Ensure only listed placeholders are used to avoid errors. ```text Hello $attendee_name, The following event has been updated. $event_title $event_start_time - $event_end_time $event_location This is an automated message. Please do not reply. ``` -------------------------------- ### Delete Collection via cURL Source: https://radicale.org/v3.html Deletes a collection using the DELETE HTTP method. Requires the 'permit_delete_collection' configuration option to be set to True. ```bash curl -u user -X DELETE 'http://localhost:5232/user/calendar' ``` -------------------------------- ### max_freebusy_occurrence Source: https://radicale.org/v3.html Limits the number of occurrences generated for a free-busy report to prevent denial-of-service attacks. Throws an HTTP error if the limit is reached. ```APIDOC ## max_freebusy_occurrence ### Description When returning a free-busy report, a list of busy time occurrences are generated based on a given time frame. Large time frames could generate a lot of occurrences based on the time frame supplied. This setting limits the lookup to prevent potential denial of service attacks on large time frames. If the limit is reached, an HTTP error is thrown instead of returning the results. ### Default Value `10000` ``` -------------------------------- ### LDAP User Authentication Filter Source: https://radicale.org/v3.html Defines the LDAP filter used to search for the user entry during authentication. It must include '{0}' as a placeholder for the login name. This setting is crucial for correctly identifying users in your LDAP directory. ```ini ; Default: (cn={0}) ``` -------------------------------- ### LDAP Group Membership Attributes Source: https://radicale.org/v3.html Defines how user group memberships are retrieved from LDAP. 'ldap_groups_attribute' reads groups directly from the user's entry, while 'ldap_group_members_attribute', 'ldap_group_base', and 'ldap_group_filter' allow searching group entries for user membership. This is used for access control and group calendar integration. ```ini ; Example for ldap_groups_attribute: memberOf (Active Directory) ; Example for ldap_group_members_attribute: member (groupOfNames) ; Default for ldap_groups_attribute: (unset) ; Default for ldap_group_members_attribute: (unset) ; Default for ldap_group_base: (unset, in which case ldap_base is used as fallback) ; Default for ldap_group_filter: (unset) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.