CalDAV and CardDAV server with LDAP/AD authentication
What can I do with this? This image will run Radicale with an additional LDAP/AD authentication plugin. You can use this image to store or share calendars or address books, or both. Create fine grained ACL via the rights config, where you can give certain people read-only access to objects in your shared address books or calendars.
- /radicale/etc - Directory of default.conf
- /radicale/var - Directory of all calendars, adressbooks and all other objects
- /radicale/ssl - Directory of ssl certificates for TLS
docker run --name radicale \
-v .../etc:/radicale/etc \
-v .../var:/radicale/var \
-d 11notes/radicale:[tag][server]
ssl = True
hosts = 0.0.0.0:5232
max_connections = 1024
max_content_length = 52428800
certificate = /radicale/ssl/cert.pem
key = /radicale/ssl/key.pem
[storage]
type = multifilesystem_nolock
filesystem_folder = /radicale/var
[auth]
type = htpasswd
htpasswd_filename = /radicale/etc/users
htpasswd_encryption = bcrypt
[rights]
type = from_file
file = /radicale/etc/rights[server]
ssl = True
hosts = 0.0.0.0:5232
max_connections = 1024
max_content_length = 52428800
certificate = /radicale/ssl/cert.pem
key = /radicale/ssl/key.pem
[storage]
type = multifilesystem_nolock
filesystem_folder = /radicale/var
[auth]
type = radicale_auth_ldap
ldap_url = ldaps://domain.com:636
ldap_base = DC=domain,DC=com
ldap_attribute = userPrincipalName
ldap_filter = (objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Radicale Users,DC=domain,DC=com)
ldap_binddn = CN=ldap.radicale,DC=domain,DC=com
ldap_password = *************
[rights]
type = from_file
file = /radicale/etc/rights| Parameter | Value | Description |
|---|---|---|
user |
docker | user docker |
uid |
1000 | user id 1000 |
gid |
1000 | group id 1000 |
home |
/radicale | home directory of user docker |
config |
/radicale/etc/default.yaml | config |
rights |
/radicale/etc/rights | ACL |
users |
/radicale/etc/users | users for bcrypt authentication |
users:admin |
password for admin user (demo) | 1234 |
| Parameter | Value | Default |
|---|---|---|
TZ |
Time Zone | |
DEBUG |
Show debug information |
- Only use rootless container runtime (podman, rootless docker)
- Allow non-root ports < 1024 via
echo "net.ipv4.ip_unprivileged_port_start=53" > /etc/sysctl.d/ports.conf - Use a reverse proxy like Traefik, Nginx to terminate TLS with a valid certificate
- Use Let’s Encrypt certificates to protect your SSL endpoints
This image is provided to you at your own risk. Always make backups before updating an image to a new version. Check the changelog for breaking changes.