Can't authenticate to my calendar with Apache and WSGI

[jocelynthode]

Hey,

I'm trying to use Radicale on my server. I'm using Apache with WSGI and SSL/TLS to access my calendars. I must have messed something up in my config files, because I can't seem to be able to access them.

apache log :

[Tue Oct 14 23:45:42.364689 2014] [authz_core:error] [pid 16655:tid 3036673072] [client x.x.x.x.x:36540] AH01630: client denied by server configuration: /usr/share/radicale/radicale.wsgi

radicale.wsgi

"""
Radicale WSGI file (mod_wsgi and uWSGI compliant).

"""

import radicale

radicale.log.start()
application = radicale.Application()

radicale config file

[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
# IPv6 adresses are configured to only allow IPv6 connections
hosts = 0.0.0.0:5232
# Daemon flag
daemon = False
# File storing the PID in daemon mode
pid =
# SSL flag, enable HTTPS protocol
ssl = False
# SSL certificate path
certificate = /etc/apache2/ssl/server.crt
# SSL private key
key = /etc/apache2/ssl/server.key
# SSL Protocol used. See python's ssl module for available values
protocol = PROTOCOL_SSLv23
# Ciphers available. See python's ssl module for available ciphers
ciphers =
# Reverse DNS to resolve client address in logs
dns_lookup = True
# Root URL of Radicale (starting and ending with a slash)
base_prefix = /
# Possibility to allow URLs cleaned by a HTTP server, without the base_prefix
can_skip_base_prefix = False
# Message displayed in the client when a password is needed
realm = Radicale - Password Required

[encoding]
# Encoding for responding requests
request = utf-8
# Encoding for storing local collections
stock = utf-8

[auth]
# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
type = None

# Custom authentication handler
custom_handler =

# Htpasswd filename
htpasswd_filename = /usr/share/radicale/radicale.passwd
# Htpasswd encryption method
# Value: plain | sha1 | crypt
htpasswd_encryption = crypt

# LDAP server URL, with protocol and port
ldap_url = ldap://localhost:389/
# LDAP base path
ldap_base = ou=users,dc=example,dc=com
# LDAP login attribute
ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
# leave empty if no additional filter is needed
ldap_filter =
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
ldap_binddn =
# LDAP password for initial login, used with ldap_binddn
ldap_password =
# LDAP scope of the search
ldap_scope = OneLevel

# IMAP Configuration
imap_hostname = localhost
imap_port = 143
imap_ssl = False

# PAM group user should be member of
pam_group_membership =

# Path to the Courier Authdaemon socket
courier_socket =

# HTTP authentication request URL endpoint
http_url =
# POST parameter to use for username
http_user_parameter =
# POST parameter to use for password
http_password_parameter =

[git]
# Git default options
committer = Radicale <radicale@example.com>

[rights]
# Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom
type = None

# Custom rights handler
custom_handler =

# File for rights management from_file
file = ~/.config/radicale/rights

[storage]
# Storage backend
# Value: filesystem | multifilesystem | database | custom
type = filesystem

# Custom storage handler
custom_handler =

# Folder for storing local collections, created if not present
filesystem_folder = ~/.config/radicale/collections

# Database URL for SQLAlchemy
# dialect+driver://user:password@host/dbname[?key=value..]
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
database_url =

[logging]
# Logging configuration file
# If no config is given, simple information is printed on the standard output
# For more information about the syntax of the configuration file, see:
# http://docs.python.org/library/logging.config.html
config = /etc/radicale/logging
# Set the default logging level to debug
debug = False
# Store all environment variables (including those set in the shell)
full_environment = False

# Additional HTTP headers
#[headers]

apache vhost :

<VirtualHost *:443>
    ServerName cal.x.x

    ErrorLog /var/log/httpd/cal-x-x.error.log
    CustomLog /var/log/httpd/cal-x-x.access.log combined

    WSGIDaemonProcess radicale user=radicale group=radicale threads=1
    WSGIScriptAlias / /usr/share/radicale/radicale.wsgi

     SSLEngine On
     SSLCertificateFile /usr/local/ssl/certs/server.crt
     SSLCertificateKeyFile /usr/local/ssl/private/server.key    

    <Directory /var/lib/radicale/>
        WSGIProcessGroup radicale
        WSGIApplicationGroup %{GLOBAL}

        AuthType Basic
        AuthName "Radicale Authentication"
        AuthBasicProvider file
        AuthUserFile /usr/share/radicale/radicale.passwd
        Require valid-user

    Require all granted
        AllowOverride None
        Order allow,deny
        allow from all

        RewriteEngine On
        RewriteCond %{REMOTE_USER}%{PATH_INFO} !^([^/]+/)\1
        RewriteRule .* - [Forbidden]
    </Directory>
</VirtualHost>

Any help would be greatly appreciated, as I have no idea what to do with this error.

[hadogenes]

I think the problem is [rights] type = None

change it to e.g. type = owner_write

and it should work

[jocelynthode]

I just tried with owner_write, from_file and authenticated but it didn't fix it. Just to be sure in evolution, I give "https://cal.x.x/x/calendar.ics" as an url and I specifiy "x" as a user Is this correct ? and when using firefox to access said adress I get nothing asking me to authenticate myself, just an error 403 - Access Forbidden.

I'm sure I must be missing something.

[liZe]

Is this issue fixed now?

[liZe]

It probably is.