Access your Thunderbird address books and calendars from anywhere
July 8, 2009,
WebDAV is an excellent light weight storage facility for the Thunderbird mail client. With a few choice extensions it can be turned into a personal information manager with globally accessible data sources for calendars and address books.
Over here at Loco we provide our customers with a variation of mail access. While we provide POP3 (plain and over SSL), we always recommend that they use IMAP, preferrably over SSL, since that allows people to access their mail from any location. To be honest, we also prefer IMAP since it makes backing up mail easier for us. Email access covers a large part of their electronic communication, but in order to be really effective, these users also need access to their calendars and address books. Now there are numerous solutions to providing full email, calendaring and directory access to users, but most of these are targeted at large user groups. We found that WebDAV provides a very stable and secure storage facility that can be used by Thunderbird addons to provide access to (shared) calendars and address books. Due to the simple setup, this approach is very well suited to smaller companies and organisations that don't have the budget for the full commercial grade song and dance. Here's how we set it up.
On the system side, all you need is a webserver setup that supports access over WebDAV. Set up HTTP Basic Authentication with users and possibly groups on the WebDAV volumes. Any systems administrator worth her or his salt can have this running with little effort. To reiterate a point that we think is important, use SSL for your WebDAV storage. Otherwize both the authentication credentials and all data are transmitted in plain text.
By itself, Thunderbird is a very capable mail client, available for (almost) all desktop operating systems out there. But add a few choice extensions, and it becomes a fully networked personal information manager. The focus here is that we want access to our calendars and address books from any location, provided we're connected with the internet. You can set that up with the following addons.
Addressbooks synchronizer is a very useful tool to, well, synchronize your address books with files in remote storage. Strictly speaking it doesn't really synchronize, but exchanges entire address books, but that will do nicely for most applications. Cleverly enough, it allows you to store address books in IMAP folders, but that is really only an option if you don't need to share your address books. We're setting it up with remote storage based on WebDAV over SSL for maximum security and flexibility. Before you start configuring Addressbooks Synchronizer, make sure you actually have address books. So select Tools>Address Book, and create an address book if you don't already have one, or if you want to experiment a little before committing yourself. Now go to Tools>Add-ons, select Addressbooks Synchronizer, and access the preferences. It presents you with a list of all your address books, from which you select the ones that should be synchronized with a version in remote storage. Select the 'Remote' tab, check the 'Synchronize with remote files' option, and enter the properties of your WebDAV storage. The path below the input fields lets you check if all data are entered correctly. Hint: the name of the address book file is based on the name of the address book you're synchronizing. If you don't already have a remote address book, use 'Upload now' to create it. Otherwize, select 'Download now' to copy the remote data to your local system. Select whether you want to download the address books at startup and/or upload them at shutdown, and you're basically set. If you feel a little adventurous, you might want to experiment a little with the other settings.
Lightning is one of the products of the Mozilla Calendar Project, and provides you with a very complete calendar add-on for your mail client. It allows you to maintain multiple calendars, which you can also store remotely. To set up a remote calendar, create a new calendar, and select 'On the Network'. As the format, select iCalendar (ICS), and in the location enter the complete URL of the calendar on your WebDAV share. Finish the rest of the creation wizard, and if the ICS file already exists, your appointments will be loaded. If it doesn't yet exist, it will be created as soon as you start adding appointments to the calendar. That's all there is to it.
It is also very useful to be able to share some of these resources with other people, for example with your coworkers. The addons described above do not directly discriminate between shared and private resources, so we need to work around that by extending our authentication setup. HTTP Basic Authentication allows you to create groups, and you can use this by creating directories on your WebDAV volume that allow access based on group verification, rather than checking for a valid user. The part of your Apache configuration for a group directory might look like this:
<Directory /path/to/dav/domain/groupdir> Dav On AuthUserFile /path/to/authusersfile AuthGroupFile /path/to/authgroupsfile AuthName "Experimental DAV facility" AuthType Basic <LimitExcept OPTIONS> Require group somegroup </LimitExcept> </Directory>
Compared to the WebDAV article we've added a directive to our group file, and restricted access to members of the specified group. This already implies that the user is a valid authenticated user. Private resources can also be stored in separate directories, but with an even more strict access requirement:
<Directory /path/to/dav/domain/userdir> ... <LimitExcept OPTIONS> Require user someuser </LimitExcept> </Directory>
There is one caveat for the use of shared resources as described here. Address books and calendars are exchanged as entire files, so it is prudent to restrict write access to your calendars and addressbooks to specific users, and provide all other users with readonly access. In both Addressbooks Synchronizer and Lightning there are options to flag resources as readonly, which should prevent the addons from trying to write to the remote files.