0

I've created a rather large Business Intelligence System over the years. It already offers vCard export of customers and contacts. But this of course is a tedious process, where each employee has to manually import the vCard file on their phones.

So I was reading about CardDAV and thought this might be a better solution. However, all I really need is to be able to provide a read-only source for contacts. It should not be possible for anyone to make changes to the contacts (well, except temporarily in their own phonebook - until next synchronization happens). And all other functionality isn't interesting either. I only need the "synchronize contacts from BI to phones" part.

I was hoping it would be simple. Something along the lines of just using the url to the vCard generated file (or PHP file that generates it). But I can see this question has been asked a few times before, and no one has given any answers, so I guess it's not as simple as that.

Can anyone share some light on this? Is it possible to just provide a simple read-only url that is compatible with the CardDAV protocol?

And if not - are there then some other protocol that supports something like that?

mr_lou
  • 1,910
  • 2
  • 14
  • 26
  • 1
    How are you going to stop me changing a contact in my phone? – RiggsFolly Jan 30 '23 at 16:45
  • Read again. I don't care if they change it - as long as it isn't written back to the BI system, which is impossible since I don't (wish to) provide an interface for that. – mr_lou Jan 30 '23 at 19:12

1 Answers1

1

It isn't possible with a single endpoint URL, but it isn't super complicated either. To make it read only, you'll reject PUTs w/ a "403 Forbidden" and optionally also add the relevant WebDAV permission properties (though many clients might ignore those).

You'll need:

  • One endpoint for the CardDAV principal record, this represents the user accessing your system and points the client to the "CardDAV home". It is a simple XML document in response to a PROPFIND.
  • One endpoint for the CardDAV "home", this is a WebDAV collection that contains the "contact folders" you expose, quite likely just one. This is also a simple XML, again hit with a PROPFIND.
  • One endpoint representing the CardDAV contacts folder, this is the thing pointing to the actual vCard resources. An XML that lists the URLs for the contained vCards, again hit with a PROPFIND.
  • Well, and one endpoint for each vCard, this is queried w/ a GET. (and if you want to allow creation/modification/deletion, w/ a PUT or DELETE)

This is a great resource on the protocol: https://sabre.io/dav/carddav/

Another option might be LDAP, but that's a little more complicated than CardDAV. (You could use openldap to serve the protocol, and fill it using LDIF files).

hnh
  • 13,957
  • 6
  • 30
  • 40