Search code examples
phpvcf-vcardcarddavsabredav

Serve Contacts Only - similar to CardDAV

I've created a rather large Business Intelligence System over the years. It already offers vCard export of customers and contacts. But this of course is a tedious process, where each employee has to manually import the vCard file on their phones.

So I was reading about CardDAV and thought this might be a better solution. However, all I really need is to be able to provide a read-only source for contacts. It should not be possible for anyone to make changes to the contacts (well, except temporarily in their own phonebook - until next synchronization happens). And all other functionality isn't interesting either. I only need the "synchronize contacts from BI to phones" part.

I was hoping it would be simple. Something along the lines of just using the url to the vCard generated file (or PHP file that generates it). But I can see this question has been asked a few times before, and no one has given any answers, so I guess it's not as simple as that.

Can anyone share some light on this? Is it possible to just provide a simple read-only url that is compatible with the CardDAV protocol?

And if not - are there then some other protocol that supports something like that?

Solution

  • It isn't possible with a single endpoint URL, but it isn't super complicated either. To make it read only, you'll reject PUTs w/ a "403 Forbidden" and optionally also add the relevant WebDAV permission properties (though many clients might ignore those).

    You'll need:

    • One endpoint for the CardDAV principal record, this represents the user accessing your system and points the client to the "CardDAV home". It is a simple XML document in response to a PROPFIND.
    • One endpoint for the CardDAV "home", this is a WebDAV collection that contains the "contact folders" you expose, quite likely just one. This is also a simple XML, again hit with a PROPFIND.
    • One endpoint representing the CardDAV contacts folder, this is the thing pointing to the actual vCard resources. An XML that lists the URLs for the contained vCards, again hit with a PROPFIND.
    • Well, and one endpoint for each vCard, this is queried w/ a GET. (and if you want to allow creation/modification/deletion, w/ a PUT or DELETE)

    This is a great resource on the protocol: https://sabre.io/dav/carddav/

    Another option might be LDAP, but that's a little more complicated than CardDAV. (You could use openldap to serve the protocol, and fill it using LDIF files).