WebDAV Setup: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
For Apache 2.2.4, here is a reference-setup, for DAV-enabling a server. This was all placed in the file '''/etc/apache2/modules.d/45_mod_dav.conf'''. | |||
<IfDefine DAV> | <IfDefine DAV> | ||
Line 44: | Line 44: | ||
# There will be times when it's sufficient for an authenticated-user to be | # There will be times when it's sufficient for an authenticated-user to be | ||
# authourized and granted access; it they're good in LDAP, they're OK by me. | # authourized and granted access; it they're good in LDAP, they're OK by me. | ||
# authourization will now pass to mod_authz_user | |||
AuthzLDAPAuthoritative off | |||
require valid-user | require valid-user | ||
Line 80: | Line 82: | ||
</IfDefine> | </IfDefine> | ||
<br> | |||
===Differences with Apache 2.0.x=== | |||
*get rid of mod_auth_ldap; it isn't needed with Apache 2.2.x, but '''was''' necessary with earlier versions. | |||
*I couldn't get <Location> containers to work in 2.2.x, where they certainly did with prior versions. Hence the use of <Directory> above. | |||
<br> | |||
===Startup Directives=== | |||
These go in '''/etc/conf.d/apache2''' for Gentoo: | |||
APACHE2_OPTS="-D DAV -D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 -D LDAP -D AUTH_LDAP" | |||
<br> | |||
===Testing=== | |||
*Check that DAV-root is OK, and that DAV is actually serving with DAVfs, by turning off all authentication / authourization | |||
**change the <LIMIT> </LIMIT> containers above, to <LIMITExcept> </LIMITExcept> | |||
**anyone, anywhere can now browse your DAV share!! Don't put valuable stuff here, just test-files | |||
*Before adding in the complexity of authentication, check that the server-box is able to contact the LDAP-box; this should produce a lot of LDIF output: | |||
<font color=red>hostname</font> <font color=blue>~ #</font> '''ldapsearch -h 192.168.0.192 -D 'cn=Reader,dc=whiterock' -b "dc=whiterock" -x -s one -W''' | |||
Enter LDAP Password: '''''<ultra_secret>''''' |
Revision as of 14:37, 16 May 2007
For Apache 2.2.4, here is a reference-setup, for DAV-enabling a server. This was all placed in the file /etc/apache2/modules.d/45_mod_dav.conf.
<IfDefine DAV> <IfModule dav_module> <IfModule dav_fs_module> <IfModule alias_module> #<IfModule auth_digest_module> <IfModule authn_file_module> DavLockDB "/var/lib/dav/lockdb" Alias /inferno /var/dav <IfModule authnz_ldap_module> <Directory /var/dav> Dav On DAVMinTimeout 600 # so we can ~see~ PHP, rather than interpret/execute ForceType text/plain DavDepthInfinity On Options Indexes FollowSymLinks MultiViews # don't give an .htaccess any any cred :-) AllowOverride None Order allow,deny Allow from all <Limit GET PUT POST DELETE PROPFIND PROPPATCH PROPFETCH MKCOL COPY MOVE LOCK UNLOCK> AuthType Basic AuthName "Dav - Restricted Access" AuthBasicProvider ldap AuthLDAPURL ldap://192.168.0.192:389/ou=users,dc=whiterock?uid?one AuthLDAPBindDN "cn=Reader,dc=whiterock" AuthLDAPBindPassword ultra_secret # Use only one of the following possible sections. # Explicitly list the permitted users, ~after~ authentication has succeeded. # Effectively a 2nd gate, at the authourization phase. # require ldap-user gordonp # There will be times when it's sufficient for an authenticated-user to be # authourized and granted access; it they're good in LDAP, they're OK by me. # authourization will now pass to mod_authz_user AuthzLDAPAuthoritative off require valid-user </Limit> </Directory> </IfModule> </IfModule> #</IfModule> </IfModule> </IfModule> </IfModule> # # The following directives disable redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with several clients that do not appropriately handle # redirects for folders with DAV methods. # <IfModule setenvif_module> BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully </IfModule> </IfDefine>
Differences with Apache 2.0.x
- get rid of mod_auth_ldap; it isn't needed with Apache 2.2.x, but was necessary with earlier versions.
- I couldn't get <Location> containers to work in 2.2.x, where they certainly did with prior versions. Hence the use of <Directory> above.
Startup Directives
These go in /etc/conf.d/apache2 for Gentoo:
APACHE2_OPTS="-D DAV -D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 -D LDAP -D AUTH_LDAP"
Testing
- Check that DAV-root is OK, and that DAV is actually serving with DAVfs, by turning off all authentication / authourization
- change the <LIMIT> </LIMIT> containers above, to <LIMITExcept> </LIMITExcept>
- anyone, anywhere can now browse your DAV share!! Don't put valuable stuff here, just test-files
- Before adding in the complexity of authentication, check that the server-box is able to contact the LDAP-box; this should produce a lot of LDIF output:
hostname ~ # ldapsearch -h 192.168.0.192 -D 'cn=Reader,dc=whiterock' -b "dc=whiterock" -x -s one -W Enter LDAP Password: <ultra_secret>