WebDAV Setup: Difference between revisions

From Research
Jump to navigation Jump to search
← Older editNewer edit →
No edit summary
No edit summary
Line 1: Line 1:
Here is a reference-setup, for DAV-enabling a server.  This was all placed in the file '''/etc/apache2/modules.d/45_mod_dav.conf'''.
For Apache 2.2.4, here is a reference-setup, for DAV-enabling a server.  This was all placed in the file '''/etc/apache2/modules.d/45_mod_dav.conf'''.


  <IfDefine DAV>
  <IfDefine DAV>
Line 44: Line 44:
  #        There will be times when it's sufficient for an authenticated-user to be
  #        There will be times when it's sufficient for an authenticated-user to be
  #        authourized and granted access; it they're good in LDAP, they're OK by me.
  #        authourized and granted access; it they're good in LDAP, they're OK by me.
          AuthzLDAPAuthoritative off  # authourization will now pass to mod_authz_user
   
#       authourization will now pass to mod_authz_user
          AuthzLDAPAuthoritative  off
           require valid-user
           require valid-user
   
   
Line 80: Line 82:
   
   
  </IfDefine>
  </IfDefine>
<br>
===Differences with Apache 2.0.x===
*get rid of mod_auth_ldap; it isn't needed with Apache 2.2.x, but '''was''' necessary with earlier versions.
*I couldn't get <Location> containers to work in 2.2.x, where they certainly did with prior versions.  Hence the use of <Directory> above.
<br>
===Startup Directives===
These go in '''/etc/conf.d/apache2''' for Gentoo:
APACHE2_OPTS="-D DAV -D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 -D LDAP -D AUTH_LDAP"
<br>
===Testing===
*Check that DAV-root is OK, and that DAV is actually serving with DAVfs, by turning off all authentication / authourization
**change the <LIMIT> </LIMIT> containers above, to <LIMITExcept> </LIMITExcept>
**anyone, anywhere can now browse your DAV share!!  Don't put valuable stuff here, just test-files
*Before adding in the complexity of authentication, check that the server-box is able to contact the LDAP-box; this should produce a lot of LDIF output:
<font color=red>hostname</font> <font color=blue>~ #</font> '''ldapsearch -h 192.168.0.192 -D 'cn=Reader,dc=whiterock' -b "dc=whiterock" -x -s one -W'''
Enter LDAP Password: '''''<ultra_secret>'''''

Revision as of 14:37, 16 May 2007

For Apache 2.2.4, here is a reference-setup, for DAV-enabling a server. This was all placed in the file /etc/apache2/modules.d/45_mod_dav.conf. 

<IfDefine DAV>

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule alias_module>
#<IfModule auth_digest_module>
<IfModule authn_file_module>

DavLockDB "/var/lib/dav/lockdb"

Alias /inferno /var/dav

<IfModule authnz_ldap_module>
<Directory /var/dav>
    Dav On
    DAVMinTimeout 600

#   so we can ~see~ PHP, rather than interpret/execute
    ForceType text/plain
    DavDepthInfinity On
    Options Indexes FollowSymLinks MultiViews

#   don't give an .htaccess any any cred :-)
    AllowOverride None
    Order allow,deny
    Allow from all

     <Limit GET PUT POST DELETE PROPFIND PROPPATCH PROPFETCH MKCOL COPY MOVE LOCK UNLOCK>
         AuthType Basic
         AuthName "Dav - Restricted Access"
         AuthBasicProvider ldap
         AuthLDAPURL ldap://192.168.0.192:389/ou=users,dc=whiterock?uid?one
         AuthLDAPBindDN "cn=Reader,dc=whiterock"
         AuthLDAPBindPassword ultra_secret

# Use only one of the following possible sections.

#        Explicitly list the permitted users, ~after~ authentication has succeeded.
#        Effectively a 2nd gate, at the authourization phase.
#         require ldap-user gordonp

#        There will be times when it's sufficient for an authenticated-user to be
#        authourized and granted access; it they're good in LDAP, they're OK by me.

#        authourization will now pass to mod_authz_user
         AuthzLDAPAuthoritative  off
         require valid-user


     </Limit>

</Directory>
</IfModule>


</IfModule>
#</IfModule>
</IfModule>
</IfModule>
</IfModule>


#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a 
# problem with several clients that do not appropriately handle 
# redirects for folders with DAV methods.
#
<IfModule setenvif_module>
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
</IfModule>



</IfDefine>


Differences with Apache 2.0.x

  • get rid of mod_auth_ldap; it isn't needed with Apache 2.2.x, but was necessary with earlier versions.
  • I couldn't get <Location> containers to work in 2.2.x, where they certainly did with prior versions. Hence the use of <Directory> above.


Startup Directives

These go in /etc/conf.d/apache2 for Gentoo: 

APACHE2_OPTS="-D DAV -D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 -D LDAP -D AUTH_LDAP"


Testing

  • Check that DAV-root is OK, and that DAV is actually serving with DAVfs, by turning off all authentication / authourization
    • change the <LIMIT> </LIMIT> containers above, to <LIMITExcept> </LIMITExcept>
    • anyone, anywhere can now browse your DAV share!! Don't put valuable stuff here, just test-files
  • Before adding in the complexity of authentication, check that the server-box is able to contact the LDAP-box; this should produce a lot of LDIF output:
hostname ~ # ldapsearch -h 192.168.0.192 -D 'cn=Reader,dc=whiterock' -b "dc=whiterock" -x -s one -W
Enter LDAP Password: <ultra_secret>
Retrieved from "https://research.iat.sfu.ca/research/index.php?title=WebDAV_Setup&oldid=4018"