Article

(View Disclaimer)

WebDAV

(Web-based Distributed Authoring and Versioning) is a web-base that allows users to edit files or manage their own files to the computer with Remote WebDAV.

Why WebDAV Web Folders?

• Access files anywhere. And easy access permissions.
• Web access to files, web browser now.
• Users can not edit files within the same time.
• Security configuration because it can use SSL Encryption to work through.
• Support access to files from Windows, Linux, Mac OS X, etc..

1. Create a directory for the webdav database.
   

   $ mkdir -p /var/lib/apache2/dav
   $ chown wwwrun.www /var/lib/apache2/dav
   
   

   Create a user:

   $ htpasswd2 /etc/apache2/dav_users <your username>
   $ chmod 755 /etc/apache2/dav_users
   
   

   Create the web directory:

   $ mkdir /srv/www/webdav
   $ chown wwwrun.www /srv/www/webdav

2. Enable DAV module
   

   $ vi /etc/sysconfig/apache2
   
   

   - add dav and dav_fs to APACHE_MODULES variable.

   Create dav file config:

   $ /etc/apache2/conf.d/dav.conf
   
   

   <IfModule mod_dav_fs.c>
   # Location of the WebDAV lock database.
   DavLockDB /var/lib/apache2/dav/lockdb
   </IfModule>
   
   <IfModule mod_dav.c>
   # XML request bodies are loaded into memory;
   # limit to 128K by default
   LimitXMLRequestBody 131072
   
   # Location of the WebDav Repository.
   Alias /webdav "/srv/www/webdav"
   
   <Directory /srv/www/webdav>
   # enable webdav for this directory
   Dav On
   Options +Indexes
   IndexOptions FancyIndexing
   AllowOverride All
   AddDefaultCharset UTF-8
   AuthType Basic
   AuthName "WebDAV Server"
   
   $ htpasswd2 -c /etc/apache2/dav_users.db <username>
   AuthUserFile /etc/apache2/dav_user
   Require
   Options None
   AllowOverride All
   Order allow,deny
   Allow from all
   </Directory>
   </IfModule>
   
   #Example dav conf: /usr/share/doc/packages/apache2/original/extra/httpd-dav.conf
   
   

   Reload Apache:

   $ rcapache2 reload
   
   

3. Test

   Access from a browser:

   http://IP Address/webdav

   - Now you can access the webdav directory.

   Access from the command line:

   - Install package "cadaver" (webdav client) from YaST.
   

   $ cadaver http://192.168.1.100/webdav
   
   

   Authentication required for WebDAV Server on server `192.168.1.100':

   Username: sontaya
   Password:
   dav:/webdav/>

4. Create a Webdav Server Certificate

   Generate an encrypted key:

   4.1) If you want to enter the key at boot time (When starting your webserver)

   $ openssl genrsa -des3 -out server.key 1024
   Generating RSA private key, 1024 bit long modulus
   ............................++++++
   ...++++++
   e is 65537 (0x10001)
   Enter pass phrase for server.key:
   Verifying - Enter pass phrase for server.key:
   
   

   4.2) Don't want to enter the key at boot time

   $ openssl rsa -in server.key -out server.key.unsecure
   
   

5. Create Certificate
   

   $ openssl req -nodes -new -keyout server.key -out webdav-server.csr
   
   

   Request Server Certificate from Cacert.org:
   Login:
   http://www.cacert.org

   No account, Register:
   https://www.cacert.org/index.php?id=1

   verify your account from email.

   $ cat webdav-server.csr
   
   

   - copy the contents

   After login, Select Server Certificates Menu > New > "paste the contents of webdav-server.csr" > Submit

   You'll receive a certificate by mail (verify your domain).

   $ cp server.crt /etc/apache2/ssl.key/
   $ cp server.crt /etc/apache2/ssl.crt/
   
   

6. Import Certificate

   Imported CAcert´s root certificate: (details will receive by mail)

   $ wget http://www.cacert.org/certs/class3.crt
   $ wget http://www.cacert.org/certs/root.crt
   
   $ mv class3.crt ca.crt
   $ cp class3.crt root.crt /etc/apache2/ssl.crt/
   
   $ vi server.ca
   "Save"
   
   

   Replace: server.key ?? / etc/apache2/ssl.key/
   and server.crt ?? / etc/apache2/ssl.crt/
   and then server.key.unsecure and server.crt (your cert).

   $ cp server.key /etc/apache2/ssl.key/
   $ cp server.crt /etc/apache2/ssl.crt/
   $ cp server.key.unsecure /etc/apache2/ssl.crt/
   
   

7. Apache SSL config
   

   $ cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost-ssl.conf
   $ vi /etc/apache2/vhosts.d/vhost-ssl.conf
   uncomment the  SSLCertificateChainFile  and  SSLCACertificatePath  lines.
   
   $ vi /etc/sysconfig/apache2
   APACHE_SERVER_FLAGS="-DSSL"
   
   

   Restart apache2:

   $ rcapache2 restart
   

8. Test access from Browser (konqueror)

   - Open program Konqueror (support webdavs protocol)

   webdavs://IP Address/webdav

   

   Click to view.

9. Configuration Apache

   Authenticaiton LDAP:

   Enable mode ssl, authnz_ldap and rewrite:

   $ a2enmod ssl
   $ a2enmod authnz_ldap
   
   

   Or edit file "/etc/sysconfig/apache2"

   - add ssl and authnz_ldap to APACHE_MODULES variable.

   Edit dav file config:

   $ vi /etc/apache2/conf.d/dav.conf
   
   

   ##Start##
   <IfModule mod_dav_fs.c>
   # Location of the WebDAV lock database.
   DavLockDB /var/lib/apache2/dav/lockdb
   </IfModule>
   
   <IfModule mod_dav.c>
   # XML request bodies are loaded into memory;
   # limit to 128K by default
   LimitXMLRequestBody 131072
   
   # Location of the WebDav Repository.
   Alias /webdav "/srv/www/webdav"
   <Directory /srv/www/webdav>
   # Enable webdav for this directory
   Dav On
   # Require SSL connection for password protection.
   SSLRequireSSL
   AuthBasicProvider ldap
   # Do basic password authentication in the clear
   AuthType Basic
   # The name of the protected area or "realm"
   AuthName "WebDAV LDAP Authorization"
   AuthLDAPURL ldap://192.168.1.11:389/dc=company?uid??(objectclass=*)
   # The LDAP query URL
   # Format: scheme://host:port/basedn?attribute?scope?filter
   # The URL below will search for all objects recursively below the basedn
   # and validate against the sAMAccountName attribute
   
   # LDAP Authentication & Authorization is final; do not check other databases
   AuthzLDAPAuthoritative on
   # Active Directory requires an authenticating DN to access records
   # This is the DN used to bind to the directory service
   # This is an Active Directory user account
   AuthLDAPBindDN cn=Administrator,dc=company
   # This is the password for the AuthLDAPBindDN user in Active Directory
   AuthLDAPBindPassword 5760urs
   # Require authentication for this Location
   Require valid-user
   Require ldap-group cn=grp_branches,ou=group,dc=company
   Options Indexes FollowSymLinks MultiViews
   AllowOverride All
   Order deny,allow
   Allow from all
   </Directory>
   </IfModule>
   ##End##
   
   

   Test:

   $ cadaver https://IP Address/webdav

10. Setting Share Directory

    - Create a group name grp_branches ldap and then add users into groups grp_branches.

    Create directory:
    

    $ mkdir /srv/www/webdav/branches
    $ mkdir /srv/www/webdav/branches/pattaya
    
    

    Set permissions
    

    $ chmod 770 /srv/www/webdav
    $ chmod 755 /srv/www/webdav/branches -R

    Create .htaccess

    $ vi /srv/www/webdav/branches/pattaya/.htaccess
    
    

    Satisfy all
    Order deny,allow
    Deny from all
    Allow from all
    AuthType Basic
    AuthName "WebDAV LDAP Authorization"
    AuthBasicProvider ldap
    AuthLDAPURL ldap://192.168.1.11:389/dc=company?uid??(objectclass=*)
    AuthzLDAPAuthoritative on
    AuthLDAPBindDN cn=Administrator,dc=company
    AuthLDAPBindPassword 5760urs
    Require ldap-user sontaya.photibut
    
    

    Description: Allows the user name distort analytical application. sontaya.photibut. Four accessible der pattaya has. Other users can not see the Four Elder pattaya can be only Four der branches.

11. Test

    Connect the test build GNOME.
    Open File Browser> File> Connect to Server.

    

    Click to view.

Tips:

-Device Clients connecting to the WebDAV Proxy Web Browser Set to the No proxy for: IP Address WebDAV Server.

If your system does not Authen Squid is not Set as the Set No proxy for that because WebDAV through ports 80 and 443 contacts.

If not, which runs through Proxy Authen MA will provide the Squid (Proxy) and followed by another WebDAV.

Troubleshooting:

- Logfile

$ tail -f /var/log/apache2/error_log

1. Error: Could not access /webdav/ (not WebDAV-enabled?):
   Solution: Change permission

   $ chmod 755 /etc/apache2/dav_users
   
   

2. Error: Client denied by server configuration:
   Solution: Change the default permissions to be less restrictive with this instead.

   <Directory />
   AllowOverride None
   Order Deny,Allow
   </Directory>
   
   

3. Error: Directory index forbidden by Options directive:
   Solution: Eenabled module AutoIndex

   Options Indexes FollowSymLinks MultiViews

4. Error: Permission denied: .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
   Solution: Check permission directory
5. Error: [error] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
   Solution: Disable AppArmor from YaST.

Links of Reference:

• http://www.tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ssl.html
• http://www.rolfs.no/2009/08/02/mount-webdav-in-ubuntulinux-from-firefox/
• http://en.opensuse.org/Webdav
• http://www.dhillonblog.com/2009/07/subversion-with-websvn-webdav-and-active-directory-or-ldap-authentication/
• http://blog.micfo.com/cpanel-hosting/permission-denied-htaccess-pcfg_openfile-unable-to-check-htaccess-file-ensure-it-is-readable/
• http://www.stern.nyu.edu/it/guides/passwordprotect.html
• http://forums.opensuse.org/archives/sf-archives/archives-network-internet/338290-apache-problem.html
• http://www.susethailand.com/index.php/en/webdav-over-ssl-using-ldap-authentication (Thai language)

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.