10 More Discussions You Might Find Interesting
1. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
2. AIX
Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003.
We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Discussion started by: Nand1010_MA
3 Replies
3. Solaris
Hi all,
I have two virtual machines, one with Suse and another with opensolaris 2009.06.
The ldap server is in the Suse machine.
From my opensolaris, with command ldalist i can see the information about the ldap configuration, i mean, the dn: ou:....
if i type id <ldapuser> i can see the user... (0 Replies)
Discussion started by: checoturco
0 Replies
4. AIX
Hello everyone, hoping you can provide some incite with a little problem I'm having..
I have the LDAP client configured and running on my AIX 5.3 server, which is authenticating against an eDirectory LDAP server. I can login via LDAP no problems on the AIX server with newly created users,... (4 Replies)
Discussion started by: j_aix
4 Replies
5. Solaris
Dear Friends,
I have recently installed iplanet directory server on my Solaris 10 machine.I was able to successfully install and configure ldap on my system.Furthermore, was also able to add
user entries to the LDAP database server.But now I am finding it difficult to authenticate LDAP users... (1 Reply)
Discussion started by: raunaqnilekani
1 Replies
6. Red Hat
I can't seem to make sense of this.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga)
$
$ mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies
7. Solaris
Hi folks,
i have opends 1.2 manually installed
subversion 1.4.3 and apache2 updated by package manager.
i want to access svn using LDAP authentication
its giving an error:
ldap_simple_bind_s() failed.
what could be the problem.
i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Discussion started by: visu_buri
2 Replies
8. HP-UX
Hi to all,
i try to configure an HpUx 11.23 to use a Sun Directory Server to authenticate in system.
In my ldap the users is posixAccount.
I read in www that there is a sotware called LDAPUX but it use a profile, and it requires a change that i can't execute in my ldap because it is used also... (0 Replies)
Discussion started by: suuuper
0 Replies
9. Linux
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
10. Shell Programming and Scripting
Hello Everyone,
I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module?
Regards,
Harsha (0 Replies)
Discussion started by: garric
0 Replies
wfsctl(8) BSD System Manager's Manual wfsctl(8)
NAME
wfsctl -- WebDAV File Sharing control utility
SYNOPSYS
wfsctl command [arg]
OVERVIEW
The wfsctl utility allows administrators to start, stop, and check the status of the WebDAV File Sharing service (WFS). It also allows admin-
istrators to create and delete WebDAV share points. It operates by configuring the Apache httpd server. The wfsctl command requires root
privileges.
COMMANDS
wfsctl provides the following commands:
start Enable the WFS configuration, and either start or restart the Apache web server to pick it up. If necessary, this
action will create an SSL Identity matching the machine's host name as determined by the hostname(1) command, and
place it in the System keychain. It will also update, if necessary, environment variable definitions for use by param-
eterized httpd config files. (Note that starting the Apache web server is the equivalent of "apachectl start" which
loads a launch job for the httpd process.)
stop Disable the WFS configuration, and restart Apache if it's already running.
status Display the status of WFS, either "enabled" or "disabled", whether or not Apache is running.
shares Display existing WebDAV share points.
share path Create a WebDAV share point for the specified file system path.
unshare path | name Disable WebDAV for the share point at the specified file system path or share point name, and delete the share point
if no other file sharing service (AFP or SMB) was enabled on that share point.
diagnose Display detailed status of Apache and WebDAV-related processes.
DETAILS
WebDAV File Sharing operates by:
1. Recognizing WebDAV clients when they send OPTIONS or PROPFIND directives
2. Requiring such clients to provide OD credentials
3. Assigning those authenticated users an HTTP cookie to recognize them as WebDAV clients
4. Launching an instance of the Apache httpd process on behalf of that user, configured as a WebDAV server
5. Reverse-proxying HTTP traffic to that user-specific instance of httpd, so that the WebDAV client (typically an iWork app on iOS) can
access the home directory and share points on the server machine with privileges of the authenticated user
6. Recognizing share points that are marked as WebDAV share points.
Depending on how Apache is configured, this can coexist with other Apache web service functions.
NOTES
o WebDAV File Sharing requires SSL, and uses Basic authentication, with credentials that would otherwise be sent in the clear over the net-
work. Also note that it uses Apache modules mod_ssl for SSL, and mod_authnz_od_apple for Basic authentication with OpenDirectory creden-
tials.
o The name "webdav" is reserved (it triggers special handling of URLs), so share point paths named "/webdav" or containing "webdav" as a
subpath are not allowed. And folders named "webdav" within share points won't be usable. There are no restrictions on case variants such
as "WebDAV", or other variants such as "webdav.d".
o DropBox folders cannot be accessed via WebDAV File Sharing.
CONFIGURABLE SETTINGS
Certain settings are kept in /etc/wfs/wfs.plist and are configurable by the administrator, including:
ServerName The host name the Apache web server should use, and also the Common Name of the identity certificate. If this is not
configured, or set to an empty string, the hostname(1) of the machine is used.
ServerAddr The IP address the Apache web server should use to listen for HTTPS requests. Default is "*", which means all
addresses.
ServerPort The TCP port the Apache web server should use to listen for HTTPS requests. Default is the standard HTTPS port, 443.
AccessGroup The Open Directory group allowed access to the WebDAV File Sharing service. The default is "everyone", which gives
access to any authenticated user. Administrators can change this setting to restrict access further. Authenticated
users will have, at most, the privileges they are normally allowed by file system permissions. There is no provision
for guest access, so unauthenticated users have no access.
SynthesizeSharePointForUserHomeDir
Whether to allow remote WebDAV clients to see their home directory as a share point. Default is True.
The Apache config file for WebDAV File Sharing is parameterized, and the httpd server is managed by the httpd-wrapper utility, which passes
parameters to httpd. This is normally transparent, but note that to check the Apache config file syntax, do not use "apachectl configtest" or
"httpd -t". Instead, use "httpd-wrapper -t".
RETURN VALUES
wfsctl returns a status code of 0 for success. In the event of failure it returns a non-zero status, and may also dump additional diagnostic
information.
WEBDAV CLIENTS
o WebDAV clients must be properly configured to access WebDAV Shares on a remote host.
o WebDAV clients include certain iOS apps, like Numbers, Keynote, and Pages, and the macOS Finder's Connect-to-Server. (Note that the iOS
Files app does not find WebDAV File Sharing locations.)
o WebDAV clients must usually be configured with a full URL of the host, with a scheme of https (since an http->https redirect is not gen-
erally compatible with WebDAV operations). It's not necessary to specify /webdav in the path. So for example, the "Server Name" might be
specified as:
https://hostname.example.com
o The configurable virtual host behavior provided by macOS Server is not available, so WebDAV clients may not be able to use alternate host
names in their URLs.
FILES
/etc/wfs/httpd_webdavsharing.conf
The parameterized Apache config file for the main instance of httpd
/etc/wfs/httpd_webdavsharing_template.conf
The parameterized Apache config file for the user-specific instances of httpd
/etc/wfs/httpd_webdavsharing_sharepoints.conf
The Apache config file providing directives specific to each share point; dynamically generated when share points are modified by
wfsctl
/etc/wfs/wfs.plist
The file where admin-configurable settings for WFS are stored.
/Library/Server/Web/Config/apache2/WebConfigProperties.plist
If macOS Server is installed and promoted, WebDAVSharing settings in this file take precedence over those in /etc/wfs/wfs.plist.
/etc/apache2/env.plist
The file where environment variable definitions are managed automatically; these variables are passed to httpd for use in parameter-
ized config files.
/Library/Logs/WebDAVFileSharing.log
The main WebDAV File Sharing log file
/etc/apache2/other/httpd_webdavsharing.conf
A symlink seen by Apache when WebDAV File Sharing is enabled. When WebDAV File Sharing is disabled, this symlink is moved aside.
/var/run/webdavsharing/<username>/
A directory created on the behalf of each authenticated user to store user-specific WebDAV File Sharing logs.
/usr/share/sandbox/wfs.sb
The parameterized sandbox profile for user-specific httpd instances.
/etc/wfs/wfs.sb
The dynamically generated portion of the sandbox profile
SERVER APP
When macOS Server is installed and promoted, WebDAV File Sharing is reconfigured to support the WebDAV behaviors presented by Server:
1. macOS Server provides HTTP-based services (for Profile Manager) on standard HTTP/S TCP ports 80 and 443. So to avoid port conflict, the
desktop Apache configuration (including the configuration for WebDAV File Sharing) is switched to port 81, on localhost only, and WFS
traffic is reverse proxied to localhost:81.
2. macOS Server manages its own SSL certificates, and provides the SSL endpoint. So the desktop Apache configuration for WebDAV File Shar-
ing is switched to non-SSL.
When macOS Server is installed and promoted, it is still possible to use wfsctl to manage WebDAV share points, e. g.:
sudo wfsctl share /Volumes/Data/Share1
3. Any share points created in the UI on versions of macOS Server that predate High Sierra remain across updates, and those that were
marked as WebDAV share points should continue to be available after the update to High Sierra, whether or not macOS Server is installed.
When macOS Server is removed or demoted, the port changes and SSL changes made at Server promotion time are reversed.
SEE ALSO
httpd(8) httpd-wrapper(8)
macOS Sept. 20, 2017 macOS