webdav share per user ldap authentication


 
Thread Tools Search this Thread
Operating Systems Linux Debian webdav share per user ldap authentication
# 1  
Old 01-04-2011
webdav share per user ldap authentication

hi all,

i have configured Apache with WEBDAV & my aim is sharing outlook calendars because we don't use M$ ExChange.

From outlook i did a simple test & am able to share a calendar.

I want to create share for each user & then authenticate against LDAP before they can publish their calendars.
E.g Only me who can publish(write) my calendar to folder named "coolatt" but others can subscribe & read(read-only) the calendar.

thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Emergency UNIX and Linux Support

LDAP and AD Authentication Query

Hi Friends, I have below scenarios . dom1.test.com - LDAP dom2.test.com - AD Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with dom1\username -> get authenticated by LDAP host ... (2 Replies)
Discussion started by: Shirishlnx
2 Replies

2. AIX

LDAP authentication

Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003. We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Discussion started by: Nand1010_MA
3 Replies

3. Solaris

Authentication with LDAP in opensolaris

Hi all, I have two virtual machines, one with Suse and another with opensolaris 2009.06. The ldap server is in the Suse machine. From my opensolaris, with command ldalist i can see the information about the ldap configuration, i mean, the dn: ou:.... if i type id <ldapuser> i can see the user... (0 Replies)
Discussion started by: checoturco
0 Replies

4. AIX

LDAP user authentication issue

Hello everyone, hoping you can provide some incite with a little problem I'm having.. I have the LDAP client configured and running on my AIX 5.3 server, which is authenticating against an eDirectory LDAP server. I can login via LDAP no problems on the AIX server with newly created users,... (4 Replies)
Discussion started by: j_aix
4 Replies

5. Solaris

Iplanet LDAP User Authentication on Solaris

Dear Friends, I have recently installed iplanet directory server on my Solaris 10 machine.I was able to successfully install and configure ldap on my system.Furthermore, was also able to add user entries to the LDAP database server.But now I am finding it difficult to authenticate LDAP users... (1 Reply)
Discussion started by: raunaqnilekani
1 Replies

6. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

7. Solaris

LDAP authentication

Hi folks, i have opends 1.2 manually installed subversion 1.4.3 and apache2 updated by package manager. i want to access svn using LDAP authentication its giving an error: ldap_simple_bind_s() failed. what could be the problem. i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Discussion started by: visu_buri
2 Replies

8. HP-UX

HpUx and ldap Authentication

Hi to all, i try to configure an HpUx 11.23 to use a Sun Directory Server to authenticate in system. In my ldap the users is posixAccount. I read in www that there is a sotware called LDAPUX but it use a profile, and it requires a change that i can't execute in my ldap because it is used also... (0 Replies)
Discussion started by: suuuper
0 Replies

9. Linux

LDAP authentication question

Hello, I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it. Presently, I have configured Basic authentication with apache but the security is not tight. I... (1 Reply)
Discussion started by: bptronics
1 Replies

10. Shell Programming and Scripting

Module for LDAP Authentication

Hello Everyone, I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module? Regards, Harsha (0 Replies)
Discussion started by: garric
0 Replies
Login or Register to Ask a Question
wfsctl(8)						    BSD System Manager's Manual 						 wfsctl(8)

NAME
wfsctl -- WebDAV File Sharing control utility SYNOPSYS
wfsctl command [arg] OVERVIEW
The wfsctl utility allows administrators to start, stop, and check the status of the WebDAV File Sharing service (WFS). It also allows admin- istrators to create and delete WebDAV share points. It operates by configuring the Apache httpd server. The wfsctl command requires root privileges. COMMANDS
wfsctl provides the following commands: start Enable the WFS configuration, and either start or restart the Apache web server to pick it up. If necessary, this action will create an SSL Identity matching the machine's host name as determined by the hostname(1) command, and place it in the System keychain. It will also update, if necessary, environment variable definitions for use by param- eterized httpd config files. (Note that starting the Apache web server is the equivalent of "apachectl start" which loads a launch job for the httpd process.) stop Disable the WFS configuration, and restart Apache if it's already running. status Display the status of WFS, either "enabled" or "disabled", whether or not Apache is running. shares Display existing WebDAV share points. share path Create a WebDAV share point for the specified file system path. unshare path | name Disable WebDAV for the share point at the specified file system path or share point name, and delete the share point if no other file sharing service (AFP or SMB) was enabled on that share point. diagnose Display detailed status of Apache and WebDAV-related processes. DETAILS
WebDAV File Sharing operates by: 1. Recognizing WebDAV clients when they send OPTIONS or PROPFIND directives 2. Requiring such clients to provide OD credentials 3. Assigning those authenticated users an HTTP cookie to recognize them as WebDAV clients 4. Launching an instance of the Apache httpd process on behalf of that user, configured as a WebDAV server 5. Reverse-proxying HTTP traffic to that user-specific instance of httpd, so that the WebDAV client (typically an iWork app on iOS) can access the home directory and share points on the server machine with privileges of the authenticated user 6. Recognizing share points that are marked as WebDAV share points. Depending on how Apache is configured, this can coexist with other Apache web service functions. NOTES
o WebDAV File Sharing requires SSL, and uses Basic authentication, with credentials that would otherwise be sent in the clear over the net- work. Also note that it uses Apache modules mod_ssl for SSL, and mod_authnz_od_apple for Basic authentication with OpenDirectory creden- tials. o The name "webdav" is reserved (it triggers special handling of URLs), so share point paths named "/webdav" or containing "webdav" as a subpath are not allowed. And folders named "webdav" within share points won't be usable. There are no restrictions on case variants such as "WebDAV", or other variants such as "webdav.d". o DropBox folders cannot be accessed via WebDAV File Sharing. CONFIGURABLE SETTINGS
Certain settings are kept in /etc/wfs/wfs.plist and are configurable by the administrator, including: ServerName The host name the Apache web server should use, and also the Common Name of the identity certificate. If this is not configured, or set to an empty string, the hostname(1) of the machine is used. ServerAddr The IP address the Apache web server should use to listen for HTTPS requests. Default is "*", which means all addresses. ServerPort The TCP port the Apache web server should use to listen for HTTPS requests. Default is the standard HTTPS port, 443. AccessGroup The Open Directory group allowed access to the WebDAV File Sharing service. The default is "everyone", which gives access to any authenticated user. Administrators can change this setting to restrict access further. Authenticated users will have, at most, the privileges they are normally allowed by file system permissions. There is no provision for guest access, so unauthenticated users have no access. SynthesizeSharePointForUserHomeDir Whether to allow remote WebDAV clients to see their home directory as a share point. Default is True. The Apache config file for WebDAV File Sharing is parameterized, and the httpd server is managed by the httpd-wrapper utility, which passes parameters to httpd. This is normally transparent, but note that to check the Apache config file syntax, do not use "apachectl configtest" or "httpd -t". Instead, use "httpd-wrapper -t". RETURN VALUES
wfsctl returns a status code of 0 for success. In the event of failure it returns a non-zero status, and may also dump additional diagnostic information. WEBDAV CLIENTS
o WebDAV clients must be properly configured to access WebDAV Shares on a remote host. o WebDAV clients include certain iOS apps, like Numbers, Keynote, and Pages, and the macOS Finder's Connect-to-Server. (Note that the iOS Files app does not find WebDAV File Sharing locations.) o WebDAV clients must usually be configured with a full URL of the host, with a scheme of https (since an http->https redirect is not gen- erally compatible with WebDAV operations). It's not necessary to specify /webdav in the path. So for example, the "Server Name" might be specified as: https://hostname.example.com o The configurable virtual host behavior provided by macOS Server is not available, so WebDAV clients may not be able to use alternate host names in their URLs. FILES
/etc/wfs/httpd_webdavsharing.conf The parameterized Apache config file for the main instance of httpd /etc/wfs/httpd_webdavsharing_template.conf The parameterized Apache config file for the user-specific instances of httpd /etc/wfs/httpd_webdavsharing_sharepoints.conf The Apache config file providing directives specific to each share point; dynamically generated when share points are modified by wfsctl /etc/wfs/wfs.plist The file where admin-configurable settings for WFS are stored. /Library/Server/Web/Config/apache2/WebConfigProperties.plist If macOS Server is installed and promoted, WebDAVSharing settings in this file take precedence over those in /etc/wfs/wfs.plist. /etc/apache2/env.plist The file where environment variable definitions are managed automatically; these variables are passed to httpd for use in parameter- ized config files. /Library/Logs/WebDAVFileSharing.log The main WebDAV File Sharing log file /etc/apache2/other/httpd_webdavsharing.conf A symlink seen by Apache when WebDAV File Sharing is enabled. When WebDAV File Sharing is disabled, this symlink is moved aside. /var/run/webdavsharing/<username>/ A directory created on the behalf of each authenticated user to store user-specific WebDAV File Sharing logs. /usr/share/sandbox/wfs.sb The parameterized sandbox profile for user-specific httpd instances. /etc/wfs/wfs.sb The dynamically generated portion of the sandbox profile SERVER APP
When macOS Server is installed and promoted, WebDAV File Sharing is reconfigured to support the WebDAV behaviors presented by Server: 1. macOS Server provides HTTP-based services (for Profile Manager) on standard HTTP/S TCP ports 80 and 443. So to avoid port conflict, the desktop Apache configuration (including the configuration for WebDAV File Sharing) is switched to port 81, on localhost only, and WFS traffic is reverse proxied to localhost:81. 2. macOS Server manages its own SSL certificates, and provides the SSL endpoint. So the desktop Apache configuration for WebDAV File Shar- ing is switched to non-SSL. When macOS Server is installed and promoted, it is still possible to use wfsctl to manage WebDAV share points, e. g.: sudo wfsctl share /Volumes/Data/Share1 3. Any share points created in the UI on versions of macOS Server that predate High Sierra remain across updates, and those that were marked as WebDAV share points should continue to be available after the update to High Sierra, whether or not macOS Server is installed. When macOS Server is removed or demoted, the port changes and SSL changes made at Server promotion time are reversed. SEE ALSO
httpd(8) httpd-wrapper(8) macOS Sept. 20, 2017 macOS