Hey there! Let’s talk about WebDAV today. If you don’t know what WebDAV is, I recommend you to read this wiki. It stands for Web Distributed Authoring and Versioning. It is a set of extensions to HTTP that facilitates collaborative editing and file management. In a nutshell, it enables write permission to the users, who used to have only read access afforded by HTTP. Nowadays, it can also be utilized by collaboration and versioning systems like SVN and GIT.
Now, without further adieu, let’s get into the deployment of WebDAV in our test environment. For this purpose, I’m going to use CentOS7 as my host operating system and Apache as the web server. You can use any other platform as per your preference. Similarly, I’m going to demonstrate both local and external authentications in WebDAV. For external authentication, I’m going to use OpenLDAP server that I had setup in my previous post.
Installation
First, let’s prepare our CentOS machine. If you don’t know how to install one, please read this article. If you also need help on doing your initial configuration, here’s another article for you. Once our CentOS is ready, we can start installing and configuring the necessary packages for our purpose. To setup WebDAV, all we need to install is Apache (httpd). To secure our web system with SSL, we would also prefer to install openssl and mod_ssl. And to implement LDAP based authentication in WebDAV, let’s also install mod_ldap.
[code language=”bash”]
$ sudo yum install -y httpd openssl mod_ssl mod_ldap
[/code]
Once the installation is complete, verify if WebDAV has been enabled in Apache or not. If enabled, the following output will be shown in below command.
[code language=”bash”]
$ sudo httpd -M | grep fs
dav_fs_module (shared)
[/code]
Next, let’s create a directory and start using it as WebDAV based file system.
[code langauge=”bash”]
$ sudo mkdir /home/webdav
$ sudo chown apache:apache /home/webdav
$ sudo chmod 770 /home/webdav
[/code]
Then, let’s define a config file for our WebDAV to be used by Apache.
[code langauge=”bash”]
$ sudo vi /etc/httpd/conf.d/webdav.conf
# create new
DavLockDB "/tmp/DavLock"
Alias /webdav /home/webdav
<Location /webdav>
DAV On
#SSLRequireSSL
Options None
AuthType Basic
AuthName WebDAV
AuthUserFile /etc/httpd/conf/.htpasswd
<RequireAny>
Require method GET POST OPTIONS
Require valid-user
</RequireAny>
</Location>
[/code]
Note in the configuration that I’ve defined a local authentication using AuthUserFile statement. So, I need to create user in the mentioned file. For now, I’m creating a testuser and storing its password in the authentication file.
[code language=”bash”]
htpasswd -c /etc/httpd/conf/.htpasswd testuser
[/code]
Then, let’s verify that we can access our WebDAV location using this user. To test it locally, we can use Cadaver.
[code language=”bash”]
$ sudo yum -y install cadaver
$ cadaver http://localhost/webdav
Authentication required for WebDAV on server `localhost’:
Username: testuser
Password:
dav:/webdav/> ls
Listing collection `/webdav/’: succeeded.
Coll: test 0 Jul 30 07:38
[/code]
We can also test it from our client machines like Windows, MacOS, Linux, Android, or any other compatible platform. In Windows, we can open up the Windows Explorer and add a network location. In the network address, enter the WebDAV address path and then authenticate with correct user credentials. Once connected, we can both read and write to this location.
Setting Up LDAP Authentication
In order to perform LDAP Authentication for WebDAV, we first need to have our LDAP server available. I’ve covered the installation and configuration of OpenLDAP server in my previous post. My config file to support LDAP authentication now looks like this:
[code language=”bash”]
$ sudo vi /etc/httpd/conf.d/webdav.conf
# create new
DavLockDB "/tmp/DavLock"
Alias /webdav /home/webdav
<Location /webdav>
DAV On
#SSLRequireSSL
Options None
AuthType Basic
AuthName WebDAV
AuthBasicProvider ldap
AuthLDAPURL ldap://ldap.sajjan.com.np/dc=sajjan,dc=com,dc=np?uid?sub?(objectClass=*)
Require ldap-filter objectClass=posixAccount
AuthUserFile /etc/httpd/conf/.htpasswd
<RequireAny>
Require method GET POST OPTIONS
Require valid-user
</RequireAny>
</Location>
[/code]
Let’s again verify it by using Cadaver. This time, let’s provide our LDAP user credentials.
[code language=”bash”]
$ cadaver http://localhost/webdav
Authentication required for WebDAV on server `localhost’:
Username: sajjan
Password:
dav:/webdav/> ls
Listing collection `/webdav/’: succeeded.
Coll: test 0 Jul 30 07:38
[/code]
This completes this post. I hope this has been informative. Let me know your question in the Comments section below. Thank you!
Leave a Reply