mirror of https://github.com/tLDP/LDP
520 lines
17 KiB
Plaintext
520 lines
17 KiB
Plaintext
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
|
<article>
|
|
|
|
<artheader>
|
|
<title>Apache WebDAV and LDAP HOWTO</title>
|
|
|
|
<author>
|
|
<firstname>Saqib</firstname>
|
|
<surname>Ali</surname>
|
|
<affiliation>
|
|
<address>
|
|
<email>saqib@seagate.com</email>
|
|
</address>
|
|
</affiliation>
|
|
</author>
|
|
|
|
<revhistory>
|
|
<revision>
|
|
<revnumber>v1.1</revnumber>
|
|
<date>2001-11-29</date>
|
|
<authorinitials>sa</authorinitials>
|
|
<revremark>
|
|
</revremark>
|
|
</revision>
|
|
|
|
<revision>
|
|
<revnumber>v1.0</revnumber>
|
|
<date>2001-11-01</date>
|
|
<authorinitials>sa</authorinitials>
|
|
<revremark>
|
|
Initial public release.
|
|
</revremark>
|
|
</revision>
|
|
|
|
</revhistory>
|
|
|
|
<abstract>
|
|
<para>This document instructs how to install, configure, run
|
|
and maintain a finely-tuned Apache-based WebDAV server. </para>
|
|
</abstract>
|
|
</artheader>
|
|
|
|
|
|
<sect1 id="intro"> <title>Introduction</title>
|
|
|
|
<para> The Objective of this document is to setup a Apache based
|
|
WebDAV server that can authenticate against a LDAP server.
|
|
You will learn how to install, configure, run, maintain and
|
|
fine-tune a Apache-based WebDAV server. This document will provide
|
|
the basic groundwork for setting up a WebDAV server. It will also
|
|
provide information on fine tuning and maintaining the server. </para>
|
|
|
|
<para><emphasis role="strong">Note: If you encounter any problems
|
|
installing Apache or any of the modules please feel free to contact
|
|
me.</emphasis> </para>
|
|
|
|
<para> <emphasis role="strong"><ulink
|
|
url="http://www.stonebeat.org">WebDAV Support and Discussion Forum</ulink></emphasis> </para>
|
|
|
|
<para> <emphasis role="strong">This document is not a HOWTO on setting up
|
|
LDAP server</emphasis>. For setting up a LDAP server please visit
|
|
<ulink url="http://www.linuxdoc.org/HOWTO/LDAP-HOWTO-1.html">
|
|
http://www.linuxdoc.org/HOWTO/LDAP-HOWTO-1.html</ulink> </para>
|
|
|
|
<sect2 id="copyright">
|
|
<title>Copyright and License</title>
|
|
<para>
|
|
This document is Copyright 2001 by Saqib Ali. Permission is granted
|
|
to copy, distribute and/or modify this document under the terms of
|
|
the GNU Free Documentation License, Version 1.1 or any later version
|
|
published by the Free Software Foundation; with no Invariant
|
|
Sections, with no Front-Cover Texts, and with no Back-Cover Texts.
|
|
A copy of the license is available at
|
|
<ulink url="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</ulink>
|
|
</para>
|
|
|
|
|
|
<sect2><title>What is WebDAV</title>
|
|
|
|
<para> WebDAV stands for Web enabled Distributed Authoring and
|
|
Versioning. It provides a collaborative environment for users to
|
|
edit/manage files on web-servers. Essentially DAV is an extension
|
|
to the http protocol. </para>
|
|
</sect2>
|
|
|
|
<sect2><title>How does WebDAV work?</title>
|
|
|
|
<para><emphasis>text goes here...</emphasis></para>
|
|
</sect2>
|
|
|
|
|
|
<sect2><title>What do we need?</title>
|
|
|
|
<para>The tools needed to achieve this objective are: </para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para>Apache Web Server</para></listitem>
|
|
<listitem><para>LDAP Module for Apache</para></listitem>
|
|
<listitem><para>WebDAV Module for Apache</para></listitem>
|
|
<listitem><para>LDAP lib file</para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para><emphasis role="strong">NOTE:</emphasis> All of these packages are
|
|
free and are available for download on the net.</para>
|
|
|
|
<para>We will compile all the above mentioned packages to produce
|
|
binaries for the Web Server. The WebDAV and LDAP module will be
|
|
compiled statically into Apache. Static compilation results in
|
|
faster execution times. Apache was chosen, because it is the most
|
|
versatile web server ever to exist.
|
|
<ulink url="http://www.netcraft.com/survey/"> Market Shares for Top Web
|
|
Servers </ulink> shows that Apache has the largest web server market
|
|
share. </para>
|
|
|
|
<para>Apache is also being used by:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para><ulink url="http://www.rackspace.com">RackSpace</ulink>
|
|
- WebHosting provider</para></listitem>
|
|
<listitem><para><ulink url="http://www.cihost.com">CIHost</ulink>
|
|
- WebHosting provider</para></listitem>
|
|
<listitem><para><ulink url="http://www.slashdot.org">SlashDot</ulink>
|
|
</para></listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
|
|
<sect2><title>Assumptions</title>
|
|
|
|
<para> This document assumes that you have the following already
|
|
installed on your system. </para>
|
|
|
|
<orderedlist>
|
|
<listitem><para>gzip or gunzip - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
|
|
<listitem><para>gcc and GNU make - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
|
|
</orderedlist>
|
|
|
|
<para> The document also assumes there is a LDAP server installed
|
|
elsewhere which will be used for the authentication. </para>
|
|
</sect2>
|
|
|
|
<sect2><title>Opinions and Suggestions</title>
|
|
|
|
<para>
|
|
If you have any questions about the information available on this document,
|
|
please contact me on the following email address:
|
|
<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>
|
|
</para>
|
|
|
|
<para>
|
|
If you have commentaries and/or suggestions, please let me know as well!
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
<sect1 id="inst-webdav"> <title>Installing WebDAV services</title>
|
|
|
|
<para> Our game plan is to first install OpenLDAP package. OpenLDAP
|
|
is not required for Apache_LDAP_DAV to work, but we will need
|
|
the installed OpenLDAP lib files to compile mod_ldap. And then
|
|
we will compile Apache with mod_ldap and mod_dav. </para>
|
|
|
|
<para>
|
|
Please download the following packages.
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para><ulink url="http://www.apache.org">Apache Web Server</ulink></para></listitem>
|
|
|
|
<listitem><para><ulink url="http://www.openldap.org/">OpenLDAP</ulink>
|
|
(for LDAP lib files)</para></listitem>
|
|
|
|
<listitem><para><ulink url="http://www.webdav.org/mod_dav/">mod_dav</ulink>
|
|
(Apache module for WebDAV)</para></listitem>
|
|
|
|
<listitem><para><ulink url="http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html">mod_ldap</ulink>
|
|
(LDAP module for LDAP)</para></listitem>
|
|
</itemizedlist>
|
|
|
|
|
|
<sect2><title>Pre-Requirements</title>
|
|
|
|
<para> To compile the WebDAV service with LDAP authencation
|
|
capability, we will need to have the LDAP library files installed on
|
|
the machine. The LDAP library files will be used to compile the LDAP
|
|
module for Apache. Best way to get the LDAP library files is to
|
|
download the OpenLDAP sourcecode from
|
|
<ulink url="http://www.openldap.org">http://www.openldap.org</ulink> and
|
|
compile it to produce the required library files. You may use any
|
|
other LDAP like IPlanet as well, but I recommend an OpenSource
|
|
solution. </para>
|
|
|
|
|
|
<sect3><title>OpenLDAP lib files installation</title>
|
|
|
|
<para> Become root by using the su command: </para>
|
|
|
|
<para><command>$ su</command></para>
|
|
|
|
<para> Now change to the directory where you placed the OpenLDAP
|
|
(tar) source file into. (I use a temp directory,
|
|
<filename>/tmp/download</filename>): </para>
|
|
|
|
<para><command># cd /tmp/download</command></para>
|
|
|
|
<para> Extract the files using the gzip and tar utility: </para>
|
|
|
|
<para><command># gzip -d openldap-stable-xxxxxxx.tar.gz</command></para>
|
|
<para><command># tar -xvf openldap-stable-xxxxxxx.tar</command></para>
|
|
|
|
<para>Change to the NEW directory which was created during the
|
|
extract. </para>
|
|
|
|
<para><command># cd openldap-x.x.xx</command></para>
|
|
|
|
<para> Now you can run "<command>configure</command>" for the
|
|
openldap package. "<command>configure</command>" has many command
|
|
line options. Type "<command>configure --help</command> to see all
|
|
options. </para>
|
|
|
|
<para> For this WebServer we dont really need the LDAP deamon,
|
|
assuming there is a LDAP server running elsewhere. We just need the
|
|
LDAP lib files. Since we will not be compiling the LDAP deamon, we
|
|
will have to specify '<option>--disable-slapd</option>' as a
|
|
command line option to '<command>configure</command>':</para>
|
|
|
|
<para><command># ./configure --disable-slapd</command></para>
|
|
|
|
<para> After you are done with configuring, you can make the
|
|
dependencies for the openldap package: </para>
|
|
|
|
<para><command># ./make depend</command></para>
|
|
|
|
<para> After making the dependencies the openldap package needs to
|
|
be compiled. Use the <command>make</command> command: </para>
|
|
|
|
<para><command># ./make</command></para>
|
|
|
|
<para>If everything goes OK, you will end up with compiled version of
|
|
openldap in the current directory. Then you will need to install the
|
|
compiled binaries into appropriate places: </para>
|
|
|
|
<para><command># ./make install</command></para>
|
|
|
|
<para>Now you should have the compiled LDAP lib files required for
|
|
the mod_ldap in the correct directory structure. </para>
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
|
|
<sect2><title>Pre-configuring Apache</title>
|
|
|
|
<para> mod_dav requires that you have Apache pre-configured so that
|
|
it knows where where everything is. Change back to the directory
|
|
where you have the source files: </para>
|
|
|
|
<para><screen>
|
|
<command> # cd /tmp/download </command>
|
|
<command> # gzip -d apache_1.x.x.tar.gz </command>
|
|
<command> # tar -xvf apache_1.x.x.tar </command>
|
|
<command> # cd apache_1.x.x </command>
|
|
<command> # ./configure --prefix=/usr/local/apache </command>
|
|
</screen></para>
|
|
</sect2>
|
|
|
|
<sect2><title>Configuring and Installing mod_dav</title>
|
|
|
|
<para>As mentioned above mod_dav will be statically linked with the
|
|
Apache installation. Start by changing to the temp download
|
|
directory: </para>
|
|
|
|
<para><command># cd /tmp/download </command></para>
|
|
|
|
<para>Extract the files using the gzip and tar utilities:</para>
|
|
|
|
<para><command># gzip -d mod_dav-1.x.x.tar.gz</command></para>
|
|
<para><command># tar -xvf mod_dav-1.x.x.tar</command></para>
|
|
|
|
<para> Change to the NEW directory which was created during the
|
|
extract: </para>
|
|
|
|
<para><command># cd mod_dav-1.x.x</command></para>
|
|
|
|
<para>Now configure the mod_dav package for static linking to Apache:</para>
|
|
|
|
<para><command># ./configure --with-apache= /tmp/download/apache_1.x.x</command></para>
|
|
|
|
<para>Compile and install the files:</para>
|
|
|
|
<para><command># make </command></para>
|
|
<para><command># make install</command></para>
|
|
|
|
<para>mod_dav will have been partially compiled and placed into the
|
|
Apache tree during the make install step.</para>
|
|
</sect2>
|
|
|
|
<sect2><title>Installing and configuring mod_auth_ldap</title>
|
|
|
|
<para>Change back to the temp download directory:</para>
|
|
|
|
<para><command># cd /tmp/download</command></para>
|
|
|
|
<para>Extract the mod_auth_ldap files:</para>
|
|
|
|
<para><command># gzip -d mod _auth_ldap.tar.gz</command></para>
|
|
<para><command># tar -xvf mod_auth_ldap.tar</command></para>
|
|
|
|
<para>Now install the modauthldap files to the Apache source tree: </para>
|
|
|
|
<para><command>cd apache_x.x.x</command></para>
|
|
<para><command>mv ../modauthldap ./src/modules/ldap </command></para>
|
|
</sect2>
|
|
|
|
<sect2><title>Configuring and Installing Apache</title>
|
|
|
|
<para> Finally we have reached the destination. But it is only the
|
|
beginning....... </para>
|
|
|
|
<para> Now we are ready to compile and install Apache with WebDAV and
|
|
LDAP authentication for DAV. </para>
|
|
|
|
<para>Change back to the temp download directory:</para>
|
|
|
|
<para><command># cd /tmp/download</command></para>
|
|
|
|
<para>Change to the Apache tree directory:</para>
|
|
|
|
<para><command># cd apache-x.x.x</command></para>
|
|
|
|
<para>and configure apache for the compilation with mod_dav
|
|
and mod_auth_ldap: </para>
|
|
|
|
<para><screen>
|
|
<command> # ./configure --prefix=/usr/local/apache \
|
|
--activate-module=src/modules/ldap/mod_auth_ldap.c \
|
|
--activate-module=src/modules/dav/libdav.a
|
|
[...you can add more options here...] </command>
|
|
</screen></para>
|
|
|
|
<para>Now compile the Apache and install it into the appropriate
|
|
place: </para>
|
|
|
|
<para><command># make </command></para>
|
|
<para><command># make install</command></para>
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
<sect1 id="config-webdav"><title>Configuring and Setting up the
|
|
WebDAV services</title>
|
|
|
|
<para> Now for the easy part. In this section we will WebDAV enable a
|
|
directory under Apache root. </para>
|
|
|
|
<sect2><title>Modifications to the
|
|
<filename>/usr/local/apache/conf.httpd.con</filename></title>
|
|
|
|
<para>
|
|
Please verify that the following Apache directive appears in the
|
|
<filename>/usr/local/apache/conf/httpd.conf</filename> :</para>
|
|
|
|
<para><screen>
|
|
Addmodule mod_dav.c
|
|
</screen></para>
|
|
|
|
<para> If it does not please add it. This directive informs Apache
|
|
about DAV capability. The directive must be placed outside any
|
|
container. </para>
|
|
|
|
<para>
|
|
Next we must specify where Apache should store
|
|
the DAVLockDB file. DAVLockDB is a lock database for the WebDAV.
|
|
This directory should be writable by the httpd process.
|
|
</para>
|
|
|
|
<para>
|
|
I store the DAVLock file under <filename>/usr/local/apache/var</filename>.
|
|
I use this directory for other purposes as well. Please add the
|
|
following line to your
|
|
<filename>/usr/local/apache/conf/httpd.conf</filename> to specify
|
|
that the DAVLockDB file will be under
|
|
<filename>/usr/local/apache/var</filename> : </para>
|
|
|
|
<para><screen>
|
|
DAVLockDB /usr/local/apache/var/DAVLock
|
|
</screen></para>
|
|
|
|
<para>The directive must be placed outside any container.</para>
|
|
</sect2>
|
|
|
|
<sect2><title>Creating a directory for DAVLockDB</title>
|
|
|
|
<para> As mentioned above a directory must be created for DAVLockDB
|
|
that can be written by the web server process. Usually web server
|
|
process runs under the user '<emphasis>nobody</emphasis>' . Please
|
|
verify this for your system using the command '<command>ps -ef | grep
|
|
httpd</command>'. Under <filename>/usr/local/apache</filename> create
|
|
the directory and set the permissions on it using the following
|
|
commands: </para>
|
|
|
|
<para><screen>
|
|
<command># cd /usr/local/apache</command>
|
|
<command># mkdir var</command>
|
|
<command># chmod -R 755 var/</command>
|
|
<command># chown -R nobody var/</command>
|
|
<command># chgrp -R nobody var/</command>
|
|
</screen></para>
|
|
|
|
</sect2>
|
|
|
|
<sect2><title>Enabling DAV</title>
|
|
|
|
<para> Enabling DAV is a trivial task. To enable DAV for a directory
|
|
under Apache root, just add the following directive in the container
|
|
for that particular directory: </para>
|
|
|
|
<para><screen>
|
|
DAV On
|
|
</screen></para>
|
|
|
|
<para> This directive will enable DAV for the directory and its
|
|
sub-directories. </para>
|
|
|
|
<para>The following is a sample configuration that will enable WebDAV
|
|
and LDAP authentication on
|
|
<filename>/usr/local/apache/htdocs/DAVtest</filename>. Place this in
|
|
the <filename>/usr/local/apache/conf/httpd.conf</filename> file.
|
|
</para>
|
|
|
|
<para><screen>
|
|
<Directory /usr/local/apache/htdocs/DAVtest>
|
|
Dav On
|
|
#Options Indexes FollowSymLinks
|
|
|
|
AllowOverride None
|
|
order allow,deny
|
|
allow from all
|
|
AuthName "username_and_passwd_required"
|
|
AuthType Basic
|
|
<Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
|
|
Require valid-user
|
|
</Limit>
|
|
LDAP_Server your.ldap.server.com
|
|
LDAP_Port 007
|
|
Base_DN "o=ROOT"
|
|
|
|
UID_Attr uid
|
|
</Directory>
|
|
</screen></para>
|
|
|
|
</sect2>
|
|
|
|
<sect2><title>Create a Directory called DAVtest</title>
|
|
|
|
<para>As mentioned in a earlier section, all DAV directories have to
|
|
be writable by the WebServer process. In this example we assume
|
|
WebServer is running under username '<emphasis>nobody</emphasis>'.
|
|
This is usually the case. To check httpd is running under what user,
|
|
please use '<command>ps -ef | grep httpd</command>'. </para>
|
|
|
|
<para>Create a test directory called '<filename>DAVtest</filename>'
|
|
under <filename>/usr/local/apache/htdocs</filename> :</para>
|
|
|
|
<para><command># mkdir /usr/local/apache/htdocs/DAVtest</command></para>
|
|
|
|
<para>Change the permissions on the directory to make it is
|
|
read-writable by the httpd process. Assuming the httpd is running
|
|
under username '<emphasis>nobody</emphasis>', use the following
|
|
commands:</para>
|
|
|
|
<para><screen>
|
|
# cd /usr/local/apache/htdocs
|
|
# chmod -R 755 DAVtest/
|
|
# chown -R nobody DAVtest/
|
|
# chgrp -R nobody DAVtest/
|
|
</screen></para>
|
|
</sect2>
|
|
|
|
<sect2><title>Restart Apache</title>
|
|
|
|
<para> Finally you must run the configuration test routine that comes
|
|
with Apache to verify the syntax in <filename>httpd.conf</filename> :
|
|
</para>
|
|
|
|
<para><command># /usr/local/apache/bin/apachectl configtest</command></para>
|
|
|
|
<para>
|
|
If you get error messages please verify that you followed all of
|
|
the above mentioned steps correctly. If you can not figure out the
|
|
error message feel free to email me with the error message
|
|
(<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>).
|
|
</para>
|
|
|
|
<para>If the configtest is successful start the apache web-server: </para>
|
|
|
|
<para><command># /usr/local/apache/bin/apachectl restart</command></para>
|
|
|
|
<para>Now you have WebDAV enabled Apache Server with LDAP
|
|
authentication. </para>
|
|
|
|
<para>If you have any questions, suggestions, recommendations, kudos,
|
|
comments, or complaints, please email them to me
|
|
(<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>).
|
|
</para>
|
|
|
|
<para><emphasis role="strong">Note:</emphasis> Please free to contact
|
|
me if you encounter any problems installing Apache or any of the
|
|
modules, or if you would like upgrade your existing Apache server to
|
|
support WebDAV.</para>
|
|
|
|
<para> <emphasis role="strong"><ulink
|
|
url="http://www.stonebeat.org">WebDAV Support and Discussion Forum</ulink></emphasis> </para>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
</article>
|