LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/howto/docbook/Apache-WebDAV-LDAP-HOWTO.sgml

520 lines
17 KiB
Plaintext
Raw Blame History

<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<article>
<artheader>
<title>Apache WebDAV and LDAP HOWTO</title>
<author>
<firstname>Saqib</firstname>
<surname>Ali</surname>
<affiliation>
<address>
<email>saqib@seagate.com</email>
</address>
</affiliation>
</author>
<revhistory>
<revision>
<revnumber>v1.1</revnumber>
<date>2001-11-29</date>
<authorinitials>sa</authorinitials>
<revremark>
</revremark>
</revision>
<revision>
<revnumber>v1.0</revnumber>
<date>2001-11-01</date>
<authorinitials>sa</authorinitials>
<revremark>
Initial public release.
</revremark>
</revision>
</revhistory>
<abstract>
<para>This document instructs how to install, configure, run
and maintain a finely-tuned Apache-based WebDAV server. </para>
</abstract>
</artheader>
<sect1 id="intro"> <title>Introduction</title>
<para> The Objective of this document is to setup a Apache based
WebDAV server that can authenticate against a LDAP server.
You will learn how to install, configure, run, maintain and
fine-tune a Apache-based WebDAV server. This document will provide
the basic groundwork for setting up a WebDAV server. It will also
provide information on fine tuning and maintaining the server. </para>
<para><emphasis role="strong">Note: If you encounter any problems
installing Apache or any of the modules please feel free to contact
me.</emphasis> </para>
<para> <emphasis role="strong"><ulink
url="http://www.stonebeat.org">WebDAV Support and Discussion Forum</ulink></emphasis> </para>
<para> <emphasis role="strong">This document is not a HOWTO on setting up
LDAP server</emphasis>. For setting up a LDAP server please visit
<ulink url="http://www.linuxdoc.org/HOWTO/LDAP-HOWTO-1.html">
http://www.linuxdoc.org/HOWTO/LDAP-HOWTO-1.html</ulink> </para>
<sect2 id="copyright">
<title>Copyright and License</title>
<para>
This document is Copyright 2001 by Saqib Ali. Permission is granted
to copy, distribute and/or modify this document under the terms of
the GNU Free Documentation License, Version 1.1 or any later version
published by the Free Software Foundation; with no Invariant
Sections, with no Front-Cover Texts, and with no Back-Cover Texts.
A copy of the license is available at
<ulink url="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</ulink>
</para>
<sect2><title>What is WebDAV</title>
<para> WebDAV stands for Web enabled Distributed Authoring and
Versioning. It provides a collaborative environment for users to
edit/manage files on web-servers. Essentially DAV is an extension
to the http protocol. </para>
</sect2>
<sect2><title>How does WebDAV work?</title>
<para><emphasis>text goes here...</emphasis></para>
</sect2>
<sect2><title>What do we need?</title>
<para>The tools needed to achieve this objective are: </para>
<itemizedlist>
<listitem><para>Apache Web Server</para></listitem>
<listitem><para>LDAP Module for Apache</para></listitem>
<listitem><para>WebDAV Module for Apache</para></listitem>
<listitem><para>LDAP lib file</para></listitem>
</itemizedlist>
<para><emphasis role="strong">NOTE:</emphasis> All of these packages are
free and are available for download on the net.</para>
<para>We will compile all the above mentioned packages to produce
binaries for the Web Server. The WebDAV and LDAP module will be
compiled statically into Apache. Static compilation results in
faster execution times. Apache was chosen, because it is the most
versatile web server ever to exist.
<ulink url="http://www.netcraft.com/survey/"> Market Shares for Top Web
Servers </ulink> shows that Apache has the largest web server market
share. </para>
<para>Apache is also being used by:</para>
<itemizedlist>
<listitem><para><ulink url="http://www.rackspace.com">RackSpace</ulink>
- WebHosting provider</para></listitem>
<listitem><para><ulink url="http://www.cihost.com">CIHost</ulink>
- WebHosting provider</para></listitem>
<listitem><para><ulink url="http://www.slashdot.org">SlashDot</ulink>
</para></listitem>
</itemizedlist>
</sect2>
<sect2><title>Assumptions</title>
<para> This document assumes that you have the following already
installed on your system. </para>
<orderedlist>
<listitem><para>gzip or gunzip - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
<listitem><para>gcc and GNU make - available from <ulink url="http://www.gnu.org">http://www.gnu.org</ulink></para></listitem>
</orderedlist>
<para> The document also assumes there is a LDAP server installed
elsewhere which will be used for the authentication. </para>
</sect2>
<sect2><title>Opinions and Suggestions</title>
<para>
If you have any questions about the information available on this document,
please contact me on the following email address:
<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>
</para>
<para>
If you have commentaries and/or suggestions, please let me know as well!
</para>
</sect2>
</sect1>
<sect1 id="inst-webdav"> <title>Installing WebDAV services</title>
<para> Our game plan is to first install OpenLDAP package. OpenLDAP
is not required for Apache_LDAP_DAV to work, but we will need
the installed OpenLDAP lib files to compile mod_ldap. And then
we will compile Apache with mod_ldap and mod_dav. </para>
<para>
Please download the following packages.
</para>
<itemizedlist>
<listitem><para><ulink url="http://www.apache.org">Apache Web Server</ulink></para></listitem>
<listitem><para><ulink url="http://www.openldap.org/">OpenLDAP</ulink>
(for LDAP lib files)</para></listitem>
<listitem><para><ulink url="http://www.webdav.org/mod_dav/">mod_dav</ulink>
(Apache module for WebDAV)</para></listitem>
<listitem><para><ulink url="http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html">mod_ldap</ulink>
(LDAP module for LDAP)</para></listitem>
</itemizedlist>
<sect2><title>Pre-Requirements</title>
<para> To compile the WebDAV service with LDAP authencation
capability, we will need to have the LDAP library files installed on
the machine. The LDAP library files will be used to compile the LDAP
module for Apache. Best way to get the LDAP library files is to
download the OpenLDAP sourcecode from
<ulink url="http://www.openldap.org">http://www.openldap.org</ulink> and
compile it to produce the required library files. You may use any
other LDAP like IPlanet as well, but I recommend an OpenSource
solution. </para>
<sect3><title>OpenLDAP lib files installation</title>
<para> Become root by using the su command: </para>
<para><command>$ su</command></para>
<para> Now change to the directory where you placed the OpenLDAP
(tar) source file into. (I use a temp directory,
<filename>/tmp/download</filename>): </para>
<para><command># cd /tmp/download</command></para>
<para> Extract the files using the gzip and tar utility: </para>
<para><command># gzip -d openldap-stable-xxxxxxx.tar.gz</command></para>
<para><command># tar -xvf openldap-stable-xxxxxxx.tar</command></para>
<para>Change to the NEW directory which was created during the
extract. </para>
<para><command># cd openldap-x.x.xx</command></para>
<para> Now you can run "<command>configure</command>" for the
openldap package. "<command>configure</command>" has many command
line options. Type "<command>configure --help</command> to see all
options. </para>
<para> For this WebServer we dont really need the LDAP deamon,
assuming there is a LDAP server running elsewhere. We just need the
LDAP lib files. Since we will not be compiling the LDAP deamon, we
will have to specify '<option>--disable-slapd</option>' as a
command line option to '<command>configure</command>':</para>
<para><command># ./configure --disable-slapd</command></para>
<para> After you are done with configuring, you can make the
dependencies for the openldap package: </para>
<para><command># ./make depend</command></para>
<para> After making the dependencies the openldap package needs to
be compiled. Use the <command>make</command> command: </para>
<para><command># ./make</command></para>
<para>If everything goes OK, you will end up with compiled version of
openldap in the current directory. Then you will need to install the
compiled binaries into appropriate places: </para>
<para><command># ./make install</command></para>
<para>Now you should have the compiled LDAP lib files required for
the mod_ldap in the correct directory structure. </para>
</sect3>
</sect2>
<sect2><title>Pre-configuring Apache</title>
<para> mod_dav requires that you have Apache pre-configured so that
it knows where where everything is. Change back to the directory
where you have the source files: </para>
<para><screen>
<command> # cd /tmp/download </command>
<command> # gzip -d apache_1.x.x.tar.gz </command>
<command> # tar -xvf apache_1.x.x.tar </command>
<command> # cd apache_1.x.x </command>
<command> # ./configure --prefix=/usr/local/apache </command>
</screen></para>
</sect2>
<sect2><title>Configuring and Installing mod_dav</title>
<para>As mentioned above mod_dav will be statically linked with the
Apache installation. Start by changing to the temp download
directory: </para>
<para><command># cd /tmp/download </command></para>
<para>Extract the files using the gzip and tar utilities:</para>
<para><command># gzip -d mod_dav-1.x.x.tar.gz</command></para>
<para><command># tar -xvf mod_dav-1.x.x.tar</command></para>
<para> Change to the NEW directory which was created during the
extract: </para>
<para><command># cd mod_dav-1.x.x</command></para>
<para>Now configure the mod_dav package for static linking to Apache:</para>
<para><command># ./configure --with-apache= /tmp/download/apache_1.x.x</command></para>
<para>Compile and install the files:</para>
<para><command># make </command></para>
<para><command># make install</command></para>
<para>mod_dav will have been partially compiled and placed into the
Apache tree during the make install step.</para>
</sect2>
<sect2><title>Installing and configuring mod_auth_ldap</title>
<para>Change back to the temp download directory:</para>
<para><command># cd /tmp/download</command></para>
<para>Extract the mod_auth_ldap files:</para>
<para><command># gzip -d mod _auth_ldap.tar.gz</command></para>
<para><command># tar -xvf mod_auth_ldap.tar</command></para>
<para>Now install the modauthldap files to the Apache source tree: </para>
<para><command>cd apache_x.x.x</command></para>
<para><command>mv ../modauthldap ./src/modules/ldap </command></para>
</sect2>
<sect2><title>Configuring and Installing Apache</title>
<para> Finally we have reached the destination. But it is only the
beginning....... </para>
<para> Now we are ready to compile and install Apache with WebDAV and
LDAP authentication for DAV. </para>
<para>Change back to the temp download directory:</para>
<para><command># cd /tmp/download</command></para>
<para>Change to the Apache tree directory:</para>
<para><command># cd apache-x.x.x</command></para>
<para>and configure apache for the compilation with mod_dav
and mod_auth_ldap: </para>
<para><screen>
<command> # ./configure --prefix=/usr/local/apache \
--activate-module=src/modules/ldap/mod_auth_ldap.c \
--activate-module=src/modules/dav/libdav.a
[...you can add more options here...] </command>
</screen></para>
<para>Now compile the Apache and install it into the appropriate
place: </para>
<para><command># make </command></para>
<para><command># make install</command></para>
</sect2>
</sect1>
<sect1 id="config-webdav"><title>Configuring and Setting up the
WebDAV services</title>
<para> Now for the easy part. In this section we will WebDAV enable a
directory under Apache root. </para>
<sect2><title>Modifications to the
<filename>/usr/local/apache/conf.httpd.con</filename></title>
<para>
Please verify that the following Apache directive appears in the
<filename>/usr/local/apache/conf/httpd.conf</filename> :</para>
<para><screen>
Addmodule mod_dav.c
</screen></para>
<para> If it does not please add it. This directive informs Apache
about DAV capability. The directive must be placed outside any
container. </para>
<para>
Next we must specify where Apache should store
the DAVLockDB file. DAVLockDB is a lock database for the WebDAV.
This directory should be writable by the httpd process.
</para>
<para>
I store the DAVLock file under <filename>/usr/local/apache/var</filename>.
I use this directory for other purposes as well. Please add the
following line to your
<filename>/usr/local/apache/conf/httpd.conf</filename> to specify
that the DAVLockDB file will be under
<filename>/usr/local/apache/var</filename> : </para>
<para><screen>
DAVLockDB /usr/local/apache/var/DAVLock
</screen></para>
<para>The directive must be placed outside any container.</para>
</sect2>
<sect2><title>Creating a directory for DAVLockDB</title>
<para> As mentioned above a directory must be created for DAVLockDB
that can be written by the web server process. Usually web server
process runs under the user '<emphasis>nobody</emphasis>' . Please
verify this for your system using the command '<command>ps -ef | grep
httpd</command>'. Under <filename>/usr/local/apache</filename> create
the directory and set the permissions on it using the following
commands: </para>
<para><screen>
<command># cd /usr/local/apache</command>
<command># mkdir var</command>
<command># chmod -R 755 var/</command>
<command># chown -R nobody var/</command>
<command># chgrp -R nobody var/</command>
</screen></para>
</sect2>
<sect2><title>Enabling DAV</title>
<para> Enabling DAV is a trivial task. To enable DAV for a directory
under Apache root, just add the following directive in the container
for that particular directory: </para>
<para><screen>
DAV On
</screen></para>
<para> This directive will enable DAV for the directory and its
sub-directories. </para>
<para>The following is a sample configuration that will enable WebDAV
and LDAP authentication on
<filename>/usr/local/apache/htdocs/DAVtest</filename>. Place this in
the <filename>/usr/local/apache/conf/httpd.conf</filename> file.
</para>
<para><screen>
&lt;Directory /usr/local/apache/htdocs/DAVtest&gt;
Dav On
#Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName "username_and_passwd_required"
AuthType Basic
&lt;Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK&gt;
Require valid-user
&lt;/Limit&gt;
LDAP_Server your.ldap.server.com
LDAP_Port 007
Base_DN "o=ROOT"
UID_Attr uid
&lt;/Directory&gt;
</screen></para>
</sect2>
<sect2><title>Create a Directory called DAVtest</title>
<para>As mentioned in a earlier section, all DAV directories have to
be writable by the WebServer process. In this example we assume
WebServer is running under username '<emphasis>nobody</emphasis>'.
This is usually the case. To check httpd is running under what user,
please use '<command>ps -ef | grep httpd</command>'. </para>
<para>Create a test directory called '<filename>DAVtest</filename>'
under <filename>/usr/local/apache/htdocs</filename> :</para>
<para><command># mkdir /usr/local/apache/htdocs/DAVtest</command></para>
<para>Change the permissions on the directory to make it is
read-writable by the httpd process. Assuming the httpd is running
under username '<emphasis>nobody</emphasis>', use the following
commands:</para>
<para><screen>
# cd /usr/local/apache/htdocs
# chmod -R 755 DAVtest/
# chown -R nobody DAVtest/
# chgrp -R nobody DAVtest/
</screen></para>
</sect2>
<sect2><title>Restart Apache</title>
<para> Finally you must run the configuration test routine that comes
with Apache to verify the syntax in <filename>httpd.conf</filename> :
</para>
<para><command># /usr/local/apache/bin/apachectl configtest</command></para>
<para>
If you get error messages please verify that you followed all of
the above mentioned steps correctly. If you can not figure out the
error message feel free to email me with the error message
(<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>).
</para>
<para>If the configtest is successful start the apache web-server: </para>
<para><command># /usr/local/apache/bin/apachectl restart</command></para>
<para>Now you have WebDAV enabled Apache Server with LDAP
authentication. </para>
<para>If you have any questions, suggestions, recommendations, kudos,
comments, or complaints, please email them to me
(<ulink url="mailto:saqib@seagate.com">saqib@seagate.com</ulink>).
</para>
<para><emphasis role="strong">Note:</emphasis> Please free to contact
me if you encounter any problems installing Apache or any of the
modules, or if you would like upgrade your existing Apache server to
support WebDAV.</para>
<para> <emphasis role="strong"><ulink
url="http://www.stonebeat.org">WebDAV Support and Discussion Forum</ulink></emphasis> </para>
</sect2>
</sect1>
</article>
View Git Blame Copy Permalink