Setting Up Apache WebDAV Storage With LDAP Authentication

Setting Up Apache WebDAV Storage With LDAP Authentication

Hey there! Let’s talk about WebDAV today. If you don’t know what WebDAV is, I recommend you to read this wiki. It stands for Web Distributed Authoring and Versioning. It is a set of extensions to HTTP that facilitates collaborative editing and file management. In a nutshell, it enables write permission to the users, who used to have only read access afforded by HTTP. Nowadays, it can also be utilized by collaboration and versioning systems like SVN and GIT.

WebDAV Logo
WebDAV Logo

Now, without further adieu, let’s get into the deployment of WebDAV in our test environment. For this purpose, I’m going to use CentOS7 as my host operating system and Apache as the web server. You can use any other platform as per your preference. Similarly, I’m going to demonstrate both local and external authentications in WebDAV. For external authentication, I’m going to use OpenLDAP server that I had setup in my previous post.

Installation

First, let’s prepare our CentOS machine. If you don’t know how to install one, please read this article. If you also need help on doing your initial configuration, here’s another article for you. Once our CentOS is ready, we can start installing and configuring the necessary packages for our purpose. To setup WebDAV, all we need to install is Apache (httpd). To secure our web system with SSL, we would also prefer to install openssl and mod_ssl. And to implement LDAP based authentication in WebDAV, let’s also install mod_ldap.

$ sudo yum install -y httpd openssl mod_ssl mod_ldap

Once the installation is complete, verify if WebDAV has been enabled in Apache or not. If enabled, the following output will be shown in below command.

$ sudo httpd -M | grep fs
dav_fs_module (shared)

Next, let’s create a directory and start using it as WebDAV based file system.

$ sudo mkdir /home/webdav
$ sudo chown apache:apache /home/webdav
$ sudo chmod 770 /home/webdav

Then, let’s define a config file for our WebDAV to be used by Apache.

$ sudo vi /etc/httpd/conf.d/webdav.conf
# create new
DavLockDB "/tmp/DavLock"
Alias /webdav /home/webdav
<Location /webdav>
    DAV On
    #SSLRequireSSL
    Options None
    AuthType Basic
    AuthName WebDAV
    AuthUserFile /etc/httpd/conf/.htpasswd
    <RequireAny>
        Require method GET POST OPTIONS
        Require valid-user
    </RequireAny>
</Location>

Note in the configuration that I’ve defined a local authentication using AuthUserFile statement. So, I need to create user in the mentioned file. For now, I’m creating a testuser and storing its password in the authentication file.

htpasswd -c /etc/httpd/conf/.htpasswd testuser

Then, let’s verify that we can access our WebDAV location using this user. To test it locally, we can use Cadaver.

$ sudo yum -y install cadaver
$ cadaver http://localhost/webdav
Authentication required for WebDAV on server `localhost':
Username: testuser
Password:
dav:/webdav/&gt; ls
Listing collection `/webdav/': succeeded.
Coll: test 0 Jul 30 07:38

We can also test it from our client machines like Windows, MacOS, Linux, Android, or any other compatible platform. In Windows, we can open up the Windows Explorer and add a network location. In the network address, enter the WebDAV address path and then authenticate with correct user credentials. Once connected, we can both read and write to this location.

Setting Up LDAP Authentication

In order to perform LDAP Authentication for WebDAV, we first need to have our LDAP server available. I’ve covered the installation and configuration of OpenLDAP server in my previous post. My config file to support LDAP authentication now looks like this:

$ sudo vi /etc/httpd/conf.d/webdav.conf
# create new
DavLockDB "/tmp/DavLock"
Alias /webdav /home/webdav
<Location /webdav>
    DAV On
    #SSLRequireSSL
    Options None
    AuthType Basic
    AuthName WebDAV
    AuthBasicProvider ldap
    AuthLDAPURL ldap://ldap.sajjan.com.np/dc=sajjan,dc=com,dc=np?uid?sub?(objectClass=*)
    Require ldap-filter objectClass=posixAccount
    AuthUserFile /etc/httpd/conf/.htpasswd
    <RequireAny>
        Require method GET POST OPTIONS
        Require valid-user
    </RequireAny>
</Location>

Let’s again verify it by using Cadaver. This time, let’s provide our LDAP user credentials.

$ cadaver http://localhost/webdav
Authentication required for WebDAV on server `localhost':
Username: sajjan
Password:
dav:/webdav/> ls
Listing collection `/webdav/': succeeded.
Coll: test 0 Jul 30 07:38

This completes this post. I hope this has been informative. Let me know your question in the Comments section below. Thank you!

Sajjan Bhattarai
System Engineer at DristiTech Pvt. Ltd.
I’m a tech-enthusiast and blogger. However, I believe “Learner” will be the best title for me. I’m mainly interested in Science, Technology and Humanity. I love solving problems and challenges. I think passion, discipline and calm nature are my key strengths. Apart from these, I’ve a highly adaptive personality because I excel at quick learning, hard-working, and thinking out-of-the-box. I share my thoughts and learning stories in my blog (https://blog.sajjan.com.np), so it’s the best place to know more about me.
Comments are closed.