Monday, 30 March 2009

Using WebDAV for file sharing across a company

Purpose: provide users with ability to share files across a company's WAN.

Main requirements:
  • Provide both read and write access.
  • Use LDAP for users' authorization.
  • Implement disk quotas.
Extra requirements
  • Allow users to open files "right" from the resourse.
Server: CENTOS 5.2
Clients: Windows XP SP3 with Microsoft Office 2003 installed, Linux - cadaver.

TO DO:
  1. How to open PDF files?
  2. How to set up apache to automake WebDAV directory listing (to access to files through web-browser) in encoding UTF-8 (to prevent firefox autoset character encoding to ISO-8859-1).
Based oh the following reasons:
  1. Easy configuration on firewalls.
  2. Ability to open files from file share instead of downloading-editing-uploading.
  3. Use good Apache logging facilities.
  4. All packages (except webmin) available thought standard repository.

I choose to use WebDAV on apache web server.

Installation and configuration.

Pre-requirements:
  • network installed and configured
  • configured name resolution
  1. Install apache:
    yum install httpd
  2. Make it start automatically:
    chkconfig httpd on
  3. configure apache web server:
    vim /etc/httpd/conf/httpd.conf
    change to the following:
    ServerAdmin webmaster@yourdomain.net
    ServerName servername.yourdomain.net:80
    Listen 192.168.1.1:80
  4. Make directory to store files:
    mkdir /home/webdav
    chown apache:apache /home/webdav
  5. Add group to count quota for:
    groupadd webdav
  6. Enable quota (in my case /home located on root partition). I enabled both users and groups quota, but using only group quotas. Change the following in /etc/fstab
    from:
    LABEL=/ / ext3 defaults 1 1
    to

    LABEL=/ / ext3 defaults,usrquota,grpquota 1 1

    Note:
    you have to remount disk above.
  7. Create in /root script to change file and folder ownership:
    vim /root/change-owner.sh
    Add the following
    #!/bin/bash
    chown -R :webdav /home/webdav
  8. Add this script to crontab. Note: I'll try to fing another solution for implementing quota later. I'll appretiate any reasonable advises.
    crontab -e

    */15 * * * * /root/change-owner.sh &
  9. Install webmin. Get it from http://webmin.com/
  10. Use webmin web interface http://192.168.1.1:10000 set up appropriate quota for group webdav.
  11. For LDAP administration you can use your favorite LDAP editor.
  12. I created LDAP group webdav in ou=groups,dc=domain,dc=net and add users e-mail (according my /Directory configuration I lookup the e-mail field. You can use UID field) For detaiis please read: Apache LDAP authorization
  13. Configure web directory:
    Alias /dav-metall /home/webdav

    DAV On
    AllowOverride None
    Options Indexes

    Order deny,allow
    Deny from All
    AuthName "WebDAV File Share"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    # I use e-mail field for user search
    AuthLDAPUrl ldap://your.ldap.server:389/dc=domain,dc=net?mail
    # You have to provide user to read LDAP. It depends from your LDAP #server security settings.
    AuthLDAPBindDN cn=read-user,dc=domain,dc=net
    AuthLDAPBindPassword password

    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN off

    Require ldap-group cn=webdav,ou=groups,dc=domain,dc=net
    # Below is LDAP gidNumber. All users of webdav LDAP group will have #access to share.
    Require ldap-attribute gidNumber=1028

    Satisfy any
  14. Restart apache:
    /etc/init.d/httpd restart
  15. Test on Linux:
    cadaver http://192.168.1.1/webdav
    The system asks for e-mail and password and after succesfull authorization you can use subset of linux-like commands. Try enter ?
  16. Access to WebDAV folder from Windows XP

2 comments:

Anonymous said...

Hi there,
Did you finished the todo list?
I have a problem twith the character encodings and i don't know how to solve it. Im getting mad :(

This is what I need;
2. How to set up apache to automake WebDAV directory listing (to access to files through web-browser) in encoding UTF-8 (to prevent firefox autoset character encoding to ISO-8859-1).

Thx in advence

Andrey Ivanov said...

Hi,

I have found a solution for TODO item #2. You can check http://pocake.ivanovonline.net/2009/05/apache-2-http-directory-listing.html
Sorry I forget to apply WevDAV category for the post.

Hope it helps.
Regards,
Andrey